No. 1 that make maximum use of DoD Component resources and systems established to implement 32 CFR Part 285. (c) The Head of each DoD Component shall: (1) Designate a senior official who shall be responsible for the direction and administration of the Component's Information Security Program, to include active oversight, and security education and training programs to ensure implementation of DoD 5200.1R within the Component. (2) Ensure that funding and resources are adequate to carry out such oversight, and security education and training programs. (3) Consider and take action on complaints and suggestions from persons within or outside the government regarding the Component's Information Security Program. (4) Establish procedures to limit access to classified information to those who need to know. (5) Develop plans for the protection, removal, or destruction of classified material in case of fire, natural disaster, civil disturbance, terrorist activities, or enemy action. These plans shall include the treatment of classified information located in foreign countries. (d) Pursuant to E.O. 12356, the Director, National Security Agency/ Chief, Central Security Service, as the designee of the Secretary of Defense, is authorized to impose special requirements with respect to the marking, reproduction, distribution, accounting, and protection of and access to classified cryptologic information. The Director, National Security Agency/Chief, Central Security Service, will develop special procedures for the declassification review of cryptologic information. This authority may not be redelegated. 'Copies may be obtained, if needed, from the Director, Information Security Oversight, General Service Administration, Washington, DC 20405. procedures to safeguard such information; and provides for oversight and administrative sanctions for violations. § 159a.2 Applicability. This part governs the DoD Information Security Program and takes precedence over all DoD Component regulations that implement that Program. Under 32 CFR Part 159, E.O. 12356, and Information Security Oversight Office (ISOO) Directive No. 1, it establishes, for the Department of Defense, uniform policies, standards, criteria, and procedures for the security classification, downgrading, declassification, and safeguarding of information that is owned by, produced for or by, or under the control of the Department of Defense or its Components. § 159a.3 Nongovernment operations. Except as otherwise provided herein, the provisions of this part that are relevant to operations of nongovernment personnel entrusted with classified information shall be made applicable thereto by contracts or other legally binding instruments. (See DOD Directive 5220.221, DoD 5220.22-R 2, and DoD 5220.22-M 3. § 159a.4 Combat operations. The provisions of this part relating to accountability, dissemination, transmission, or safeguarding of classified information may be modified by military commanders but only to the extent necessary to meet local conditions in connection with combat or combat-related operations. Classified information should be introduced into forward combat areas or zones or areas of potential hostile activity only when essential to accomplish the military mission. 1 Copies may be obtained, if needed, from the Naval Publications and Forms Center, Attn: Code 106, 5801 Tabor Avenue, Philadelphia, PA 19120. 2 Copies may be obtained at cost, from the National Technical Information Service, 5285 Port Royal Road, Springfield, VA 22161. ' Copies may be obtained, at cost, from the Government Printing Office. § 159a.5 Atomic energy material. Nothing in this part supersedes any requirement related to "Restricted Data" in the Atomic Energy Act of August 30, 1954, as amended, or the regulations of the Department of Energy under that Act. "Restricted Data" and material designated as "Formerly Restricted Data," shall be handled, protected, classified, downgraded, and declassified to conform with Pub. L. 83-703 and the regulations issued pursuant thereto. § 159a.6 Sensitive compartmented and communications security information. (a) Sensitive Compartmented Information (SCI) and Communications Security (COMSEC) Information shall be handled and controlled in accordance with applicable national directives and DOD Directives and Instructions. Other classified information, while in established SCI or COMSEC areas, may be handled in the same manner as SCI or COMSEC information. Classification principles and procedures, markings, downgrading, and declassification actions prescribed in this part apply to SCI and COMSEC information. (b) Pursuant to 32 CFR Part 159, the Director, National Security Agency/ Chief, Central Security Service may prescribe special rules and procedures for the handling, reporting of loss, storage, and access to classified communications security devices, equipments, and materials in mobile, handheld or transportable systems, or that are used in conjunction with commercial telephone systems, or in similar circumstances where operational demands preclude the application of standard safeguards. These special rules may include procedures for safeguarding such devices and materials, and penalties for the negligent loss of government property. § 159a.7 Automatic Data Processing systems. This part applies to protection of classified information processed, stored or used in, or communicated, displayed or disseminated by an automatic data processing (ADP) system. Additional security policy, responsibil (a) Access. The ability and opportunity to obtain knowledge of classified information. (b) Apllicable Associated Markings. The markings, other than classfication markings, and warning notices listed or refered to in § 159a.31(d). (c) Carve-Out. A classified contract issued in connection with an approved Special Access Program in which the Defense Investigative Service has been relieved of inspection, responsibility in whole or in part under the Defense Industrial Security Program. (d) Classification Authority. The authority vested in an official of the Department of Defense to make an initial determination that information requires protection against unauthorized disclosure in the interest of national security. (e) Classification Guide. A document issued by an authorized original classifier that prescribes the level of classification and appropriate declassification instructions for specified information to be classified derivatively. For purposes of this part, this term does not include DD Form 254, "Contract Security Classification Specification." (f) Classified