The National Industrial Security Program Operating Manual (NISPOM)
July 21st, 2007
The National Industrial Security Program Operating Manual (NISPOM) provides baseline standards for the protection of classified information released or disclosed to industry in connection with classified contracts under the National Industrial Security Program (NISP). Chapter 8 addresses the information system security that must be in place. NISPOM was reissued February 28, 2006.
- Data Transmission: Information protection is required whenever classified information is to be transmitted through areas or components where individuals not authorized to have access to the information may have unescorted physical or uncontrolled electronic access to the information or communications media.
- Changes to Data (Integrity). The control of changes to data includes deterring, detecting, and reporting of successful and unsuccessful attempts to change data.
- Access Controls (Access). The IS shall store and preserve the integrity of the sensitivity of all information internal to the IS.
For data transmission, NISPOM specifies one of the protection methods to be used: "National Security Agency (NSA)-approved encryption mechanisms appropriate for the encryption of classified information."