Caveat: This edition of the Annotated Inventory of
Security Standards represents a compendium of
standards available as of this date. Readers are urged
to advise of any additional relevant documents not
addressed herein.
Editor's Note:
This Annotated Inventory of Security Standards has been
compiled by the DCI Center for Security Evaluation (CSE)
Standards Group, to assist analysts and staff members to
understand better the requirements of laws, executive
orders, and other national level standards, in applying
existing and developing new departmental and agency
security standards.
Because requirements of many relevant authority
documents tire constantly changing, CSE will annually
update this Annotated Inventory to keep it current.
OFFICIAL USE ONLY
15 September 1995
AN INVENTORY OF STANDARDS
AFFECTING SECURITY
LAWS
National Security Act of 1947 (50 USC 401)
P.L. 81--733 (1950), (5 USC 7501) Security of Government
Employees
P.L. 86-36, The National Security Agency Act of 1959 (50 USC
402)
P.L. 88-290, National Security Agency - Personnel Security
Procedures
P.L. 99-145, Defense Authorization Act, FY 88 and 89
P.L. 99-399, Omnibus Diplomatic Security and Antiterrorism
Act of 1986, as amended.
P.L. 100-204, Foreign Relations Authorization Act for FY 88
and 89
P.L. 101-246, Foreign Relations Authorization Act for FY
90 91
P.L. 102-238, Foreign Relations Authorization Act for FY 92-
93
Intelligence Authorization Act for FY 89, H.R. 4387, and
Senate Bill 1324, Section 603, amending the jurisdiction of the
FBI to investigate allegations of espionage by persons employed
by or assigned to United States Diplomatic missions abroad.
P.L. 100-235, The Computer Security Act of 1987
EXECUTIVE ORDERS
E.O. 10450, (1953) "Security Requirements For Government
Employees"
E.O. 10865, (1960) "Safeguarding Classified Information
Within Industry"
E.O. 12333, (1982) "United States Intelligence Activities"
E.O. 12356, (1982) "National Security Information"
E 0. 12829, (1993) "National Industrial Security Program."
E.O. 12958, (1995) "Classified National Security Information"
E.O. 12968, (1995) 'Access to Classified Information"
NATIONAL SECURITY DECISION DIRECTIVES (NSDs/NSDDs)
NSD 1, 30 Jan 1989, "Organization of the National Security
Council System" [by the incoming Bush Administration.]
NSD 42, 5 Jul 1990, "National Policy for the Security of
National Security Telecommunications and Information Systems
(U)"
NSD 47, 5 Oct 1990, "Counterintelligence and Security
Countermeasures."
NSD 63, 21 Oct 1991, "Single Scope Background Investigation
Standards."
NSDD 38, 2 Jun 1982, "Staffing at Diplomatic Missions and
Their Constituent Posts."
NSDD 84, Mar 1983, "Safeguarding National Security
Information."
NSDD 145, IV Sep 1984, "National Policy on
Telecommunications and Automated Information Systems Security."
(replaced by NSD 42, supra)
NSDD 196, Nov 1985, "Counterintelligence/Countermeasure
Implementation Task Force."
NSDD 197, 1 Nov 1985, "Reporting Foreign Contacts and
Security Awareness." (rescinded by PDD/NSC 12)
NSDD 298, 22 Jan 1988, "National Operations Security
Program."
PDD/NSC-12, 5 August 1993, "Security Awareness and
Reporting of Foreign Contacts."
PDD/NSC-24, 3 May 1994, "U.S. Counterintelligence
Effectiveness."
PDD/NSC-29, 16 Sep 1994, "Security Policy Coordination."
OTHER NATIONAL LEVEL ISSUANCES
Office of Management and Budget
OMB Bulletin No. 85-11, 28 Mar 1985, "Data on Security of
Automated Information Systems that Process Information Related
to the National Security Interest." (Earliest implementation of
NSDD 145.)
OMB Circular No. A-130, 12 Dec 1985, "Management of Federal
Information Resources."
OMB Bulletin No. 88-16, 1 Jul 1988, "Guidance for
Preparation and Submission of Security Plans for Federal
Computer Systems Containing Sensitive Information."
Attorney General of the United States
National Security Threat List (NSTL), 9 January 1994.
Department of Justice legal memorandum dated May 10, 1990,
"Legal Authority Underlying Communications Security Monitoring."
Attorney General "Guidelines for FBI Supervision or Conduct
of Espionage Investigations of U.S. Diplomatic Missions
Personnel Abroad," dated 17 April 1990.
DCI Directives (DCIDS)
DCID 1/7, 12 April 1995, "Security Controls on the
Dissemination of Intelligence Information."
DCID 1/14, 22 Jan 1992, "Personnel Security Standards and
Procedures Governing Eligibility for Access to Sensitive
Compartmented Information (SCI)," together with Annex A
effective 12 Auq 1994 and Annex B effective 14 April 1994
(reprint of 12 April 1995).
DCID 1/16, Jul 1988, "Security Policy for Uniform
Protection of Intelligence Processed in Automated Information
Systems and Networks."
DCID 1/19, 1 March 1995, "Security Policy for Sensitive
Compartmented Information" and "Security Policy Manual."
DCID 1/20, Dec 1991, "Security Policy Concerning Travel and
AssigrLment of Personnel with Access to Sensitive Compartmented
Information." (Annex A rescinded Dec 1994)
DCTD 1/21, 30 Jan 1994, "Physical Security Standards for
Sensitive Compartmented Information Facilities (SCIFs)."
DCID 1/22, Jul 1985, "Technical Surveillance
Countermeasures."
DCID 3/1, 15 Jun 1995, "National Foreign intelligence
Board. "
DCID 3/3, 12 June 1995, "Community Management Staff."
DCID 3/28, 13 December 1994, "Committee on International
Organized Crime Intelligence Issues."
DCI Procedural Guides 1, 2 and 3, August 1984, Technical
Surveillance Countermeasures (TSCM) (contained in one booklet).
Revised and reissued DCI Procedural Guides I and II, dated 15
April 1993, same subject, are contained in separate booklets.
NAG/CI&SCM, 9 Jan 1991, "National Advisory
Group/Counterintelligence and Security Countermeasures Advisory
1: January 1991."
National Security Telecommunications and Information
Systems Security Committee (NSTISSC) and predecessor
committees
National Security Teiecommunications and Information
Systems Security advisory Memorandum (NSTISSAM) COMPUSEC/1-90,
"Protection of Information Systems Outside the Continental
United States (OCONUS)," dated 14 Sep 1990.
National Communications Security Committee "TEMPEST
GLOSSARY" (S), dated 30 Mar 1981.
NCSC-1, 16 Jan 1981, "National Policy for Safeguarding and
Control of Communications Material."
NCSC-5, 16 Jan 1981, "National Policy on Use of
Cryptomaterial by Activities Operating in High Risk
Environments" with Appendices I and II.
NCSC-9, 1 Sep 1982, "National Communications Security
(COMSEC) Glossary" (FOUO).
NCSC-11, 3 May 1982, "National Policy for Protection of
Telecommunications Systems Handling Unclassified National
Security-Related Information."
NTISSP No. 3, 19 Dec 1988, "National Policy for Granting
Access to U.S. Classified Cryptographic Information."
NTISSD No. 500, 8 Jun 1987, "Telecommunications and
Automated Information Systems Security Education, Training and
Awareness.
NTISSD No. 600, 10 Apr 1990, "Communications Security
(COMSEC) Monitoring."
NSTISSD No. 900, 20 Mar 1991, "Governing Procedures of the
National Security Telecommunications and information Systems
Security Committee (NSTISSC)."
NSTISS Directive No. 901, 28 Sep 1992, "National Security
Telecommunications and Information Systems Security (NSTISS)
Issuance System."
NACSI No. 4005, 12 Oct 1979, National COMSEC Instruction,
"Safeguarding and Control of Communications Security Material."
NACSI No. 4008, 4 Mar 1982, National COMSEC Tnstruction,
"Safeguarding COMSEC Facilities."
NTISSI No. 3013, 8 Feb 1990, "Operational Security Doctrine
I
for the Secure Telephone Unit III (STU-111), Type I Terminal."
ANNEX E, 22 Feb 1991, "System Security Guidance for the
Motorola Vehicular-Mounted STU-III Cellular Telephone (Type 1)"
ANNEX F, 22 Feb 1991, " Supplemental Operational Security
Doctrine for the STU-III/A Terminal (Type 1)."
