HomeMission CentersCritical Technology Protection NAESOC

NAESOC


The National Access Elsewhere Security Oversight Center (NAESOC) is designed to provide consistent oversight and security management for select facilities who do not possess classified information on-site ("access elsewhere").

Its capabilities include:

  • Coordinating: Communications, guidance, and education to facilities and government partners.
  • Providing: Continuous outreach, consistent direction.

These result in improved communications, threat reporting, and vulnerability identification & mitigation.

Download to schedule local ISAC or NCMS speaking request


 

Download to learn more about the NAESOC



If your company is an access-elsewhere company, the following are two ways to determine if your company transferred to the NAESOC:
Check your National Industrial Security System (NISS) profile
or
Check with your Facility Security Officer (FSO)


WEBEXES
The NAESOC has recently completed webexes, informative short instructions, one specific for our Government Customers and one for NAESOC FSOs.  They can be found on the CDSE web page.

Questions & answers from 2021 DoD Virtual Security Conference
During the 2021 DoD Virtual Security Conference, the National Access Elsewhere Security Oversight Center received several questions. Posted here are the questions and answers from the NAESOC session during the conference.

NAESOC: YEAR ONE
The NAESOC has been operational since October 2019.  With nearly 3,500 facilities assigned, the National Access Elsewhere Security Oversight Center (NAESOC) continues to administer the oversight mission for access-elsewhere companies and prepares for the intake of additional companies.  It promulgates the National Industrial Security Program (NISP) by identifying and mitigating risk for selected non-possessing (access-elsewhere) facilities, those which do not have a requirement to maintain classified information at their location.  Even without classified information on site, these facilities are uniquely targeted by bad actors intending to exploit vulnerabilities in our nation’s security umbrella.

KNOW YOUR CDSE SPEAKER SERIES – NAESOC EDITION
Learn more about the NAESOC, recently it was the subject of CDSE’s “Know Your CDSE” Speaker Series.  This event provided information about the NAESOC and identified key knowledge and skills available to enhance Access Elsewhere facility security.

UNDELIVERABLE EMAILS
Emails are being returned to the NAESOC as "undeliverable" or being blocked by the receiving company's firewall.  Please ensure that your IT Department adds the following email boxes as safe: dcsa.dcsa-northern.dcsa.mbx.general-mailbox@mail.mil (Alias: DCSA.NAESOC.generalmailbox@mail.mil)

NON-POSSESSING BRANCH/DIVISION OFFICES
The NAESOC has identified non-possessing branch/division offices while conducting initial reviews of companies transferred under its purview.  Per Industrial Security Letter (ISL) 2006-02 #7, non-possessing divisions do not require a Facility Clearance (FCL), except under rare circumstances. Any non-possessing branch/division office identified by the NAESOC will receive a letter of intent to administratively terminate the FCL unless justification is received by the NAESOC within 30 days.  The NAESOC is committed to working with companies under its purview on the need for maintaining their FCL. For additional questions or concerns, please contact the NAESOC at DCSA.NAESOC.generalmailbox@mail.mil

MARCH “GETTING STARTED” SEMINAR FOR NEW FACILITY SECURITY OFFICERS

CDSE is hosting the next Getting Started Seminar for New Facility Security Officers (FSOs) beginning on March 9, 2021. This entirely virtual course is both a great way to get started as a new FSO and a way for experienced NAESOC FSOs to keep informed of policy changes, procedural changes, emerging trends, threats, concerns, etc. Attendees will work in collaboration with other security professionals, exploring security topics through practical exercises. To learn more and register today, visit the course page .

IS YOUR NISS PROFILE ACCURATE? 
The Industrial Facility Profile Updates Feature in NISS provides Industry with the ability to update information formerly collected using the paper Request for Information (RFI) and eliminates the need to complete the RFI form.  The job aid for Industrial Facility Profile Updates can be found in the NISS Knowledge Base under "Facility Profile Update Request - Full Operational Capability."  Log in today!
 

