The roles and responsibilities for securing national security systems are outlined in National Security Directive 42 (NSD-42), signed July 5, 1990 by President George H. W. Bush.
NSD-42 establishes the National Security Telecommunications and Information Systems Security Committee, now called the Committee on National Security Systems (CNSS) 2 CNSS is an interagency committee, chaired by the Department of Defense. Among other assignments, NSD-42 directs the CNSS to: provide system security guidance for national security systems to executive departments and agencies; and, submit annually to the Executive Agent (see below) an evaluation of the security status of national security systems . NSD-42 also directs the Committee to interact, as necessary, with the National Communications System Committee of Principals (see below).
NSD-42 assigns membership to the Committee to voting representatives of the Secretaries, Directors, and Administrators of the following departments and agencies: State, Treasury, Defense, Commerce, Transportation, Energy, Office of Management
1P.L. 107-347,§ 301(b)(1).
2The name was changed by Executive Order (E.O.)13231, signed October 16, 2001. E.O. 13286, signed February 28, 2003, and which amended E.O. 13231, kept the name change.
CRS-4
and Budget, Central Intelligence,' Federal Bureau of Investigations, Federal Emergency Management Agency (FEMA), General Services Administration, National Security Agency, Defense Intelligence Agency . Also included are : the Attorney General, the Assistant to the President for National Security Affairs, Chairman of the Joint Chief of Staff, the Chiefs of Staff of the Army and the Air Force, the Chief of Naval Operations, the Commandant of the Marine Corps, and the Manager of the National Communications System (NCS) . FEMA and NCS are now parts of the Department of Homeland Security.
NSD-42 names the Secretary of Defense as the Executive Agent of the Government for National Security Telecommunications and Information Systems Security. NSD-42 directs the Executive Agent to implement policies and procedures
that: ensure the development of plans and programs necessary to secure national security systems; procure for, and provide to, executive departments and agencies technical security materials, and other technical assistance; conduct, approve, or endorse research and development of security techniques and equipment ; and to operate or coordinate the activities of federal technical centers related to national security systems. NSD-42 also assigns to the Executive Agent the responsibility for reviewing and assessing the National Manager's (see below) recommendations on national security systems programs and budgets for executive departments and agencies. The Executive Agent may make appropriate budgetary and programmatic recommendations to agency heads as well as to the National Security Council and to the Office of Management and Budget . In addition, NSD-42 instructs the Executive
Agent to report the security status of national security systems to the President through the National Security Council.
NSD-42 also designates the Director of the National Security Agency as the National Manager for National Security Telecommunications and Information Systems Security. Among the authorities granted the National Manager are : examine U .S. Government national security systems and evaluate their vulnerability to foreign interception and exploitation; conduct, approve, or endorse research and development of security techniques and equipment; review and approve all security related standards, techniques, systems, and equipment for national security systems ; assess the overall security posture of and disseminate information on threats to and vulnerabilities of national security systems; operate a central technical center to evaluate and certify national security systems; prescribe minimum standards,
methods, and procedures for protecting national security systems ; annually review and assess the national security systems programs and budgets of department and agencies, individually and in the aggregate, and recommend alternatives to the Executive Agent; and, enter into agreements for the procurement of technical security materials and equipment and their provision to executive departments and agencies, and when appropriate, to government contractors and foreign governments .