News | Feb. 26, 2021

32 Code of Federal Regulation Part 117, NISPOM is now in effect. Cleared contractors under DOD cognizance must implement and comply within six months.

The NISPOM rule at 32 CFR Part 117, “National Industrial Security Program Operating Manual,” became effective on February 24, 2021. The rule stipulates that contractors must implement changes no later than six months after the date of the published rule. The exact implementation date will be published in an Industrial Security Letter (ISL). The ISL will also provide further guidance about the rule’s implementation.   

The rule implements policy, assigns responsibilities, establishes requirements, and provides procedures consistent with Executive Order 12829, “National Industrial Security Program;” Executive Order 10865, “Safeguarding Classified Information within Industry;” and 32 Code of Regulation Part 2004, “National Industrial Security Program.” That guidance outlines the protection of classified information that is disclosed to, or developed by contractors, licensees, grantees, or certificate holders to prevent unauthorized disclosure.

The Key Changes include:

  • Section 117.8(a); Reporting Requirements: Cleared contractors must submit reports pursuant to Security Executive Agent Directive (SEAD) 3 and cognizant security agency (CSA) guidance that supplements unique CSA mission requirements.
  • Section 117.9(m); Limited entity eligibility determination (Non-FOCI) and limited entity eligibility: The limited facility clearance provides an additional facility clearance  tool for DCSA and government contracting activities as a limited entity eligibility is specific to the requesting GCA’s classified information, and to a single, narrowly defined contract, agreement, or circumstance.
  • Section 117.11(d)(2)(iii)(A); National Interest Determination (NID): Requirement for NIDs is removed for certain covered contractors operating under a special security agreement with ownership by countries designated as part of the National Technology Industrial Base (United Kingdom, Canada or Australia).
  • Section 117.15(e)(2); TOP SECRET Information Accountability: Permits specific determinations by a CSA with respect to requirements for TOP SECRET accountability.
  • Section 117.15(d)(4); Intrusion Detection System (IDS) Installation: Allows for UL-2050 certification by an Office of Occupational Health and Safety Agency (OSHA) National Recognized Test Laboratory (NRTL)
  • Section 117.15; Safeguarding: Directs cleared contractors to refer to 32 CFR Part 2001, for direction on requirements for the protection of classified national security information (CNSI) to ensure consistency with national policy. This change is in addition to CSA approval and compliance with intelligence community specification (ICS) 705.
  • Section 117.7(b)(2); Senior Management Official (SMO): Clarifies key responsibilities for SMOs.
  • Section 117.13(d)(5); Classified Information Retention: Clarifies for the contractor that upon completion of a classified contract, the ‘‘contractor must return all government provided or deliverable information to the custody of the government.”

 

How is DCSA Supporting Implementation?

DCSA is working on a wide-range of updates to support implementation by cleared industry under DOD cognizance and to enable oversight. This includes but is not limited to:

  • Developing communications and briefing materials for use by DCSA staff in engagements with cleared industry and government partners. 
  • Coordinating with industry partners and groups for web based conference engagements on implementation strategies, questions and answers, to ensure a consistent approach by both industry and DCSA.
  • Reviewing existing industrial security letters (ISL’s) to determine those required to be retained and re-issued, and identifying those that can be rescinded based on revisions to the NISPOM rule.

 

  • Reviewing and revising industry products, tools, and systems including but not limited to CDSE training, tools and products; the National Industrial Security System (NISS), externally posted tools, and internal tools used in oversight.
  • Coordinating with DOD and the Office of Management and Budget for administrative revisions to NISP-related forms under DCSA management to reflect the change from the NISPOM to the federal rule. This includes the SF-328 - “Certificate Pertaining to Foreign Interest,” DD Form 44 – “Security Agreement,” and DD Form 441-1 – “Security Agreement Addendum.”

 

  • Planning in coordination with government partners and cleared industry for the implementation of Security Executive Agency Directive (SEAD) 3 reporting requirements.