COMMON REASONS FOR FACILITY CLEARANCE PACKAGE REJECTIONS
Per Section 1-302g of the NISP Operating Manual (NISPOM), you are required to report all changes affecting your Facility Clearance (FCL), including the following:  Ownership; Legal Structure; Operating Name or Address; Key Management Personnel; Foreign Ownership, Control or Influence; Bankruptcy; or Termination of Business or Operations.  You must to use NISS to submit these changes in an FCL Change Condition package.  Below are the most common issues causing rejection of these packages.
No Supporting Documents:
•     Business documentation to support Changes to Organization (e.g. Operating Agreements, By-Laws, Merger/Acquisition Agreements)
•     FSO/Insider Threat Program Senior Official (ITPSO) Letters of Appointment to support Changes in Officers
Incomplete or outdated DD 441 and SF 328:
•     Current DD 441
•     Current SF 328
•     Completion guides can be found in the DCSA FCL Orientation Handbook.
 

COMMON INSIDER THREAT VULNERABILITIES
Insider Threat Awareness is such a vital part of your security program, please review those items that are key to you, as a NAESOC facility, in addressing your Insider Threat Program:
•     NISPOM 3-103, Insider Threat Awareness Training:  As part of your Insider Threat Program (ITP), you are required to provide training to all personnel with assigned duties related to ITP management.  Training must be completed within 30 days of those duties being assigned, and must cover topics listed under 3-103a.  Additionally, all cleared contractor personnel must be provided Insider Threat Awareness Training before being granted access to classified information, and annually thereafter.
•     NISPOM 1-202a, ITP Plan:  All cleared contractor companies must establish and maintain an ITP Plan that is endorsed by the ITPSO.  The ITP Plan must cover all applicable topics listed in Industrial Security Letter ISL 2016-02 and be tailored to your facility’s operations.
Resources:
•     Use this Sample ITP Plan and tailor it to your company’s operations.
•     You can find additional resources at CDSE Insider Threat Job Aids.
 

SECURITY VIOLATION TIPS
Facilities assigned to the NAESOC must immediately report security violations via NISS Messenger.  The DoD 5220.22-M defines a security violation as a failure to comply with the policy and procedures established by the NISPOM that reasonably could result in the loss or compromise of classified information.  Security incidents involving classified information must be appropriately reported to DCSA and investigated.
The Administrative Inquiry (AI) Process Job Aid provides instructions for conducting an AI and submitting the initial and final reports.
NAESOC must approve the use of a Public Destruction Facility (PDF) to destroy classified materials affected by a data spill.  When evaluating a PDF, ensure the destruction equipment is appropriate for the material you are destroying and is listed on the NSA/CSS Evaluated Products list, found in the NSA Media Destruction Guides.

 

How do I request a NISS account?
Click here to be redirected to the DCSA NISS page: Registering for a NISS account

Who should I contact if I cannot get a NISS account due to an unassigned Industrial Security Representative (ISR)?
Contact the NAESOC Knowledge Center for support:  phone 888-282-7682 (Option 7), or email DCSA.NAESOC.GeneralMailbox@mail.mil

How do I send a message in NISS?
Within the NISS dashboard view, NISS Training Repository, go to External Resources and look for topic area “Messaging in NISS – Industry.”  If you need further instructions please email us.

How do I update my Facility Profile in NISS?
Within the NISS dashboard view, NISS Training Repository, go to External Resources and look for topic area “Submitting a Facility Profile Update Request.”

How do I report Change Conditions affecting the Facility Clearance?
Within the NISS dashboard view, NISS Training Repository, go to External Resources and look for topic area “Reporting a Change of Condition.”  If you need further instructions please email us.

I have a draft Change Condition package that has not been reviewed, why am I not able to open another Change Condition package to send to you?
NISS only allows one Change Condition package opened at any given time.  If a draft package exists, archive the package and start a new Change Condition package.

How do I report my Security Violations?
Please submit security violation reports through the NISS Messenger Box.  If you have questions regarding writing up a security violation, click here for CDSE instructions: AI Process Job Aid.  If you have more specific questions about your violation report, please email DCSA.NAESOC.GeneralMailbox@mail.mil.