National Industrial Security Program Oversight

National Industrial Security Program (NISP)

The National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared U.S. defense industry safeguards the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts.

DCSA administers the NISP on behalf of the Department of Defense and 35 other federal agencies. There are approximately 12,500 contractor facilities that are cleared for access to classified information under DCSA’s security oversight responsibilities. DCSA provides field personnel, Government Contracting Activities (GCAs) and cleared contractors with timely, consistent policy guidance and to provide effective interpretation of the NISP.

NISP Signatories

The Secretary of Defense has entered agreements with the departments and agencies listed here for the purpose of rendering industrial security services.

Popular NISP Resources

For NISP guidance, please refer to the National Industrial Security Program Operating Manual (NISPOM) for additional clarification.
 
The 32 Code of Federal Regulations Part 117, National Industrial Security Program Operating Manual," provides relevant information on oversight of the NISP. The 32 CFR Part 117 or NISPOM Rule replaced the NISPOM previously issued as a DOD policy (DOD 5220.22-M) on Feb. 24, 2021.
 
View all NISP resources including industry tools.

Contractors should report adverse information coming to their attention concerning any employee who has current eligibility reflected in DISS, in accordance with NISPOM 1-302. Also refer to ISL 2011-04.

Paragraph 10-706 of the NISPOM only requires the NATO initial briefing date and the NATO debriefing date should be recorded in JPAS. The contractor should retain a verifiable record of the most recent NATO Annual Refresher Briefing.

As DCSA is required to provide the NATO initial briefing to FSOs, DCSA should also provide the NATO Annual Refresher Briefing.

NISPOM Chapter 5, Section 9 "Intrusion Detection Systems" outlines the application of IDS when required as supplemental protection. When GSA-approved security containers storing TOP SECRET classified material are located within a room that can be alarmed, the room shall be protected with an intrusion detection systems (IDS) meeting the requirements outlined in NISPOM paragraph 5-904 where the area will be compliant with UL "Extent 3" as described in UL-2050.

When the GSA-approved security container storing TOP SECRET classified material itself is to be protected (rather than being in an alarmed area) the container shall be protected with an IDS providing "Complete" protection which requires the use of alarm sensors on or within the GSA-approved security container storing classified material where IDS is used for supplemental protection. "Complete" protection consists of protection on all surfaces and contacts on each outer door or contacts on the lock and bolt mechanism of each outer door. If all of the drawers or doors of a GSA-approved container lock with a single mechanism and if none can be left unlocked or open when the mechanism is set, a single contact mounted on the control drawer or door on which the mechanism is installed is acceptable.

Alternatively, surface protection may consist of linings that comply with the Standard for Linings and Screens applied to a safe or safe cabinet that completely surround the safe. The protection shall be arranged so that an alarm will be initiated if an opening 4 inches (102 mm) in diameter or larger is made in the safe or safe door by any method of attack. To ensure compliance with the extent of protection of "complete" the UL Certified Alarm Services Companies recommends to the user the appropriate sensor type to be installed to meet UL-2050 certification requirements.

Contractors can provide advance notice to AVS by submitting a Research, Recertify, Upgrade (RRU) request via JPAS advising of the subject's return to a location where an interview can be conducted.

Contractors may maintain the entire SF-86 electronically, including signature pages with scanned signatures, as long as it is retrievable if needed and the confidentiality of the document is protected in accordance with NISPOM paragraph 2-202.b. Retained documentation should also be destroyed in accordance with NISPOM 2-202.b.

No. Paragraph 2-208 of the NISPOM describes acceptable proof of citizenship. JPAS may not be used to verify citizenship; however, the fact that an individual has a current active clearance in JPAS can be the basis for assuming that US citizenship was verified as part of the initial investigative process. Individuals who have had a break in access should be asked if there has been any change in their citizenship status since they last worked in a cleared position.

  • Initial Briefing Certificate: The contractor should retain the initial briefing certificate for an employee who has been given access to NATO classified information until the employee no longer requires access and has been debriefed.
  • Annual Refresher Briefing: The contractor should retain the current annual refresher briefing record on file until the next annual refresher briefing is completed or the employee is debriefed, whichever occurs first. This requirement applies to all levels of NATO classified information.
  • Debriefing Certificate – NATO CONFIDENTIAL and SECRET information: The contractor should retain the debriefing certificate for an employee who no longer requires access to NATO CONFIDENTIAL and NATO SECRET information for two years after the debriefing.
  • Debriefing Certificate – NATO TOP SECRET and all ATOMAL information: The contractor should retain the debriefing certificate for an employee who no longer requires access to NATO TOP SECRET and all ATOMAL information for three years after the debriefing.
  • Best Practice: For ease of record keeping, use a single form to record both the initial briefing and the debriefing.