32 Code of Federal Regulation Part 117, NISPOM
On February 24, 2021, 32 CFR Part 117, “National Industrial Security Program Operating Manual (NISPOM)” became effective as a federal rule. Referred to as the “NISPOM rule,” it provides the contractor no more than six months from this effective date to comply with the requirements stipulated therein. The NISPOM rule replaces the NISPOM previously issued as a DOD policy (DOD 5220.22-M), which will be cancelled shortly after the allotted six-month implementation period ends. Until then, DOD 5220.22-M will remain in effect.
The rule implements policy, assigns responsibilities, establishes requirements, and provides procedures consistent with Executive Order 12829, “National Industrial Security Program;” Executive Order 10865, “Safeguarding Classified Information within Industry;” and 32 Code of Regulation Part 2004,“National Industrial Security Program.” That guidance outlines the protection of classified information that is disclosed to, or developed by, contractors of the U.S. Government.
To assist cleared industry in better understanding what is required for compliance, DCSA worked with the Center for Development of Security Excellence (CDSE) to develop a cross reference tool. The tool provides users the ability to select a link in the familiar NISPOM table of contents and takes them to the corresponding section of the NISPOM rule. It serves as a deskside aid enabling the transition from the DOD manual format to a federal rule format. The tool is found at https://www.cdse.edu/documents/toolkits-Fsos/32CFR_Part117_NISPOM_Rule_Cross_Reference_Tool.xlsx.