32 C.F.R. § 2004.22
(a) Agency categories and general areas of responsibility. Federal agencies fall into three categories for the purpose of NISP responsibilities:
(b) Responsible CSA role.
(2) In general, the goal is to have one responsible CSA for each agency and for each entity, to minimize the burdens that can result from complying with differing CSA procedures and requirements.
(3) Responsible CSA for agencies:
(c) CSA responsibilities.
(2) As CSA, the CSA performs or delegates the following responsibilities:
(3) As a responsible CSA, the CSA also performs or delegates the following responsibilities:
(v) Provides and regularly updates guidance, training, training materials, and briefings to entities on:
(vii) Reviews, continuously analyzes, and adjudicates, as appropriate, reports from entities regarding events that:
(d) Non-CSA agency head responsibilities. The head of a non-CSA agency that is not a CSA component and that releases classified information to entities, performs the following responsibilities:
(4) Performs, or delegates in writing to a GCA, the following responsibilities: