U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Was this page helpful?

CNSI Annual Self-Review

In accordance with 32 CFR Parts 2001 and 2003, the Department is required to conduct Classified National Security Information (CNSI) Self-Reviews to evaluate adherence to the principles and requirements of Executive Order (EO) 13526 and the effectiveness of programs covering original classification, derivative classification, declassification, safeguarding, security incidents, security education and training, management, and oversight, at least once per fiscal year. All Department facilities handling or storing CNSI are required to conduct a CNSI Self-Review.  

Reviews include a representative sample of original and derivative classification actions, to include electronic materials (e.g., email and presentations). CNSI Self-Reviews also include an assessment of local Communications Security (COMSEC) procedures, safeguards to protect COMSEC equipment, and classified Information Technology (IT) systems, such as Secret Internet Protocol Router Network (SIPRNet) or the Joint Worldwide Intelligence Communications System (JWICS). CNSI Self-Reviews do not cover the protection of Sensitive Compartmented Information (SCI) or Sensitive Compartmented Information Facilities (SCIFs).

CNSI Self-Reviews are completed annually within each fiscal year (no longer than 365 days from the prior self-review, but no sooner than 180 days from the previous self-review). The deadline for each bureau to submit its CNSI Self-Review is August 30th of each fiscal year.

Program Planning

Field Servicing Security Offices generate a schedule forecasting projected CNSI Self-Reviews to be conducted prior to 30 September each fiscal year. Only facilities within a bureau that safeguard CNSI are required to complete a CNSI Self-Review. The projected schedule is coordinated with bureau leadership, as necessary.

Conducting the Self-Review

Utilizing the CNSI Self-Review Checklist, and DOC Inspection Spreadsheet, CNSI Self-Reviews consist of a review of CNSI, CUI, COMSEC, and classified IT systems that inspect both equipment and room security if the office is equipped with either.

Post-Review

Within 10 business days following the completion of the CNSI Self-Review, the inspection official, or designated representative, submits the final consolidated report (CNSI Self-Review Memo Template) to the Information Security Division (ISD) to [email protected] for review prior to providing to the inspected office. The bureau/program leadership receives the report within 30 business days of the inspection. The report outlines findings, recommendations, required actions, and best practices.