The National Access Elsewhere Security Oversight Center (NAESOC)

The National Access Elsewhere Security Oversight Center (NAESOC) is designed to provide consistent oversight and security management for select facilities who do not possess classified information on-site ("access elsewhere").

Please review the below tabs to identify tools that can assist you in supporting your facility's security program. All tabs are “self-help” tabs and you will find, topics, tools, questions and answers that will prepare you for meeting your needs and requests. If you cannot find what you are looking for, please email the NAESOC General Mailbox.

Schedule local ISAC or NCMS speaking request
Learn more about the NAESOC

Contact Us
Mail
NAESOC
DCSA
P.O. BOX 644
Hanover, MD 21076
Help Desk
(888) 282-7682, Option 7
LIVE AGENTS AVAILABLE 
M-TH 09:00 to 15:00
Friday 08:00 to 14:00

Email
dcsa.naesoc.generalmailbox@mail.mil

NISS Messenger always available

Escalate an Existing Inquiry

NAESOC Help Desk Hours

Expanded hours are here to be able to talk to a LIVE AGENT at the NAESOC. You can now speak to a Security Specialist at the NAESOC Monday through Thursday from 9:00 a.m. to 3:00 p.m. and Friday from 8:00 a.m. to 2:00 p.m. at (888) 282-7682, Option 7.

Escalate an Existing Inquiry

For both Industry and GCA support, the NAESOC has provides an escalation n capability for any existing inquiries that have been submitted its Help Desk. Please use the Blue Button on the NAESOC Main Page to submit any escalation inquiries.

Security Review Update

As a reminder, all facilities within the NISP are subject to Security Reviews to include facilities currently under NAESOC. NISS users may receive notifications from NISS related to internal updates to support the proper identification of the local DCSA Oversight Team based on the updated regional field office locations. Facilities may also temporarily be reassigned to the local DCSA field office to support the communication and task workflows within NISS during Security Review activities. NISS users may reference their NISS profile to identify their current DCSA Oversight Team. If you have any questions about your oversight team or notifications you have received in NISS, please feel free to contact us directly at the NAESOC Help Desk.

NBIS Note

Please note: Industry is no longer able to use DISS to initiate investigation requests effective 1 October 2023.

Keep checking here or at the NBIS website for updates.

NAESOC Webex Series Update

This latest webex published by the NAESOC addresses How to Successfully Submit Change Condition Packages. Be sure to check out the WEBEX Resources tab for additional NAESOC publications.
 

Security Incidents and Violations:

DoD 5220.22-M defines a security violation as a failure to comply with the policy and procedures established by the NISPOM that reasonably could result in the loss or compromise of classified information.  Security incidents involving classified information must be appropriately reported to DCSA.

Facilities assigned to the NAESOC must immediately report security violations via NISS Messenger.  The Security Incident Job Aid provides recommendations and guidance on security incident response and remediation and submitting initial and final security violation reports.

Actual or Potential Insider Threat:

Cyber Intrusions:

  • Facilities shall report cyber incidents or intrusions regardless of classification level of information or information systems involved in the intrusion provided the contractor determined that 1) circumstance of intrusion are sufficient to qualify as actual, probable, or possible espionage, sabotage terrorism, or subversive activities, and 2) these activities constitute a threat to the protection of classified information, systems, or programs that are otherwise covered by the NISPOM.

  • NAESOC Facilities shall report cyber intrusions via NISS messenger.

Suspicious Contact Reporting:

NEW! Your Threat Baseball Cards:

As reported in the Voice of Industry, click here for a resource you can use to enhance your security awareness and reporting program. 

Adverse Information:

Adverse information consists of any information that negatively reflects on the integrity or character of a cleared employee, that suggests that his or her ability to safeguard classified information may be impaired, or that his or her access to classified information clearly may not be in the interest of national security. 

Revised ISL
 

FCL Changed Conditions:

Change Conditions are those organizational changes that could affect the Facility Clearance. 

Change Conditions that are required to be reported include: 

  • Ownership, including stock transfers

  • Legal Structure

  • Operating Name

  • Principal Address

  • Key Management Personnel

  • Foreign Ownership, Control, or Influence (FOCI)

  • Bankruptcy

  • FCL Termination

  • Cage Code changes (rare)

  • Formal submission of Changed Conditions are required to be completed in NISS as an FCL Change Condition Package. Please ensure all business documentation is submitted to substantiate the reporting.