ANNEX G, 22 Feb 1991, "System Security Guidance for the
AT&T STU-III Access Control System (SACS) (Type 1)."
ANNEX H, 27 Nov 1991, "STU-III Data Port Guidance."
NSTISSI No. 3017, 11 Sep 1991, "Operational Security
Doctrine for Stand-Alone KG-84, KG-84A, and KG-84C."
NSTTSST No. 4000, 1 Feb 1991, "Communications Security
Equipment Maintenance and Maintenance Training."
NTISSI No. 4001, 14 Mar 1985, "Controlled Cryptographic
Items."
NTTSST No. 4002, 5 Jun 1986, "Classification Guide for
COMSEC Information."
NSTISSI No. 4003, 2 Dec 1991, "Reporting and Evaluating
COMSFC Incidents." (Supersedes NTISSI 4003, 3 Nov 86)
NTISSI No. 4004, 11 Mar 198-7, "Routine Destruction and
Emergency Protection of COMSEC Material."
NTISSI No. 4005, 17 Jul 1987, "Control of TOP SECRET Keying
Material."
NSTISSI No. 4006, 2 Dec 1991, "Controlling Authorities for
COMSEC Material." (Supersedes NTISSI No. 4006, 2 May 89)
NSTISSI No. 4009, 5 June 1992, "National Information
Systems Security (INFOSEC) Glossary."
NSTISSI No. 7000, 29 Nov 1993, "TEMPEST Countermeasures for
Facilities."
NTISSP No. 200, 15 Jul 198-7, "National Policy on Controlled
Access Protection (for automated information systems]."
NTISSP No. 300, 3 Oct 1988, "National Policy on Control of
Compromising Emanations."
NTISSAM COMSEC/1-85, 19 Oct 1985, "Advisory Memorandum on
Release of Communications Security Equipment, Material or
Information to Foreign Enterprises."
NTISSAM COMPUSEC/1-87, 16 Jan 1987, "Advisory Memorandum on
Office Automation Security Guideline."
NSTISSAM COMPUSEC/1-90, 14 Sep 1990, "Protection of Information Systems (IS)
outside the Continental United States (OCONUS)."
NACSI 4000A, 9 Feb 1984, "Guidelines for the Conduct of
Communications Security (COMSEC) Monitoring Activities."
NACSIM 4004, 3 Jul 1980, "Communications Security Survey
Guide."
NACSIM 5000, 1 Feb 1982, "TEMPEST Fundamentals."
NACSIM 5203, 30 Jun 1982, "Guideiines for Facility Design
and Red/Black Installation."
NSTISSAM TEMPEST/1-92, 15 Dec 1992, "Compromising
Emanations Laboratory Test Requirements, Electromagnetics."
[Note: Supersedes NSTISSAM TEMPEST 1-91 of 21 Mar 1991;
NSTISSAM TEMPEST 1-91 superseded NACSIM 5100A of 1981.]
NSTISSAM TEMPEST/1-93, 30 Aug 1993, "Compromising
Emanations Field Test Requirements Electromagnetics."
(Supersedes NACSEM 5110 of July 1973.) (U)
NSTISSAM TEMPEST 2-91, 20 Dec 1991, "Compromising
Emanations Analysis Handbook." (Supersedes NACSEM No. 5106)
NSTISSAM TEMPEST 3-91, 20 Dec 1991, "Maintenance and
Disposition of TEMPEST Equipment."
NSTISSAM TEMPEST 2-92, 30 Dec 1992, "Procedures for TEMPEST
Zoning."
NACSEM 5109, Mar 1973, "TEMPEST Testing Fundamentals."
NACSEM 5201, Sep 1978, "TEMPEST Guidelines for Equipment/
System Design."
NACSEM 5204, "Shielded Enclosures," promulgated May 1978,
together with Appendix A, Specification NSA 65-5, 30 Oct 1964,
"RF Shielded Acoustical Enclosures for Communications Equipment:
General Specification;" Appendix B, Specification NSA No. 65-6,
30 October 1964, "RF Shielded Enclosures for Communications
Equipment: General Specification;" land Appendix C,
Specification NSA No. 73-2A, "National Security Agency
Specification for Foil RF Shielded Enclosure."
