32 C.F.R. § 117.7
(b) Contractor Security Officials. Contractors will appoint security officials who are U.S. citizens, except in exceptional circumstances (see § 117.9(m) and § 117.11(e)).
(1) Appointed security officials listed in paragraphs (b)(2), (b)(3), and (b)(4) of this section must:
(2) SMO. The SMO will:
(3) FSO. The FSO will:
(4) ITPSO. The ITPSO will establish and execute an insider threat program.
(c) Other KMP. In addition to the SMO, the FSO, and the ITPSO, the contractor will include on the KMP list, subject to CSA concurrence, any other officials who either hold majority interest or stock in the entity, or who have direct or indirect authority to influence or decide issues affecting the management or operations of the contractor or issues affecting classified contract performance. The CSA may either:
(2) Allow the entity to formally exclude these KMP from access to classified information. The entity's governing board will affirm the exclusion by issuing a formal action (see table), and provide a copy of the exclusion action to the CSA. The entity's governing board will document this exclusion action.
| Type of affirmation | Language to be used in exclusion action |
|---|---|
| Affirmation for Exclusion from Access to Classified Information | [Insert name and address of entity or name and position of officer, director, partner, or similar entity official or officials] will not require, will not have, and can be effectively and formally excluded from, access to all classified information disclosed to the entity and does not occupy a position that would enable them to adversely affect the organization's policies or practices in the performance of classified contracts. |
| Affirmation for Exclusion from Higher-level Classified Information | [Insert name and address of entity or name and position of officer, director, partner, or similar entity official or officials] will not require, will not have, and can be effectively and formally excluded from access to [insert SECRET or TOP SECRET] classified information and does not occupy a position that would enable them to adversely affect the organization's policies or practices in the performance of [insert SECRET or TOP SECRET] classified contracts. |
(f) Cooperation with Federal agencies. Contractors will cooperate with Federal agencies and their officially credentialed USG or contractor representatives during official reviews, investigations concerning the protection of classified information, or personnel security investigations of present or former employees and others (e.g., consultants or visitors). At a minimum, cooperation includes:
(ii) Procedures.
(iii) Controlled unclassified information (CUI). 32 CFR part 2002 requires agencies to implement CUI requirements, but compliance with CUI requirements is outside the scope of the NISP and this rule. However, CSAs may conduct CUI assessments in conjunction with NISP USG reviews when:
(2) Contractor reviews. Contractors will review their security programs on a continuing basis and conduct a formal self-inspection at least annually and at intervals consistent with risk management principles.
(o) Complaints and suggestions. Contractors may forward NISP administration complaints and suggestions to the Director of ISOO. However, contractors are encouraged to forward NISP administration complaints and suggestions to their respective CSA prior to forwarding to the ISOO.
| Addressee | Mailing address | Telephone No. | Facsimile | Email address |
|---|---|---|---|---|
| Director, ISOO, National Archives and Records Administration | 700 Pennsylvania Avenue NW, Room 100, Washington, DC 20408-0001 | 202-357-5250 | 202-357-5907 | isoo@nara.gov. |