Chapter 20-999 Related University References

  • Standard Practice Procedures for Safeguarding National Security Information.

External Requirement Federal

20-F01 Department of Defense (Dod) Industrial Security Manual for Safeguarding Classified Information


The DOD Industrial Security Manual (ISM) establishes uniform security practices within industrial plants, educational institutions, and all organizations used by prime contractors and subcontractors having classified information of the Department of Defense, certain other executive departments and agencies, or certain foreign governments.


The ISM is issued under the authority of DOD Directive 5220.22, "Department of Defense Industrial Security Program." It is applicable primarily in connection with the performance of a classified contract. It also is applicable to the safeguarding of classified information in connection with all aspects of precontract activity including the preparation of bids and proposals, precontract negotiations, and all aspects of postcontract activity. Classified grants and cooperative agreements are similarly covered. In addition, the ISM applies to the safeguarding of foreign classified information, which has been furnished to U.S. contractors and which the U.S. Government is obligated to protect in the interest of national defense.

Summary of Provisions

The ISM contains specific requirements for dealing with virtually all aspects of research security. Among the principal topics covered are the following:

a. Contractor Responsibilities

(1) appointment of a Facility Security Officer;

(2) controlling access to and disclosure of classified information;

(3) safeguarding of classified information;

(4) briefing of cleared personnel;

(5) performance of security checks;

(6) proper transmission and/or disposition of classified material;

(7) controlling disclosure of classified information at meetings, seminars, symposia, conferences, etc.;

(8) development of standard practice procedures;

(9) reporting of security violations, adverse information concerning contractor employees, and changes in contractor security procedures;

(10) investigating suspected losses or compromise of classified information;

(11) use of badges and identification cards when necessary; and

(12) not disclosing information pertaining to classified contracts or projects except as specified in ISM paragraph 5.0.

b. Handling of Classified Information

This section of the ISM contains requirements for marking, handling, storing, shipping, and destroying documents that have been classified pursuant to DD Form 254, Contract Security Classification Specifications. Extremely detailed instructions are provided. For example, "typewriter and ADP equipment ribbons used in transcribing classified material shall be safeguarded in the manner appropriate for the classification category involved, until the ribbon is cycled through the typewriter or printer a sufficient number of times [at least five] to obliterate information contained thereon."

c. Security Clearances

This section of the ISM addresses in the most part who can or should be given security clearances and at what level. In addition, if a facility, such as a campus or Laboratory, is to store classified materials or be a site where classified work is performed, then the facility itself must be cleared, and this section also contains requirements for obtaining and maintaining a facility clearance.

d. Visitor Control Procedures

This section of the ISM outlines procedures for identifying, recording, categorizing, and controlling visitors to a cleared facility. Other visits that might have security implications which are covered are visits by cleared individuals to foreign countries.

e. Consultants

Different requirements apply depending on whether the consultant does not possess classified material except at the contractor's or agency's cleared facility (Type A); possesses classified material at the consultant's place of business or residence and has full responsibility for the security of that material (Type B); or possesses classified material at the facility of the cleared consultant's employer (Type C). With respect to University employees who do classified consulting work, Type A consultants would be able to have access to classified material only at the the cleared facility where they do their consulting (e.g., DOD, NASA, JPL). Type B consultants maintain their own cleared facility and would be able to have access to classified material at their home or office; they are personally responsible to safely store classified material only in storage containers authorized by the General Services Administration. Type C consultants would be able to have access to classified material only at a cleared University facility (e.g., Scripps Institution of Oceanography) when the University has agreed to be responsible for security of the classified material. (Additional information may be found in the ISM.)

f. Security Briefings

This appendix to the ISM outlines the elements of the security briefing that the contractor is responsible for giving to all its cleared employees, Type A consultants, and temporary help supplier personnel. The typical briefing would summarize the threat posed by the activities of foreign intelligence operatives, how to recognize possible approaches, and when and where to report suspicious activity.

g. Guidance for Contractor Self-Inspection

This appendix to the ISM also contains questions that will help pinpoint any weaknesses in the contractor's research security program and prepare for inspection by the Cognizant Security Officer (i.e., the Director of Industrial Security who has jurisdiction over the geographical area in which the facility is located).

Primary University Responsibility

The University's Research Security Officer, located in the Office of the President, is responsible for ensuring that the requirements of the ISM that apply to the University are met.

University Policy Implementation

The Universitywide Standard Practice Procedures for Safeguarding National Security Information implements the requirements of the ISM.


20-FO3 Department of Defense Form DD254, Contractor Security Classification Specification (sample)