Reference document

INFOSEC Management Directive for CIS

The Information Security (INFOSEC) Management Directive for Communications and Information Systems (CIS) is applicable to security approval or accreditation authorities (for example, National Security Authorities (NSAs), and NATO Security Accreditation Authorities (SAAs)), CIS planning and implementation authorities, CIS operating authorities, security / system management staffs, project staffs, host nations, and procurement authorities responsible for establishing and implementing INFOSEC requirements, and for ensuring that INFOSEC measures are maintained. This INFOSEC directive is mandatory and binding upon all CIS storing, processing or transmitting NATO classified information. Where required, specific guidance is published in support of this INFOSEC directive. This directive should be read in conjunction with NATO Security Policy, the Primary Directive on INFOSEC (published by the NSC and C3B), and the INFOSEC directives addressing INFOSEC technical and implementation aspects for CIS, published by the C3B. This INFOSEC directive is published by the NATO Security Committee (NSC) in support of the NATO Information Management Policy (NIMP), the NATO policy for the protection of NATO classified information, and the Primary Directive on INFOSEC, and addresses the following aspects

Security Policies and Directives