The Information Security (InfoSec) Program establishes policies, procedures, and requirements to protect classified and controlled unclassified information (CUI) that, if disclosed, could cause damage to national security.
InfoSec is the protection of, and mitigation of risks to, information through multi-disciplined security practices, which include briefings for individuals who have been granted access to National Security Information (NSI), the Controlled Unclassified Information (CUI) program, Communications Security (COMSEC), and various types of on-site inspections designed to ensure compliance with Executive Orders, government-wide policies, regulations, and laws.
The InfoSec Program oversees:
- National Security Information (NSI) Briefings
- Sensitive Compartmented Information (SCI) — responsibility is shared with both Personnel Security (PerSec) and the Special Security Officer (SSO)
- Classification Management
- Controlled Unclassified Information (CUI)— responsibility is shared with the Office of the Chief Information Officer (OCIO)
- Communications Security (COMSEC)
- Industrial Security Program
- Controlled Area Accreditations— responsibility is shared with the Plans, Programs & Compliance Division (PPCD) and Office of the Chief Information Officer (OCIO)’s National Security Solutions and Services (NS3)
- Document and Container Inspections
- After-Hours and Secure Area Inspections
- Security Incident Investigations
Resources
- 32 CFR Parts 2001 and 2003, Classified National Security Information
- Executive Order 13526, Classified National Security Information
- National Industrial Security Program Operating Manual (NISPOM)
- National Industrial Security Program Policy Advisory Committee (NISPPAC)
- 32 CFR Part 2002, Controlled Unclassified Information
- Executive Order 13556, Controlled Unclassified Information