[Code of Federal Regulations]
[Title 32, Volume 1, Parts 1 to 190]
[Revised as of July 1, 1998]
From the U.S. Government Printing Office via GPO Access
[CITE: 32CFR159a.93]

[Page 861-862]
 
                       TITLE 32--NATIONAL DEFENSE
 
              CHAPTER I--OFFICE OF THE SECRETARY OF DEFENSE
 
PART 159a--INFORMATION SECURITY PROGRAM REGULATION--Table of Contents
 
                      Subpart N--Program Management
 
Sec. 159a.93  DoD components.

    (a) General. The head of each DoD Component shall establish and 
maintain an Information Security Program designed to ensure compliance 
with the provisions of this part throughout the Component.
    (b) Military Departments. In accordance with 32 CFR part 159 the 
Secretary of each Military Department shall designate a Senior 
Information Security Authority who shall be responsible for complying 
with and implementing this part within the Department.
    (c) Other Components. In accordance with 32 CFR part 159, the head 
of each other DoD Component shall designate a Senior Information 
Security Authority who shall be responsible for complying

[[Page 862]]

with and implementing this Regulation within their respective Component.
    (d) Program Monitorship. The Senior Information Security Authorities 
designated under paragraphs (b) and (c) of this section, are responsible 
within their respective jurisdictions for monitoring, inspecting with or 
without prior announcement, and reporting on the status of 
administration of the DoD Information Security Program at all levels of 
activity under their cognizance.
    (e) Field Program Management. (1) Throughout the Department of 
Defense, the head of each activity shall appoint, in writing, an 
official to serve as security manager for the activity. This official 
shall be responsible for the administration of an effective Information 
Security Program in that activity with particular emphasis on security 
education and training, assignment of proper classifications, 
downgrading and declassification, safeguarding, and monitorship, to 
include sampling classified documents for the purpose of assuring 
compliance with this part.
    (2) Activity heads shall ensure that officials appointed as security 
managers either possess, or obtain within a reasonable time after 
appointment, knowledge of and training in the Information Security 
Program commensurate with the needs of their positions. The Director of 
Security Plans and Programs, ODUSD(P) shall, with the assistance of the 
Director, Defense Security Institute, develop minimum standards for 
training of activity security managers. Such training should result in 
appropriate certifications to be recorded in the personnel files of the 
individuals involved.
    (3) Activity heads shall ensure that officials appointed as security 
managers are authorized direct and ready access to the appointing 
official on matters concerning the Information Security Program. They 
also shall provide sufficient resources of time, staff, and funds to 
permit accomplishment of the security manager's responsibilities, to 
include meaningful oversight of the Information Security Program at all 
levels of the activity.