NSA draft Specification NSA No. 89-01 dated 31 May 1989,
entitled "NSA Specification for a High Performance Shielded
Enclosure."
NACAM-84/1, 11 May 1984, "Advisory Memorandum on Protection
of Unclassified National Security-Related Telecommunications."
Telephone Security Group Issuances
Telephone Security Group (TSG), a subcommittee of the
IG-Countermeasures, has issued six (6) standards for telephone
security, as follows:
TSG Standard No. 1 - Introduction to Telephone Security
TSG Standard No. 2 - TSG Guidelines for Computerized
Telephone Systems
TSG Standard No. 3 - TSG Type-Acceptance Program for
Telephones Used with the Conventional Central Office
Interface
TSC Standard No. 4 - TSC Type-Acceptance Program for
Electronic Telephones Used in Computerized Telephone
Systems
TSG Standard (Interim) No. 7 - Guidelines for Cellular
Telephones
Interagency Advisory Committee on Security Equipment
Subcommittee on Containers, Vaults and Locking Devices TEST
REPORT, Jan 1987, "Manipulation Resistance of Underwriters
Laboratories Listed Group 1 and 1R Combination Locks."
DEPARTMENTAL DIRECTIVES
Department of Defense
DoD 5200.2-R, Jan 1987, "Personnel Security Program."
DoD 5220.22-M, Jan 1995, "National Industrial Security
Program" (NISP) Operating Manual (NISPOM).
DoD Dir 5210.48, 24 Dec 1984, "DoD Polygraph Program."
DepSecDef Memorandum (S), 20 Jun 1988, "Polygraph
Examinations of DoD Personnel Assigned to Criteria Countries."
DoD Instruction 5210.84, 22 Jan 1992, "Security of DoD
Personnel at U.S. Missions Abroad."
DoD Dir 5200.1, 7 June 1982, and DoD 5200.1-R, Jun 1986,
"Information Security Program Regulation."
DoD Dir C-5200.5, 21 April 1990, "Communications Security
(COMSEC) (U)"
DoD Dir 5200.28, 21 Mar 1988, "Security Requirements for
Automated Information Systems (AISs)."
DoD Dir 5200.33, 7 Dec 1994, "Defense Courier Service
(DCS) .
DoD 5200.33-R, 5 Jan 1995, "Defense Courier Service
Regulation."
DoD Manual 5200.28-M, Jan 1973 [sic], "ADP Security
Manual."
DoD 5200.28-STD, Dec 1985, "Department of Defense Trusted
Computer Security Evaluation Criteria." (ORANGE BOOK)
DoD Dir 5205.2, 7 Jul 1983, "DoD Operations Security Program."
DoD Instruction 5240.5, 23 May 1984, "DoD Technical
Surveillance Countermeasures (TSCM) Survey Program."
DoD Dir 2000.12, 27 Aug 1990, "DoD Combatting Terrorism
Program."
DoD 2000.12-H, Apr 1983, Handbook, "Protection of DoD
Personnel Against Terrorist Acts."
National Security Agency (NSA)
NSA/CSS Regulation No. 120-12, 20 Sep 1978, "Personnel
Security Program for Continued Access."
NSA/CSS Regulation No. 120-18, 28 Jul 1988, "Association
with Foreign Nationals."
NSA/CSS Regulation No. 122-2, 6 Apr 1987, "Special
Personnel Security Program for Uncleared Maintenance
Contractors."
NSA/CSS Requlation No. 10-10, 4 may 1988, "The NSA/CSS
Industrial Security Program."
NSA/CSS Regulation No. 122-3, 6 Apr 1984, "Polygraph
Examinations and Examiners."
NSA "Procedures for Security Processinq of Personnel and
SOP for Permanent Change of Station." [undated]
NSA/CSS Directive No. 120-01, 14 Feb 1985, "NSA/CSS
Operations Security Program."
NSA Memorandum, 8 Dec 1987, "Operational Doctrine for the
STU-III Type 1 Terminal."
NSA Information Systems Security Bulletin No 87-009,
"Information Guide for the STU-III Low Cost Terminal, Type I,
20 Sep 1987.
NSA Information Systems Security (INFOSEC) Manual 1993.