*Note: When entering discussions, consultations, or agreements that may reasonably lead to effective ownership or control by a foreign interest, the contractor shall immediately report the details to DCSA via NISS messenger.

Facility Profile Update Requests:

Facility Profile Update Requests–Information that can be edited by Industry users includes, but is not limited to new contracts, program assets, and essential Key Management Personnel and security staff contact information. Facility profile updates have replaced Requests For Information (RFI); so ensure that you review your profile and submit timely updates.

*Note: Please ensure all of your appropriate DD Form 254s are submitted via NISS. *Note: FCL Change Conditions should not be submitted as a Facility Profile Update Request.

How can I reach the NAESOC?

You can reach us via NISS Messenger, phone 888-282-7682 (Option 7), or email at DCSA.NAESOC.GeneralMailbox@mail.mil

What is NAESOC mailing address?

NAESOC
Defense Counterintelligence and Security Agency (DCSA)
P.O. Box 644
Hanover, MD 21076

Do I have an assigned Industrial Security Representative (ISR)?

You will not have an individual ISR, however, you will have the NAESOC team as your DCSA POC.

How do I process a CI issue or report?

It is very important to identify your local CI Special Agent (CISA) in NISS Some of the information CI shares with Reps is for information only and should not be released to industry. CI issues should be directly coordinated with your local CISA. If you require assistance in locating your CISA, please reach out to the NAESOC Help Desk.

How do I submit my Facility Profile Update?

Instructions for updating you facility can be found in the NISS Knowledge Base with the Job Aid, “Submitting a Facility Profile Update Request”

How can I get FSO training?

 

 

Where can I find help of conducting my Self-Inspection?

You can start with a Best Practice of using the "Self Inspection Handbook for Contractors" which can be found at https://www.dcsa.mil/mc/isd/tools/. In it you will find eight checklists that are common to ALL NAESOC companies:

- Procedures [117.7]
- Reporting Requirements [117.8]
- Entity eligibility determination for access... [117.9]
- (Contractor) eligibility for access to classified... [117.10]
- Foreign Ownership, Control, or Influence (FOCI) [117.11]
- Security training and briefings [117.12]
- Classification [117.13]
- Visits and meetings [117.16]

Feel free to review the entire handbook before you begin it.  It is full of Best Practices and ideas about how to ensure you understand and can support your security program.
The NISS Knowledge Base has a NISS guide for submitting the self-inspection. It can be found here:
  • Log into NISS
  • Select the Knowledge Base from the list of "Quick Links"
  • In the search bar, type "Self"
  • Open the link "Submitting an Annual Self-Inspection (Dec 2021)" to access these instructions.
Remember: In accordance with 32 CFR Part 117 NISPOM Rule, 117.7(h)(2)(ii), you must prepare a formal report describing the self-inspection, its findings, and resolution of issues found.

How do I get a NATO/COMSEC briefing and can you provide this to me?

In order to be briefed for NATO, CNWDI or COMSEC access, you must have an active, valid DD Form 254 showing justification for the access requirement.
A reminder for the volume of facilities requesting recurring updates (Initial NATO Brief for the FSO, CNWDI, etc.): It may speed up your request if you use the Facility Profile Update (FPU) tool to maintain a current list of active classified contracts in your NISS profile. The FPU is listed in the Quicklinks on the NISS homepage. Simply click the link and browse to the "Customers and Programs" section to manage your list of DD254s.
Once the Facility Profile Update is completed, please send a signed Initial NATO briefingCOMSEC briefing, or CNWDI to the NAESOC via email or NISS message. Include the reference number for the DD Form 254 which authorizes it.

If we have foreign nationals visiting our site and need to know the proper procedure for reporting that information, where can I find it?

Access the Foreign visit Brochure. You can also email us for specific guidance.

I have just been notified that our company is being acquired by another company. Please ensure the change of ownership is reported within 15 days of the close of the acquisition.

The change condition package shall include the purchase agreement/Member Interest transfer, an updated operating agreement, updated legal organization chart, exclusion resolutions (as applicable) as well as any additional business documentation to support subsequent changes to the facility post acquisition. If there is any foreign ownership associated with the acquiring company, please provide immediate notice so that we can begin the FOCI action plan prior to the close of the acquisition.

Where and when will the CI SVTC, around the country?

Monthly briefings will take place on the second Thursday of each month, with locations remaining unchanged unless there are IT issues. Themes are subject to change, and attendees are requested 30 days before the event. A registration page will be sent listing venues hosting the SVTC.

What guidance can I provide to an employee who has involvement with marijuana/CBD?

