National Policy Governing the Release of Information Assurance (IA) Products and Services to Authorized U.S. Persons or Activities that are Not a Part of the Federal Government [open pdf - 227KB]
"Information Assurance (IA) is the protection of information in information systems by ensuring its availability, integrity, authentication, confidentiality, and non-repudiation. Often, it is necessary to communicate securely with U.S. persons or activities that are not part of the U.S. Government. In such instances, it is the responsibility of both parties to ensure the confidentiality of the information being exchanged. 2. This policy assigns responsibilities and establishes the criteria to be applied when U.S. Government activities provide IA products and services, to other U.S. persons or activities that are not a part of the federal government. This policy supersedes NCSC 2, National Policy on Release of Communications Security Information to U.S. Contractors and Other U.S. Nongovernmental Sources, dated 7 July 1983. 3. Representatives of the Committee on National Security Systems (CNSS) may obtain additional copies of this policy from the Secretariat. 4. U.S. Government contractors and vendors shall contact their appropriate government agency or Contracting Officer Representative regarding distribution of this document."
CNSS Policy No. 14
Committee on National Security Systems: http://www.cnss.gov