NSA Information Security Organization booklet, October
1988, "TEMPEST Alternatives Data Book (Including Maps of Zoned
Facilities)."
NSA Communications Security Organization, January 1985,
"Procedures for TEMPEST Zoning information-Processing Equipment,
Systems and Facilities."
CSC-STD-002-85, 12 Apr 1985, "Department of Defense
Password Management Guideline."
CSC-STD-003-85, 25 Jun 1985, "Computer Security
Requirements: Guidance for Applying the Department of Defense
Trusted Computer System Evaluation Criteria in Specific
Environments."
CSC-STD-004-85, 25 Jun 1985, "Technical Rationale Behind
CSC-STD-003-85: Computer Security Requirements."
NCSC-TG-001, I Jun 1988, "A Guide to Understanding AUDIT in
Trusted Systems, Version 2."
NCSC-TG-003, 30 Sep 1987, "A Guide to Understandinq
DISCRETIONARY ACCESS CONTROL in Trusted Systems, Version I."
NCSC-TG-004, 21 Oct 1988, "Glossary of Computer Security
Terms, Version l."
NCSC-TG-005, 31 Jul 1987, "Trusted Network Interpretation,
Version l."
NCSC-TG-006, 29 Mar 1988, "A Guide to Understanding
CONFIGURATION MANAGEMENT in Trusted Systems, Version l."
NCSC-TG-007, 2 Oct 1988, "A Guide to Understanding DESIGN
DOCUMENTATION in Trusted Systems, Version l."
NCSC-TG-008, 15 Dec 1988, "A Guide to Understanding TRUSTED
DISTRIBUTION in Trusted Systems, Version I."
NCSC-TG-009, draft version, September 1988, "Computer
Security Subsystem Interpretation of DoD Trusted Computer
Evaluation Criteria DoD 5200.28-STD, Version l."
NCSC-TG-013, 23 Jun 1989, "RATING MAINTENANCE PHASE -
PROGRAM DOCUMENT, Version l."
NCSC-TG-014, I Apr 1989, "Guidelines for FORMAL
VERIFICATION SYSTEMS, Version l."
NCSC-TG-015, 18 Oct 1989, "A Guide to Understanding TRUSTED
FACILITY MANAGEMENT, Version I"
NCSC-TG-019, 16 Oct 1989, "TRUSTED PRODUCT EVALUATION
QUESTIONNAIRE, Version l."
NCSC-TG-020-A, 18 Aug 1989, "Trusted UNIX Working Group
(TRUSIX), Rationale for Selecting Access Control List Features
for the UNIX System, Version l."
NCSC-WA-002-85, Dec 1985, "Personal Computer Security
Considerations."
NSA/CSS Directive No. 10-27, 29 Mar 1984, "Security
Requirements for Automatic Data Processing (ADP) Systems."
NSA/CSS Regulation 130-4, 27 July 1993, "Computer Security
Policy for Connection of an Automated Information System (AIS)
to the STU-III (Type 1) Terminal Data Port."
NSA/CSS SCSC/129/88, 16 Jun 1988, "Computer Security
Technical Vulnerability Reporting Program - INFORMATION
MEMORANDUM."
NSA/CSS SCSC/169/88, 29 Jul 1988, "Guidance for the
Declassification and Release of Automated Information System
Storage Media - INFORMATION MEMORANDUM."
NSA/CSS DDT-425-88, 20 Oct 1988, "Operational Computer
Security Policy Memorandum - Computer Viruses (FOUO) -
INFORMATION MEMORANDUM."
NSA/CSS Regulation No. 90-5, 20 Aug 1980, "TEMPEST Security
Program."
NSA/CSS Manual 90-5A, 1 Feb 1984 (S), "TEMPEST Security
Requirements for NSA/CSS Contractors Processing Sensitive
Compartmented Information."
Defense Intelligence Agency
DIA Regulation No. 50-8, 2 Oct 1975, "Personnel Security
Program."
DIA Pegulation No. 50-17, 26 Sep 1989, "Foreign Contact."
DIA Regulation No. 50-11, 11 Jun 1990, "Reporting and
Approval of Foreign Travel."
DIA Regulation No. 54-1, "Protection of DIA Personnel
Abroad Against Terrorist Acts," 8 Mar 1993.