Please continue to monitor the DCSA website for updated information. The following FAQ is the current guidance: "Are contractors in states that have enacted laws authorizing the medical use of marijuana, or in states that have enacted laws authorizing the use, possession, production, processing and distribution of marijuana, required to report use, possession, production, processing, or distribution of marijuana by cleared contractor personnel? YES, any of these activities must be reported as adverse information in accordance with NISPOM paragraph 1-302.a." The same guidance applies for CBD.

Do I have to change all the past DD Form 254s to reflect NASESOC as the Cognizant Security Office?

No. However, all new DD Form 254s must reflect NAESOC as the Cognizant Security Office.

How do I verify a facility’s clearance level?

You will need to request the FCV Industry role in NISS to have ability to verify FCLs. You will then be able to verify that FCL within NISS.

How can I learn about CUI?

Resources for Controlled Unclassified Information (CUI) have been published. You can find those here.

What about CMMC?

Answer on the Cybersecurity Maturity Model Certification (CMMC) can be found on the DCSA website at: Controlled Unclassified Information.

What is National Access Elsewhere Security Oversight Center (NAESOC)?

The National Access Elsewhere Security Oversight Center (NAESOC) is a centralized office providing consolidated and consistent oversight and security management for select access elsewhere companies in the National Industrial Security Program (NISP). This office handles communications, guidance, and education for its assigned facilities and associated Government Partners. The relationships and partnerships created by the new oversight center optimize communications, threat reporting, and vulnerability identification and mitigation.

What are the advantages/disadvantages of being assigned?

The NAESOC offers many advantages for an Access Elsewhere facility. It is a centralized office, providing consistent oversight and security management for select facilities who do not possess classified information on-site. Advantages:

  • Coordinating: Communications, guidance, and education to facilities and government partners.
  • Providing: Continuous outreach, consistent direction.
  • Creating: Improved communications, threat reporting, and vulnerability identification and mitigation.

Some may consider it a disadvantage they are no longer assigned to an ISR within a local Field Office. DCSA discovered that formerly, most AE facilities had not received effective risk prioritization because of capacity limits on that relationship. The lack of interaction with government security oversight resulted in an unidentified vulnerability factor. The NAESOC reviews risk in a non-traditional way of doing business with a tiered response approach. Being assigned to a risk team ensures that your issues are addressed soonest by the correct expert.

Will I be notified that my facility is assigned to the NAESOC?

Yes. If your facility is assigned to the NAESOC, your Facility Security Officer (FSO) will be notified by an automated notification from National Industrial Security System (NISS). In addition, the NAESOC will send a “Welcome Letter” via email to the FSO.

Can I be reassigned to my former Field Office?

If necessary. Assignment to the NAESOC is based on many factors, including risk criteria. If specific thresholds are exceeded, your facility will be considered for assignment to a local field office.

Where can I find a list of Mandatory Annual Training Briefings that all cleared employees must complete regardless of clearance level or contract?

32 CFR section 117.12 Security Training and Briefings

I am already involved in my local industrial security council. How will being in the NAESOC affect that?

The NAESOC supports and attends local security councils. Please stay involved locally and feel free to ask for opportunities for the NAESOC to provide presentations and support for those meetings. The procedures to ask for the NAESOC to present can be found on our website.

The National Industrial Security System (NISS) External User Training is now available in STEPP. Log into STEPP to view this course.

Training job aids are available for Industry and Government users within the NISS application’s Knowledge Base. Examples include: How to Submit a Sponsorship Request, How to Submit a Facility Verification Request, How to Message my ISR, and Facility Profile Update Request. Please note, this is not an all-encompassing list of training products.

Is Your NISS Profile Accurate?

The Industrial Facility Profile Updates Feature in NISS provides Industry with the ability to update information formerly collected using the paper Request for Information (RFI) and eliminates the need to complete the RFI form. The job aid for Industrial Facility Profile Updates can be found in the NISS Knowledge Base under "Facility Profile Update Request - Full Operational Capability." Log in here.

How do I request a NISS account?

Click here to be redirected to the DCSA NISS page: Registering for a NISS account

Who should I contact if I cannot get a NISS account due to an unassigned Industrial Security Representative (ISR)?

Contact the NAESOC Knowledge Center for support: phone 888-282-7682 (Option 7), or email DCSA.NAESOC.GeneralMailbox@mail.mil

How do I send a message in NISS?

Within the NISS dashboard view, NISS Training Repository, go to External Resources and look for topic area “Messaging in NISS – Industry.” If you need further instructions please email us.

