Each Bureau that generates and/or stores classified National Security Information (NSI) is required to conduct an annual NSI self-review. The NSI self-review program ensures adherence to the principles of E.O. 13526, 32 CFR 2001 and 2003. The frequency of the self-review is determined by the needs of the Bureau but, at a minimum, must be conducted annually.

NSI Self-Reviews include an assessment of the handling of Controlled Unclassified Information (CUI), local Communications Security (COMSEC) procedures, and safeguards to protect COMSEC equipment and classified IT systems, such as Secret Internet Protocol Router Network (SIPRNet) or the Top Secret Enterprise Closed Network (CNET). The NSI Self-Review does not cover the protection of Sensitive Compartmented Information (SCI) or Sensitive Compartmented Information Facilities (SCIFs).

All DOC facilities handling or storing NSI shall conduct an NSI Self-Review, using the DOC NSI Self-Review checklist, at least once per fiscal year and submit a copy of the completed NSI Self-Review checklist with a cover memorandum including a summary of findings and actions taken to the Information Security Division upon completion at: osy_NSI@doc.gov.