Department of Commerce
The following Department of Commerce standards relating to
unclassified telecommunications and information systems are
contained in a separate volume, marked "FIPS Publications":
FIPS Pub 31 Jun 1984, "Guidelines For ADP Physical Security
and Risk Management."
FIPS Pub 39, Feb 1974, "Glossary for Computer Systems
Security."
FIPS Pub 41, May 1975, "Computer Security Guidelines for
implementing the Privacy Act of 1974."
FIPS Pub 46-1, Jan 1988, "Data Encryption Standard."
FIPS Pub 48, Apr 1977, "Guidelines on Evaluation of
Techniques for Automated Personal identification."
FIPS Pub 65, Aug 1979, "Guidelines For Automatic Data
Processing Risk Analysis."
FIPS Pub 73, Jun 1980, "Guidelines For Security of Computer
Applications."
FIPS Pub 74, Apr 1981, "Guidelines For Implementing and
Using the NBS Data Encryption Standard."
FIPS Pub 81, Dec 1980, "DES Modes of Operation."
FIPS Pub 83, Sep 1980, "Guidelines on User Authentication
Techniques For Computer Network Access Control."
FIPS Pub 87, Mar 1981, "Guidelines For ADP Contingency
Planning."
FIPS Pub 88, Aug 1981, "Guidelines On Integrity Assurance
and Control in Database Applications."
FIPS Pub 94, Sep 1982, "Guidelines On Electrical Power For
ADP Installations."
FIPS Pub 102, Sep 1983, "Guidelines For Computer Security
Certification and Accreditation."
FTPS Pub 112, May 1985, "Standard on Password Usage."
FIPS Pub 113, May 1985, "Standard on Computer Data
Authentication."
NBS Spec Pub 500-120, Jan 1985, "Security of Personal
Computer Systems: A Management Guide."
Department of State
Foreign Affairs Manual:
3 FAM 170 - Personal Services Contracts for U.S.
Citizens Abroad
3 FAM 4180 - Employee Marriage, Equivalent Bonds, and
Cohabitation
3 FAM 900 Foreign Service National Employees,
Consular Agents, and Special Categories,
1990.
12 FAM 100 - Courier Operations
12 FAM 230 - DOS Personnel Security
12 FAM 251 - Polygraph Policy
12 FAM 260 - Counterintelligence
12 FAM 314 - Collocation Policy and Waiver Procedures
12 FAM 320 - Local Guard Program
12 FAM 330 - Residential Security Program
12 FAM 340 - Marine Security Guard Program
12 FAM 540 - Sensitive But Unclassified (SBU)
12 FAM 551.3 - MOU between DOS and DoD on Overseas
Security Support, 1990
12 FAM 562 - Interagency Coordination of Security
Inspections
12 FAM 743 - Counterintelligence Working Groups
12 FAM 940 - Classified Automated Information Systems
Abroad
12 FAM 1000 Information Security
12 FAM 1 - Emergency Planning Handbook
Department of State Security Standards Handbook, (the
Red Book), classified SECRET, it being a
compilation of all OSPG - approved security
standards issued by the Department,
published and disseminated to the foreign
affairs community in June 1993.
