Regulations last checked for updates: Jun 01, 2024

Title 32 - National Defense last revised: May 24, 2024
All TitlesTitle 32Chapter XXPart 2004Subpart C - Subpart C—Operations
View all text of Subpart C [§ 2004.30 - § 2004.42]
§ 2004.40 - Information system security.

(a) The responsible CSA must authorize an entity information system before the entity can use it to process classified information. The CSA must use the most complete, accurate, and trustworthy information to make a timely, credible, and risk-based decision whether to authorize an entity's system.

(b) The responsible CSA issues to entities guidance that establishes protection measures for entity information systems that process classified information. The responsible CSA must base the guidance on standards applicable to Federal systems, which must include the Federal Information Security Modernization Act of 2014 (FISMA), Public Law 113-283, and may include National Institute of Standards and Technology (NIST) publications, Committee on National Security Systems (CNSS) publications, and Federal information processing standards (FIPS).

authority: Section 102(b)(1) of E.O. 12829 (January 6, 1993), as amended by E.O. 12885 (December 14, 1993), E.O. 13691 (February 12, 2015), and section 4 of E.O. 13708 (September 30, 2015)
source: 83 FR 19951, May 7, 2018, unless otherwise noted.
cite as: 32 CFR 2004.40
© 2014 CustomsMobile | Disclaimer | Privacy | About