How do I report Change Conditions affecting the Facility Clearance?

Within the NISS dashboard view, NISS Training Repository, go to External Resources and look for topic area “Reporting a Change of Condition.” If you need further instructions please email us.

I have a draft Change Condition package that has not been reviewed, why am I not able to open another Change Condition package to send to you?

NISS only allows one Change Condition package opened at any given time. If a draft package exists, archive the package and start a new Change Condition package. Check out the DCSA DISS Information Page for general DISS training and issues.

Who can answer my DISS Questions?

DISS serves as the enterprise-wide solution for personnel security, suitability, and credentialing management for DoD military, civilian, and contractors. Support and all of the latest information can be found HERE. Please check out their wide-ranging list of FAQs.

How do I get a DISS account?

Click DISS Account Request to be redirected to the DISS Resources page where you can find the “access request” tab.

Who determines the access authorizations for DISS?

A minimum of interim secret eligibility is required to access DISS. Account Managers within each Component/Agency/Company will determine the specific DISS customer user base and assign user roles based on Component/Agency/Company guidance and responsibilities.

What is the Help Desk number for DISS?

If you need assistance, contact the Customer Engagements Team (CET), from 6 am – 6 pm Eastern Time. The CET team provides support for DISS, DCII, and SWFT systems. Telephone: 724-794-7765 Email: dcsa.ncr.nbis.mbx.contact-center@mail.mil

An Effective Insider Threat Program Includes:

  • An insider threat program plan endorsed by the Insider Threat Program Senior Official (ITPSO) (32 CFR Section 117.7(b)(4))  

  • Formal appointment by the contractor of an ITPSO who is a U.S. citizen employee and a senior official of the company (32 CFR Section 117.7(b)(1)(iii)). 

  • Contractor reviews, certified annually (32 CFR Section 117.7(h)(2)) 

  • Reporting (32 CFR Section 117.8). 

  • Insider threat training (32 CFR Section 117.12 (g)) 

  • User activity monitoring on classified information systems (as required) (32 CFR Section 117.18 (b)(4)(i). 

  • Risk Management Framework (RMF) (as required)  (32 CFR Section 117.18 (e)

Tools You Can Use:

  • CDSE recently released the 2023 Insider Threat Vigilance Campaign job aid. The job aid promotes a different vigilance theme each month. CDSE will provide awareness materials relevant to each monthly theme to be shared with your workforce. Use the job aid to jump-start your 2023 annual vigilance campaign or tailor it to your organization using resources from our Insider Threat Toolkit Vigilance Tab located at https://www.cdse.edu/Training/Toolkits/Insider-Threat-Toolkit/#vigilance

  • Insider Threat Program (ITP) for Industry.  This job aid provides an overview of the insider threat program requirements for industry as outlined in the NISPOM, training, definitions, resources, and more.

  • Sample Insider Threat Program Plan for Industry. This sample plan provides recommendations for creating an InT program and can be tailored around your organization’s specific rules and guidelines.

  • Establishing a Program Toolkit. This toolkit provides information on how to establish an InT Program and procedures for responding to an InT action.

  • Insider Threat Reporting Job Aid. This job aid explains the reporting requirements and procedures for Federal agency employees and cleared contractors, and the consequences of failing to meet these guidelines.

  • Insider Threat and Industry Webinar. This webinar addresses the requirements for establishing an InT program, which includes developing an implementation plan to gather, share, and report relevant InT information from offices across the contractor’s organization. 

  • Establishing an Insider Threat Program for Your Organization INT122.16 (cdse.edu). CDSE’s course provides guidance for organizational InT program managers on how to organize and design their specific program.

  • Insider Threat Definitions Job Aid. This job aid acts as a quick reference glossary of commonly used words within the InT space in an easily accessible format for InT professionals.

Bonus Material to Support Your Insider Threat Program:

  • INSIDER THREAT WEBEX. In order to identify the risks and mitigations regarding Insider Threat for Access Elsewhere facilities, the NAESOC has specifically prepared this webex for the requirements of the non-possesing facility.

  • You can find additional information on Insider Threat reporting on the new Counterintelligence Awareness and Reporting for NAESOC Facilities webex

  • CHECK OUT INSIDER THREAT CASE STUDIES

  • CDSE has added a new case study to the case study library:

    • Ahmedelhadi Serageldin – A case of an insider’s mishandling of classified information

    • Russel Langford – A case study of an insider’s kinetic violence