ACRONYMS
A/SE Acoustic/RF Shielded Enclosure
ACDA Arms Control Disarmament Agency
ADP Automatic Data Processing
AFOSI Air Force Office of Special Investigations
AID Agency for International Development
AIS Automated Information System
ARFCOS Armed Forces Courier Service (now DCS)
CCISCMO Community Counterintelligence and Security
Countermeasures Office, IC Staff (DCI)
CI Counterintelligence
CIA Central Intelligence Agency
CINC Commander-in-Chief
CINCMAC CINC-Military Airlift Command
CINCTRANS CINC-US Transportation Command
CIP Critical Intelligence Position (DIA)
CIPE Classified Information Processing Equipment
COM Chief of Mission
COMINT Communications Intelligence
COMPUSEC Computer Security
COMSEC Communications Security
CONSEC Construction Security
CIPE Classified Information Processing Equipment
CSE Certified Shielded Enclosure
CSE Center for Security Evaluation (DCI) (formerly DCI Security Evaluation Office)
CSS Central Security Service (NSA/CSS)
DAO Defense Attache Office
DCI Directcr of Central Intelligence
DCID DCI Directive
DCL Designated Country List (obsoiete)
DCMR Deputy Chief of Mission Residence
DCS Defense Courier Service (DoD)
DDA Deputy Director for Administration (CIA)
DIA Defense Intelligence Agency
DIS Defense Investigative Service
DoD Department of Defense
DOS Department of State
DS Diplomatic Security (DOS)
DTS Diplomatic Telecommunications Service
DTSPO DTS Program Office
EAC Emergency Action Committee
EMR Embassy Mission Residence (Chief of Mission Residence)
EI Electronic Intelligence
EO Executive Order
FAM Foreign Affairs Manual (DOS)
FBI Federal Bureau of Investigation
FBIS Foreign Broadcast Information Service
FBO Foreign Buildings Office (DOS)
FIPS Federal Information Processing Standards
FLDREQ Field Requirement (CIA)
FSN Foreign Service National
HHB Headquarters Handbook (CIA)
HR Headquarters Regulation (CTA)
HUMINT Human Intelligence
IMINT Imagery Intelligence
INFOSEC Information Security
INFOSYSSEC Information Systems Security
INSCOM U.S. Army Intelligence and Security Command
IPMS In-Place Monitoring System
ISOO Information Security Oversight Office
JSPO Joint Special Projects Office
MSGR Marine Security Guard Residence
MOA Memorandum of Agreement
MOU Memorandum of Understanding
MSG Marine Security Guard
MTCR Modular Treated Conference Room (DOS)
NACAM National Communications Advisory Memorandum
NACIPB National Counterintelligence Policy Board
NACSEM National Communications Security Engineering Memorandum
NACSI National Communications Security Instruction
NACSIM National Communications Security Information Memorandum
NAG/CI&SCM National Advisory Group for Counterintelligence and Security
Countermeasures (DCI) (defunct)
NBS National Bureau of Standards (now NIST)
NCSC National Computer Security Center (DoD)
NFIP National Foreign Intelligence Program
NIS Naval Investigative Service
NISP National Industrial Security Program
NISPOM National Industrial Security Program Manual
NIST National Institute for Standards and Technology
NOB New Office Building
NSA National Security Agency
NSD National Security Directive
NSDD National Security Decision Directive
NSIC Naval Security and Investigative Command
NSTISSAM National Security Telecommunications and Information Systems
Security Advisory Memorandum
NSTISSC National Security Telecommunications and Information Systems
Security Committee
NSTL National Security Threat List (FBI)
NTISSAM National Telecommunications and Information Systems
Security Advisory Memorandum
NTISSC National Telecommunications and Information Systems
Security Committee
NTISSD National Telecommunications and Information Systems Security Directive
NTISSP National Telecommunications and Information Systems Security Policy
OCHB Office of Communications Handbook (CIA)
OMB Office of Management and Budget
OPNAVINST Naval Operations Instruction
OPSEC Operations Security
OSPG Overseas Security Policy Group (DOS)
OSPB Overseas Security Policy Board (NSC), (formerly the OSPG)
P.L. Public Law
PCS Permanent Change of Station
PDD/NSC Presidential Decision Directive/National Security Council
PO Principal officer (c.f., Chief of Mission)
POI Program of Instruction
POR Principal Officer Residence
PSC Personal Service Contract [employee]
PTPE Plain Text Processing Equipment
RSO Regional Security Officer
SAP Special Access Program (DoD)
SBU Sensitive But Unclassified (DOS)
SCI Sensitive Compartmented Information
SCIF Sensitive Compartmented Information Facility
SEABEES Navy Construction Battalion Corps
SEO Security Evaluation office (DCI); also Security Engineering Officer (DOS)
SIGINT Signals Intelligence
SOFA Status of Forces Agreement
SPE Special Protective Equipment
SPB Security Policy Board (NSC)
SPF Security Policy Forum (under SPB)
SPC Systems Planning Corporation
SRWF Shatter-resistant window fiim
SSH Security Standards Handbook (DOS)
SSBI Single Scope Background Investigation
TCR Treated Conference Room
TDY Temporary Duty
TSCM Technical Surveillance Countermeasures
TSG Telephone Security Group
USC United States Code
USIA United States Information Agency
USMC United States Marine Corps
