48 CFR § 4.402 - General.

prev | next
4.402 General.

(a) Executive Order 12829, January 6, 1993 (58 FR 3479, January 8, 1993), entitled “National Industrial Security Program” (NISP), establishes a program to safeguard Federal Government classified information that is released to contractors, licensees, and grantees of the United States Government. Executive Order 12829 amends Executive Order 10865, February 20, 1960 (25 FR 1583, February 25, 1960), entitled “Safeguarding Classified Information Within Industry,” as amended by Executive Order 10909, January 17, 1961 (26 FR 508, January 20, 1961).

(b) The National Industrial Security Program Operating Manual (NISPOM) incorporates the requirements of these Executive orders. The Secretary of Defense, in consultation with all affected agencies and with the concurrence of the Secretary of Energy, the Chairman of the Nuclear Regulatory Commission, the Director of National Intelligence, and the Secretary of Homeland Security is responsible for issuance and maintenance of this Manual. The following publications implement the program:

(1) National Industrial Security Program Operating Manual (NISPOM) (32 CFR part 117).

(2) DoD Manual 5220.22, Volume 2, National Industrial Security Program: Industrial Security Procedures for Government Activities.

(c) Procedures for the protection of information relating to foreign classified contracts awarded to U.S. industry, and instructions for the protection of U.S. information relating to classified contracts awarded to foreign firms, are prescribed in 32 CFR 117.19.

(d) Nondefense agencies that have industrial security services agreements with DoD, and DoD components, shall use the DD Form 254, Contract Security Classification Specification, to provide security classification guidance to U.S. contractors, and subcontractors as applicable, requiring access to information classified as “Confidential”, “Secret”, or “Top Secret”.

(1) Provided that the data submittal is unclassified, the DD Form 254 shall be completed electronically in the NISP Contract Classification System (NCCS), which is accessible https://www.dcsa.mil/is/nccs/. Nondefense agencies with an existing DD Form 254 information system may use that system.


(i) A contractor, or subcontractor (if applicable), requiring access to classified information under a contract shall be identified with a Commercial and Government Entity (CAGE) code on the DD Form 254 (see subpart 4.18 for information on obtaining and validating CAGE codes).

(ii) Each location of contractor or subcontractor performance listed on the DD Form 254 is required to reflect a corresponding unique CAGE code for each listed location unless the work is being performed at a Government facility, in which case the agency location code shall be used. Each subcontractor location requiring access to classified information must be listed on the DD Form 254.

(iii) Contractor and subcontractor performance locations listed on the DD Form 254 are not required to be separately registered in the System for Award Management (SAM) solely for the purposes of a DD Form 254 (see subpart 4.11 for information on registering in SAM).

(e) Part 27, Patents, Data, and Copyrights, contains policy and procedures for safeguarding classified information in patent applications and patents.

[48 FR 42113, Sept. 19, 1983, as amended at 61 FR 31617, June 20, 1996; 73 FR 21781, Apr. 22, 2008; 84 FR 19840, May 6, 2019; 85 FR 40063, July 2, 2020; 86 FR 13794, Mar. 10, 2021; 87 FR 24844, Apr. 26, 2022; 87 FR 25572, May 2, 2022; 87 FR 49502, Aug. 10, 2022]