"This policy defines a minimum level of protection for automated information systems operated by executive branch, agencies and departments of the Federal Government and their contractors. The private sector is encouraged to apply the precepts of this policy wherever it perceives the need. Questions pertaining to this policy should be directed to the Executive Secretary, National Telecommunications and Information Systems Security Committee (NTISSC), Fort George G. Meade, MD 2O755-6000."
NTISSP No. 200
Committee on National Security Systems: http://www.cnss.gov/