32 CFR 117.6 – Responsibilities
(a) Under Secretary of Defense for Intelligence & Security (USD(I&S)). The USD(I&S), on behalf of the Secretary of Defense, and in accordance with E.O. 12829, 32 CFR part 2004, and DoDI 5220.22:
(1) Carries out the direction in section 201 of E.O. 12829 that the Secretary of Defense issue and maintain this rule and changes to it. The USD(I&S) does so in consultation with all affected agencies (E.O. 12829 section 201), with the concurrence of the Secretary of Energy, the Chairman of the NRC, the DNI, and the Secretary of Homeland Security (E.O.12829 section 201), and in consultation with the ISOO Director (E.O. 12829 section 102).
(2) Acts as the CSA for DoD.
(3) Provides policy and management of the NISP for non-DoD executive branch agencies who enter into inter-agency security agreements with DoD to provide industrial security services required when classified information is disclosed to contractors in accordance with E.O. 12829, as amended.
(b) Director, DCSA. Under the authority, direction, and control of the USD(I&S), and in accordance with DoDI 5220.22 and DoD Directive (DoDD) 5105.42, “Defense Security Service (DSS)”
(1) Oversees and manages DCSA, which serves as the DoD CSO.
(2) Administers the NISP as a separate program element on behalf of DoD GCAs and those agencies with agreements with DoD for security services.
(3) Provides security oversight of the NISP as the DoD CSO on behalf of DoD components and those non-DoD executive branch agencies who enter into agreements with DoD as noted in paragraph (a)(3) of this section. The Director, DCSA, will be relieved of this oversight function for DoD special access programs (SAPs) when the Secretary of Defense or the Deputy Secretary of Defense approves a carve-out provision in accordance with DoDD 5205.07, “DoD SAP Policy” (available at: https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodd/520507p.pdf?ver=2020-02-04-142942-827).
(c) Secretary of Energy. In addition to the responsibilities in paragraph (h) of this section, the Secretary of Energy:
(1) Prescribes procedures for the portions of this rule pertaining to information classified under the AEA (i.e., RD, FRD, and TFNI), as nothing in the rule shall be construed to supersede the authority of the Secretary of Energy under the AEA.
(2) Retains authority over access to information classified under the AEA.
(3) Inspects and monitors contractor, licensee, certificate holder, and grantee programs and facilities that involve access to information classified under the AEA, as necessary.
(d) Chairman of the NRC. In addition to the responsibilities in paragraph (h) of this section, the Chairman of the NRC:
(1) Prescribes procedures for the portions of this rule that pertain to information under NRC programs classified under the AEA, other federal statutes, and executive orders.
(2) Retains authority over access to information under NRC programs classified under the AEA, other federal statutes, and executive orders.
(3) Inspects and monitors contractor, licensee, certificate holder, and grantee programs and facilities that involve access to information under NRC programs classified pursuant to the AEA, other federal statutes, and executive orders where appropriate.
(e) DNI. In addition to the responsibilities in paragraph (h) of this section, the DNI:
(1) Prescribes procedures for the portions of this rule pertaining to intelligence sources, methods, and activities, including, but not limited to, SCI.
(2) Retains authority over access to intelligence sources, methods, and activities, including SCI.
(3) Provides guidance on the security requirements for intelligence sources and methods of information, including, but not limited to, SCI.
(f) Secretary of Homeland Security. In accordance with E.O. 12829, E.O. 13691, and in addition to the responsibilities in paragraph (h) of this section, the Secretary of Homeland Security:
(1) Prescribes procedures for the portions of this rule that pertain to the CCIPP.
(2) Retains authority over access to information under the CCIPP.
(3) Inspects and monitors contractor, licensee, certificate holder, and grantee programs and facilities that involve access to CCIPP.
(g) All the CSA heads. The CSA heads:
(1) Oversee the security of classified contracts and activities under their purview.
(2) Provide oversight of contractors under their security cognizance.
(3) Minimize redundant and duplicative security review and audit activities of contractors, including such activities conducted at contractor locations where multiple CSAs have equities.
(4) Execute appropriate intra-agency and inter-agency agreements to avoid redundant and duplicate reviews.
(5) Designate one or more CSOs for security administration.
(6) Designate subordinate officials, in accordance with governing policies, to act as the authorizing official. Authorizing officials will:
(i) Assess and authorize contractors to process classified information on information systems.
(ii) Conduct oversight of such information system processing and provide information system security guidelines in accordance with Federal information system security control policies, standards, and procedures. Minimize redundant and duplicative security review and audit activity of contractors, including such activity conducted at contractor locations where multiple CSAs have equities.
(h) Heads of component agencies. In accordance with applicable CSA direction, the component agency heads:
(1) Oversee compliance with procedures identified by the applicable CSA or designated CSO.
(2) Provide oversight of contractor personnel visiting or working on USG installations.
(3) Promptly apprise the CSO of information received or developed that could adversely affect a cleared contractor, licensee, or grantee, and their employees, to hold an FCL or PCL, or that otherwise raises substantive doubt about their ability to safeguard classified information entrusted to them.
(4) Propose changes to this rule as deemed appropriate and provide them to the applicable CSA for submission to the OUSD(I&S) Counterintelligence, Law Enforcement and Security Directorate.
(i) Director, ISOO. The Director, ISOO:
(1) Oversees the NSIP and agency compliance with it, in accordance with E.O. 12829.
(2) Issues and maintains the NISP implementing directive (32 CFR part 2004), in accordance with E.O. 12829, to provide guidance to the CSAs and USG agencies under the NISP.
(3) Chairs the NISP Policy Advisory Committee. Addresses complaints and suggestions from contractors, as detailed in the NISP Policy Advisory Committee bylaws.