News | Feb. 26, 2021

32 Code of Federal Regulation Part 117, NISPOM is now in effect. Cleared contractors under DOD cognizance must implement and comply within six months.

The NISPOM rule at 32 CFR Part 117, “National Industrial Security Program Operating Manual,” became effective on February 24, 2021. The rule stipulates that contractors must implement changes no later than six months after the date of the published rule. The exact implementation date will be published in an Industrial Security Letter (ISL). The ISL will also provide further guidance about the rule’s implementation.   

The rule implements policy, assigns responsibilities, establishes requirements, and provides procedures consistent with Executive Order 12829, “National Industrial Security Program;” Executive Order 10865, “Safeguarding Classified Information within Industry;” and 32 Code of Regulation Part 2004, “National Industrial Security Program.” That guidance outlines the protection of classified information that is disclosed to, or developed by contractors, licensees, grantees, or certificate holders to prevent unauthorized disclosure.

The Key Changes include:

  • Section 117.8(a); Reporting Requirements: Cleared contractors must submit reports pursuant to Security Executive Agent Directive (SEAD) 3 and cognizant security agency (CSA) guidance that supplements unique CSA mission requirements.
  • Section 117.9(m); Limited entity eligibility determination (Non-FOCI) and limited entity eligibility: The limited facility clearance provides an additional facility clearance  tool for DCSA and government contracting activities as a limited entity eligibility is specific to the requesting GCA’s classified information, and to a single, narrowly defined contract, agreement, or circumstance.
  • Section 117.11(d)(2)(iii)(A); National Interest Determination (NID): Requirement for NIDs is removed for certain covered contractors operating under a special security agreement with ownership by countries designated as part of the National Technology Industrial Base (United Kingdom, Canada or Australia).
  • Section 117.15(e)(2); TOP SECRET Information Accountability: Permits specific determinations by a CSA with respect to requirements for TOP SECRET accountability.
  • Section 117.15(d)(4); Intrusion Detection System (IDS) Installation: Allows for UL-2050 certification by an Office of Occupational Health and Safety Agency (OSHA) National Recognized Test Laboratory (NRTL)
  • Section 117.15; Safeguarding: Directs cleared contractors to refer to 32 CFR Part 2001, for direction on requirements for the protection of classified national security information (CNSI) to ensure consistency with national policy. This change is in addition to CSA approval and compliance with intelligence community specification (ICS) 705.
  • Section 117.7(b)(2); Senior Management Official (SMO): Clarifies key responsibilities for SMOs.
  • Section 117.13(d)(5); Classified Information Retention: Clarifies for the contractor that upon completion of a classified contract, the ‘‘contractor must return all government provided or deliverable information to the custody of the government.”

 

How is DCSA Supporting Implementation?

DCSA is working on a wide-range of updates to support implementation by cleared industry under DOD cognizance and to enable oversight. This includes but is not limited to:

  • Developing communications and briefing materials for use by DCSA staff in engagements with cleared industry and government partners. 
  • Coordinating with industry partners and groups for web based conference engagements on implementation strategies, questions and answers, to ensure a consistent approach by both industry and DCSA.
  • Reviewing existing industrial security letters (ISL’s) to determine those required to be retained and re-issued, and identifying those that can be rescinded based on revisions to the NISPOM rule.

 

  • Reviewing and revising industry products, tools, and systems including but not limited to CDSE training, tools and products; the National Industrial Security System (NISS), externally posted tools, and internal tools used in oversight.
  • Coordinating with DOD and the Office of Management and Budget for administrative revisions to NISP-related forms under DCSA management to reflect the change from the NISPOM to the federal rule. This includes the SF-328 - “Certificate Pertaining to Foreign Interest,” DD Form 44 – “Security Agreement,” and DD Form 441-1 – “Security Agreement Addendum.”

 

  • Planning in coordination with government partners and cleared industry for the implementation of Security Executive Agency Directive (SEAD) 3 reporting requirements.

What has DCSA done to enable better understanding of the new rule?

