32 CFR § 2004.20 - National Industrial Security Program Executive Agent and Operating Manual.

(a) The executive agent (EA) for NISP is the Secretary of Defense. The EA:

(1) Provides industrial security services for agencies that are not CSAs but that release classified information to entities. The EA provides industrial security services only through an agreement with the agency. Non-CSA agencies must enter an agreement with the EA and comply with EA industrial security service processes before releasing classified information to an entity;

(2) Provides services for other CSAs by agreement; and

(3) Issues and maintains the National Industrial Security Program Operating Manual (NISPOM) in consultation with all affected agencies and with the concurrence of the other CSAs.

(b) The NISPOM sets out the procedures and standards that entities must follow during all phases of the contracting process to safeguard any classified information an agency releases to an entity. The NISPOM requirements may apply to the entity directly (i.e., through FAR clauses or other contract clauses referring entities to the NISPOM) or through equivalent contract clauses or requirements documents that are consistent with NISPOM requirements.

(c) The EA, in consultation with all affected agencies and with the concurrence of the other CSAs, develops the requirements, restrictions, and safeguards contained in the NISPOM. The EA uses security standards applicable to agencies as the basis for developing NISPOM entity standards to the extent practicable and reasonable.

(d) The EA also facilitates the NISPOM coordination process, which addresses issues raised by entities, agencies, ISOO, or the NISPPAC, including requests to create or change NISPOM security standards.