What has DCSA done to enable better understanding of the new rule?

 

DCSA will continue to provide updates to industry and update products to support implementation. DCSA intends to launch a dedicated webpage for NISPOM rule implementati

Cleared Contractor SEAD 3 Unofficial Foreign Travel Reporting
Aug. 5, 2022 - The Defense Information System for Security (DISS) reporting module for unofficial foreign travel and bulk upload capabilities is now available in DISS. Reporting requirements for unofficial foreign travel, as outlined in SEAD-3, were deferred until August 24, 2022 to ensure the completion of necessary DISS revisions for foreign travel reporting and to create a bulk-reporting capability. As a result the foreign travel reporting module was created and includes the “unofficial foreign travel bulk-upload tool” allowing facility security officers (FSOs) to consolidate the unofficial foreign travel of multiple contractor employees into a single DISS report submission. Prior to August 24, 2022, DCSA will provide guidance about using the new module and bulk-upload tool as well as a job aid helping FSOs navigate the unofficial foreign travel reporting process. Continue to check out the DCSA.mil website for these resources and the latest guidance and tools.

NBIS Industry Onboarding Regional Strategy
July 29, 2022 - In preparation for onboarding the initial Industry Org and User Managers into the National Background Investigation Services (NBIS), please review the below information to learn more about the onboarding strategy and how you will be notified to begin onboarding. NBIS onboarding for Industry will be incrementally rolled-out based on a facility's regional designation as identified in National Industrial Security System (NISS). Using this incremental approach allows for an orderly flow to the onboarding process for Industry organizations. Click the title for more information

FY23 Investigative Services Pricing
July 5, 2022 - The Defense Counterintelligence and Security Agency announced the Fiscal Year 2023 pricing for investigative products and services in a federal investigations notice (FIN) released today. The notice also highlighted initial estimated FY24 prices. Today's release marks the third price reduction since DCSA became the federal government's largest investigative service provider (ISP) in 2019. In that role, DCSA delivers investigative products to more than 105 federal agencies and charges for those services on a reimbursable basis via the agency's working capital fund. For more details, see the News Release - FY23 Investigative Services Pricing. Click the title for more information.

NBIS Industry Training Resources Update
June 29, 2022 - The NBIS team would like to introduce training resources available for Industry users at the following site: https://nbisindustrytraining.countermeasures.com/courses/home. Users can access the site via Common Access Card (CAC), Personal Identity Verification (PIV), or External Certification Authority (ECA)/Public Key Infrastructure (PKI) authentication. These resources have been developed and published to the Countermeasures website allowing our Industry Partners to preview NBIS capabilities before onboarding to the system. They provide an overview of NBIS and instruction for the Case Initiation, Review, and Authorize process in a variety of formats including e-learning courses, desk-side support Job Aids, and topical webinars. NBIS "Demo Day" recordings and FAQs are also available. Additional training content is being added to the site regularly to better support our Industry Partners. Additionally we will have resources available in the upcoming Industry Onboarding Portal to include Knowledge Articles and information regarding onboarding webinars. Regarding the portal, further details will be provided at a later date. Please visit the Countermeasures site mentioned above for more details and if you have issues with accessing the site, please contact the NBIS Training program at: dcsa.quantico.nbis.mbx.training@mail.mil Please Note: Some CAC users may be blocked from accessing the site currently due to security constraints. This issue is being addressed.

DCSA announces 2022 Cogswell award recipients
June 22, 2022 - The Defense Counterintelligence and Security Agency (DCSA) has recognized 26 facilities as recipients of the 2022 James S. Cogswell Outstanding Industrial Security Achievement Award. Chosen from nearly 12,500 cleared facilities in the United States, each facility has demonstrated industrial security excellence. To qualify, companies must establish and maintain a security program that exceeds basic National Industrial Security Program requirements. Recipients also help other cleared facilities establish security-related best practices while maintaining the highest security standards for their own facility. See the list of winning facilities here. Click the title for more information.