DCSA conducts security reviews of cleared contractors within the National Industrial Security Program (NISP) through an established security review and rating process. Beginning September 1, DCSA will begin implementing refinements to this process.
The refined security review approach incorporates best practices from previous security review models to verify compliance with the NISP Operating Manual (NISPOM), while identifying risks posed throughout classified contract performance. DCSA personnel will review internal processes with contractor personnel throughout classified contract deliverable lifecycles to assess NISPOM compliance, determine measures in place to counter potential threats, identify vulnerabilities and administrative findings, and advise the contractor on how to achieve and maintain an effective security program. DCSA will continue to provide a formal security rating (superior, commendable, satisfactory, marginal, or unsatisfactory) at the conclusion of the security review that reflects the contractor’s effectiveness in protecting classified information.
DCSA’s security rating model is a criteria-based system that aligns processes, terms, definitions, and minimum requirements to DoD and National-level policy. This compliance-first model uses a whole-company approach based on a corporate culture of security, including management support, employee awareness, and cooperation within the security community.
For more information, check out the Center for Development of Security Excellence (CDSE) webinar, Understanding the DCSA Security Review and Rating Process. DCSA will host a follow-up webinar in September to introduce the criteria used during the security rating process. More information to follow.