The NISPOM Rule
DCSA releases ISL 2021-02, SEAD 3: Clarification and Guidance on Reportable Activities for cleared contractors under DoD cognizance. The ISL provides clarity on reporting requirements for all covered individuals who have access to classified information. The ISL additionally advises that cleared contractors under DoD cognizance must implement the change in 32 Code of Federal Regulation Part 117, “National Industrial Security Program Operating Manual,” Rule effective August 24, 2021.
DoD has amended 32 CFR Part 117, the NISPOM Rule to extend the compliance date solely for reporting and pre-approval of unofficial foreign travel as prescribed in SEAD 3, until no later than 18 months from the effective date of the rule for those contractors under DoD security cognizance. The reporting of the foreign travel component of SEAD 3 will begin August 24, 2022.
Cleared industry under DoD cognizance should consult with their government customers for any additional foreign travel reporting requirements for those personnel who have SCI or SAP access and/or additional contractual reporting requirements.
DSCA will incorporate the assessment of compliance with the SEAD 3 reporting requirements with the exception of foreign travel as noted above, that begin on August 24, 2021, into scheduled assessments no earlier than March 1, 2022.
Resources for SEAD 3 implementation can be found on this webpage under the Resource and FAQ tabs below, and include Industry SEAD 3 Reporting Webinar Recording, SEAD 3 Frequently Asked Questions, and a SEAD 3 Reporting Desk Top Aid.
Industrial Security Letter (ISL 2021-02)
Additional industrial security letter guidance for 32 CFR Part 117, NISPOM Rule (insider threat, SF-328, DISS, and consolidated article) that have been coordinated through the National Industrial Security Program Policy Advisory Committee (NISPPAC) continue to be processed and coordinated for issuance. Cleared industry will be informed when they are approved and posted.
32 Code of Federal Regulation Part 117, NISPOM
On February 24, 2021, 32 CFR Part 117, “National Industrial Security Program Operating Manual (NISPOM)” became effective as a federal rule. Referred to as the “NISPOM rule,” it provides the contractor no more than six months from this effective date to comply with the requirements stipulated therein. The NISPOM rule replaces the NISPOM previously issued as a DOD policy (DOD 5220.22-M), which will be cancelled shortly after the allotted six-month implementation period ends. Until then, DOD 5220.22-M will remain in effect.
The rule implements policy, assigns responsibilities, establishes requirements, and provides procedures consistent with Executive Order 12829, “National Industrial Security Program;” Executive Order 10865, “Safeguarding Classified Information within Industry;” and 32 Code of Regulation Part 2004,“National Industrial Security Program.” That guidance outlines the protection of classified information that is disclosed to, or developed by, contractors of the U.S. Government.
To assist cleared industry in better understanding what is required for compliance, DCSA worked with the Center for Development of Security Excellence (CDSE) to develop a cross reference tool. The tool provides users the ability to select a link in the familiar NISPOM table of contents and takes them to the corresponding section of the NISPOM rule. It serves as a deskside aid enabling the transition from the DOD manual format to a federal rule format.
32 CFR Part 117 Cross Reference Tool