TITLE 6 - HOMELAND SECURITY

CHAPTER I - DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY

PART 29 - PROTECTED CRITICAL INFRASTRUCTURE INFORMATION

29.7 - Safeguarding of Protected Critical Infrastructure Information.

  (a) Safeguarding. All persons granted access to Protected CII are responsible for safeguarding all such information in their possession or control. Protected CII shall be protected at all times by appropriate storage and handling. Each person who works with Protected CII is personally responsible for taking proper precautions to ensure that unauthorized persons do not gain access to it.

  (b) Use and storage. When Protected CII is in the physical possession of a person, reasonable steps shall be taken to minimize the risk of access to Protected CII by unauthorized persons. When Protected CII is not in the physical possession of a person, it shall be stored in a secure environment that affords it the necessary level of protection commensurate with its vulnerability and sensitivity.

  (c) Reproduction. Pursuant to procedures prescribed by the Protected CII Program Manager, a document or other material containing PCII may be reproduced to the extent necessary consistent with the need to carry out official duties, provided that the reproduced documents or material are marked and protected in the same manner as the original documents or material.

  (d) Disposal of information. Documents and material containing Protected CII may be disposed of by any method that prevents unauthorized retrieval.

  (e) Transmission of information. Protected CII shall be transmitted only by secure means of delivery as determined by the Protected CII Program Manager or the Protected CII Program Manager's designees.

  (f) Automated Information Systems. The Protected CII Program Manager or the Protected CII Program Manager's designees shall establish security requirements for Automated Information Systems that contain Protected CII.