News | Aug. 16, 2021

DCSA’S Security Review and Rating Process

On behalf of the Secretary of Defense, DCSA provides oversight to approximately 10,000 cleared U.S. companies under the National Industrial Security Program (NISP), ensuring that sensitive and classified information, technologies, and material are properly protected. To do this, DCSA conducts security reviews of cleared contractors through an established security review and rating process. Beginning September 1, DCSA will begin implementing refinements to this process.

The refined security review approach incorporates best practices from previous security review models to verify compliance with the NISP Operating Manual (NISPOM), while identifying risks posed throughout classified contract performance. DCSA personnel will review internal processes with contractor personnel throughout classified contract deliverable lifecycles to assess NISPOM compliance, determine measures in place to counter potential threats, identify vulnerabilities and administrative findings, and advise the contractor on how to achieve and maintain an effective security program. DCSA will continue to provide a formal security rating (superior, commendable, satisfactory, marginal, or unsatisfactory) at the conclusion of the security review that reflects the contractor’s effectiveness in protecting classified information.

DCSA’s security rating model is a criteria-based system that aligns processes, terms, definitions, and minimum requirements to DoD and National-level policy. This compliance-first model uses a whole-company approach based on a corporate culture of security, including management support, employee awareness, and cooperation within the security community.

For more information, check out the Center for Development of Security Excellence (CDSE) webinar, Understanding the DCSA Security Review and Rating Process. DCSA will host a follow-up webinar in late August to introduce the criteria used during the security rating process.  More information to follow.