Information. Information or material that is: (1) Owned by, produced for or by, or under the control of the U.S. Government; and (2) Determined under E.O. 12356 or prior orders and this part to require protection against unauthorized disclosure; and (3) So designated. (g) Classifier. An individual who makes a classification determination and applies a security classification to information or material. A classifier may be an original classification authority or a person who derivatively assigns a security classification based • See footnote 1 to § 159a.3. on a property classified source or a classification guide. (h) Communications Security (COMSEC). The protection resulting from all measures designed to deny unauthorized persons information of value which might be derived from the possession and study of telecommunications and to ensure the authenticity of such communications. COMSEC includes cryptosecurity, emission security, transmission security, and physical security of COSMEC material and information. (i) Compromise. The disclosure of classified information to persons not authorized access thereto. (j) Confidential Source. Any individual or organization that has provided, or that may reasonably be expected to provide, information to the United States on matters pertaining to the national security with the expectation, expressed or implied, that the information or relationship, or both, be held in confidence. (k) Continental United States (CONUS). United States territory, including adjacent territorial waters, located within the North American continent between Canada and Mexico. (1) Controlled Cryptographic Item (CCI). A secure telecommunications or information handling equipment ancillary device, or associated cryptographic component, which is unclassified but controlled. (NOTE: Equipments and components so designated bear the designator "Controlled Cryptographic Item" or "CCI.") (m) Critical Nuclear Weapon Design Information. That Top Secret Restricted Data or Secret Restricted Data revealing the theory of operation or design of the components of a thermo-nuclear or implosion-type fission bomb, warhead, demolition munition or test device. Specifically excluded is information concerning arming, fuzing, and firing systems; limited life components; and total contained quantities of fissionable, fusionable, and high explosive materials by type. Among these excluded items are the components which DoD personnel set, maintain, operate, test, or replace. (n) Custodian. An individual who has possession of or is otherwise charged with the responsibility for safeguarding or accounting for classi fied information. (0) Declassification. The determination that classified information no longer requires, in the interest of national security, any degree of protection against unauthorized disclosure, together with a removal or cancellation of the classification designation. (p) Declassification Event. An event that eliminates the need for continued classification of information. (q) Derivative Classification. A determination that information is in substance the same as information currently classified, and the application of the classification markings. (r) Document. Any recorded information regardless of its physical form or characteristics, including, without limitation, written or printed matter, data processing cards and tapes, maps, charts, paintings, drawings, engravings, sketches, working notes and papers, or reproductions by any means or process, and sound, voice, magnetic or electronic recordings in any form. (s) DoD Component. The Office of the Secretary of Defense (OSD), the Military Departments, the Organization of the Joint Chiefs of Staff (OJCS), the Unified and Specified Commands, and the Defense Agencies. (t) Downgrade. A determination that classified information requires, in the interest of national security, a lower degree of protection against unauthorized disclosure than currently provided, together with a changing of the classification designation to reflect such lower degree of protection. (u) Foreign Government Information. Information that is: (1) Provided to the United States by a foreign government or governments, an international organization of governments, or any element thereof with the expectation, expressed or implied, that the information, the source of the information, or both, are to be held in confidence; or (2) Produced by the United States pursuant to or as a result of a joint arrangement with a foreign government or governments or an international organization of governments, or any element thereof, requiring that the infor mation, the arrangement, or both, are to be held in confidence. (v) Formerly Restricted Data. Information removed from the Restricted Data category upon a joint determination by the Department of Energy (or antecedent agencies) and the Department of Defense that such information relates primarily to the military utilization of atomic weapons and that such information can be safeguarded adequately as classified defense information. For purposes of foreign dissemination, however, such information is treated in the same manner as Restricted Data. (w) Information. Knowledge that can be communicated by any means. (x) Information Security. The result of any system of policies and procedures for identifying, controlling, and protecting from unauthorized disclosure, information whose protection is authorized by executive order or statute. (y) Intelligence Activity. An activity that an agency within the Intelligence Community is authorized to conduct under E.O. 12333. (z) Limited Dissemination. Restrictive controls for classified information established by an original classification authority to emphasize need-toknow protective measures available within the regular security system. (aa) Material. Any product or substance on, or in which, information is embodied. (bb) National Security. The national defense and foreign relations of the United States. (cc) Need-to-know. A determination made by a possessor of classified information that a prospective recipient, in the interest of national security, has a requirement for access to, or knowledge, or possession of the classified information in order to accomplish lawful and authorized Government purposes. (dd) Original Classification. An initial determination that information requires, in the interest of national security, protection against unauthorized disclosure, together with a classification designation signifying the level of protection required. (ee) Regrade. A determination that classified information requires a dif |