 

DCSA will continue to provide updates to industry and update products to support implementation. DCSA intends to launch a dedicated webpage for NISPOM rule implementati

Use of Conditional National Security Eligibility Determinations for military, DOD civilian personnel
Nov. 12, 2021 - In November 2021, DCSA Adjudications resumed the use of Conditional National Security Eligibility Determinations for qualifying cases. “Conditionals” provide increased mission resiliency to our customers by diverting national security cases with minor unmitigated disqualifying information from due process into an automated monitoring solution provided by the DCSA Vetting Risk Operations’ Continuous Vetting (CV) program. Leveraging the DCSA VRO CV program in this manner enables Adjudicators to monitor compliance with “conditions” specified to continue maintaining a security clearance. Additional information is available in the Fact Sheet located at https://www.dcsa.mil/mc/pv/dod_caf/resources/. Click the title for more information.

DCSA Director updates DOD, government, industry and university leaders on DCSA Counter Insider Threat programs
Oct. 27, 2021 - Defense Counterintelligence and Security Agency (DCSA) Director William Lietzau told military, government, industry and academic leaders that the expansion of DOD Counter Insider Threat programs, hubs and personnel are proving effective in countering potential insider threats during an Oct. 20 symposium. “We have to stay a step ahead" of our adversaries and "from a DCSA-perspective, we are absolutely committed to doing that," said Lietzau at the Defense Strategies Institute Counter Insider Threat Symposium in a speech with a theme focused on safeguarding the integrity and trustworthiness of the federal workforce. Read the entire article at: https://www.dvidshub.net/news/407739/dcsa-director-updates-dod-government-industry-and-university-leaders-dcsa-counter-insider-threat-programs. Click the title for more information.

National Center for Credibility Assessment transfers to DCSA
Oct. 1, 2021 - The Defense Intelligence Agency officially transferred operational control of the National Center for Credibility Assessment (NCCA) to DCSA on Oct. 1. The transfer of NCCA to DCSA marks two years to the day that the Defense Security Service (DSS), National Background Investigations Bureau and DOD Consolidated Adjudications Facility were consolidated into DCSA. It’s exactly one year since the National Background Investigation Services, legacy information technology systems from the Office of Personnel Management and the Defense Manpower Data Center joined DCSA. Although the smallest of the 2019, 2020 and this year’s transfers, with roughly 75 government and contractor employees, the move is no less significant, bringing a unique mission and capability to DCSA and the Training Directorate. As the government's premiere educational center for polygraph and other credibility assessment technologies and techniques, NCCA assists federal agencies in the protection of U.S. citizens, interests, infrastructure, and security by providing the best education and tools for credibility assessment. NCCA determines the standards related to polygraph initial and continuing education in addition to polygraph countermeasures education and research. The center audits federal polygraph programs to ensure that they are compliant with federal policy, practices and standards. Moreover, NCCA conducts continuous research and development of credibility assessment technologies, processes, and instrumentation in addition to supporting warfighter requirements for the employment of the Preliminary Credibility Assessment Screening System. The center also advises the directors of DIA, DCSA and National Intelligence as well as the under secretary of defense for intelligence and security on federal polygraph technical matters, policies and standards. We welcome NCAA staff and students to our DCSA team as we work as gatekeepers to ensure our national security is continually protected.

DCSA enrolls all DOD clearance holders in CV
Oct. 1, 2021 - The Defense Counterintelligence and Security Agency (DCSA) has successfully enrolled all DOD clearance holders in Continuous Vetting (CV). This brings the agency and the federal government one step closer to its Trusted Workforce (TW) 2.0 goal of providing CV for all U.S. security clearance holders. Find out more here. Click title for more information.

DCSA’s New Field Structure
Sept. 23, 2021 - The Defense Counterintelligence and Security Agency (DCSA) is establishing a new regional field structure on October 1, 2021. The new structure merges existing field mission areas into a four-region structure that includes Western, Central, Eastern, and Mid-Atlantic jurisdictions. With this new structure in place, for some stakeholders, DCSA points of contact (POC) may change. If your DCSA POC is changing, your current Counterintelligence Special Agent (CISA), Industrial Security Representative (ISR), or Information Systems Security Professional (ISSP) will notify you and ensure there is no break in support. Address any questions about changes to your current CISA/ISR/ISSP. More information can be found here: click the title for more information