32 CFR 2004.1 – Purpose and scope
(a) This part sets out the National Industrial Security Program (“NISP” or “the Program”) governing the protection of agency classified information released to Federal contractors, licensees, grantees, and certificate holders. It establishes uniform standards throughout the Program, and helps agencies implement requirements in E.O. 12829, National Industrial Security Program, as amended by E.O. 12558 and E.O.13691 (collectively referred to as “E.O. 12829”), E.O. 13691, Promoting Private Sector Cybersecurity Information Sharing, and E.O. 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information. It applies to any executive branch agency that releases classified information to current, prospective, or former Federal contractors, licensees, grantees, or certificate holders. However, this part does not stand alone; users should refer concurrently to the underlying executive orders for guidance. ISOO maintains policy oversight over the NISP as established by E.O.12829.
(b) This part also does not apply to release of classified information pursuant to criminal proceedings. The Classified Information Procedures Act (CIPA) (18 U.S.C. Appendix 3) governs release of classified information in criminal proceedings.
(c) Nothing in this part supersedes the authority of the Secretary of Energy or the Nuclear Regulatory Commission under the Atomic Energy Act of 1954, as amended (42 U.S.C. § 2011, et seq.) (collectively referred to as “the Atomic Energy Act”); the authority of the Director of National Intelligence (or any intelligence community element) under the Intelligence Reform and Terrorism Prevention Act of 2004 (Pub. L. 108-458), the National Security Act of 1947 as amended (50 U.S.C. § 401, et seq.), and E.O. 12333 (December 4, 1981), as amended by E.O. 13355, Strengthened Management of the Intelligence Community (August 27, 2004) and E.O. 13470, Further Amendments to Executive Order 12333 (July 30, 2008) (collectively referred to as “E.O. 12333”); or the authority of the Secretary of Homeland Security, as the Executive Agent for the Classified National Security Information Program established under E.O. 13549, Classified National Security Information Program for State, Local, Tribal, and Private Sector Entities (August 18, 2010), or as established by E.O. 13284, Amendment of Executive Orders, and Other Actions, in Connection with the Establishment of the Department of Homeland Security (January 23, 2003). In exercising these authorities, CSAs make every effort to facilitate reciprocity, avoid duplication of regulatory requirements, and facilitate uniform standards.