• DoD 5220.22-M, National Industrial Security Program Operating Manual (NISPOM), incorporating Change 2 (05/18/2016)
• Summary of Changes
• ISL Quick Reference Tool (05/26/16)

• Vulnerability Assessment Rating Matrix 2016 Update
• Instructions for Completing DD Form 254
• Self-Inspection Handbook for Contractors
• Self-Inspection Handbook for Contractors (Print edition)
• Procedural Guide for Conducting Classified Meetings
• Security Incident Job Aid
• Facility Security Clearance (FCL) Welcome Packet: A Guide for New Facilities

• DD 254: Department of Defense Contract Security Classification Specification
• DD Form 441, Department of Defense Security Agreement
• DD Form 441-1, Appendage to Security Agreement
• SF-312, Classified Information Nondisclosure Agreement
• SF-328, Certificate Pertaining to Foreign Interests
• Common Security Services Agreement
• DCSA Form 147, Open Storage Approval Checklist

• FCL Process Orientation Handbook
• Checklist for a New Facility Clearance
• eQIP and Electronic Fingerprint Guide for In-Process Facilities
• Small Business Guide Facility Clearance Process pamphlet

• GAM Appointment Letter Designating Government Administrators (GAMS) for NISP Contract Classification System (NCCS)

• Protected Distribution System (PDS) Requirements
• PDS Installation Plan Request
• Protected Distribution System Checklist

• DCSA SIPRNET CTO 10-133 Plan of Action and Milestone Template (POA&M)
• NISP SIPRNet Circuit Approval Process v2.4 (August 2016)
• Checklist for NISP contractors connecting to DoD networks regarding requirements of U.S. Cyber Command Directive 10-133

• DISA Security Technology Implementation Guides (STIGs)

• DCSA Windows Upgrade Guidance
• DCSA Assessment and Authorization Process Manual (DAAPM) Version 2.2 (Effective August 31, 2020)
• PDS Distribution System, CNSSI 7003
• JSIG Guidance for Special Access Programs (SAP)

• N/A

• How to Manage a Contamination
• Security Seals
• Test Equipment - Identifying & Resolving Security Challenges
• Administrative Inquiry Guide

• National Information System Security INFOSEC Terms (NTISSI No. 4009)
• SANS Glossary of Security Terms
• Tech Encyclopedia

Industrial Security Letters (ISLs) are issued periodically to inform cleared contractors, government contracting activities and DoD activities of developing relating to industrial security. These letters are for information and clarifications of existing policy and requirements.

2022

• ISL 2022-01 (2/14/2022)

2021

• ISL 2021-02 (8/12/2021) Please click here for the DNI Worldwide Threat Assessment (9 March 2018) referenced at the top of page 13 in ISL 2021-02

NOTICE

The Industrial Security Letters listed above are in effect as DoD cleared contractor guidance for the implementation of 32 CFR, Part 117, “NISPOM.”

The Industrial Security Letters listed below are no longer in effect due to the cancellation of DoD 5220.22-M, “NISPOM” on December 10, 2021. These ISLs are due to be officially rescinded upon approval by the OUSD(I&S).  A notice will be provided to cleared contractors under DoD cognizance when that occurs.

• ISL 2021-01 (7/12/2021)

2019

• ISL 2019-02 (5/8/2019)
• ISL 2019-01 (1/15/2019)

2017

• ISL 2017-01 (10/24/2017)

2016

• ISL 2016-02 REVISED (06/27/17)
• ISL 2016-01 (03/24/16)

2015

• ISL 2015-03 (04/30/15)
• ISL 2015-02 (04/30/15)
• ISL 2015-01 (03/12/15)

2014

• ISL 2014-03 (04/25/14)
• ISL 2014-02 (04/24/14)
• ISL 2014-01 (04/14/14)

2013

• ISL 2013-06 REVISED (12/04/13)
• ISL 2013-05 (07/02/13)
• ISL 2013-04 (06/11/13)
• ISL 2013-03 (03/20/13)
• ISL 2013-02 (03/08/13)
• ISL 2013-01 (01/17/13)

2012

• ISL 2012-04 (08/07/12)
• ISL 2012-03 (05/14/12)
• ISL 2012-02 (03/21/12) RESCINDED
• ISL 2012-01 (02/21/12)

2011

• ISL 2011-04 REVISED (07/15/20)
• ISL 2011-04 (09/23/11)
• ISL 2011-03 (05/09/11)
• ISL 2011-02 (05/02/11)
• ISL 2011-01 (01/18/11) RESCINDED

2010

• ISL 2010-02 (02/22/10) RESCINDED
• ISL 2010-01 (01/28/10)

2009

• ISL 2009-03 (11/17/09)
• ISL 2009-02 (06/06/09)
• ISL 2009-01 (03/05/09)

2007

• ISL 2007-01 (10/11/07) RESCINDED

2006

• ISL 2006-02 (08/22/06)
• ISL 2006-01 (04/14/06)

To request a NISP eMASS user account, cleared Industry must complete the following:

1. DISA eMASS Computer Based Training (CBT)

2. Cyber Awareness Challenge (CAC) Training

3. DCSA System Authorization Access Request (SAAR) Form

4. NISP eMASS User Registration (https://nisp.emass.apps.mil)

In order to ensure successful completion of all the NISP eMASS user account prerequisites, follow the guidance in the NISP eMASS User Account Request Guide. For additional information, please contact the assigned Information Systems Security Professional (ISSP) and/or the DCSA NAO eMASS Team at dcsa.quantico.dcsa.mbx.emass@mail.mil.

• NISP eMASS User Account Request Guide
• Industry SAAR Instructions
• Industry SAAR Form
• Field Office Facilities

• DCSA Windows Upgrade Guidance
• NCMS FAQ 2020
• NAO FAQ 2020
• NISP eMASS Industry Operation Guide Version 1.1
• NCMS FAQ 2019
• Article: Successful eMass Package Submission
• Transferring Systems in the NISP eMASS Job Aid

• NISP eMASS User Account Request Guide
• eMASS Computer Based Training(CBT)
• DISA Cyber Awareness Challenge (CAC) training

• Use of Windows 7 Legacy Operating System and Adobe Flash after December 31, 2020
• DCSA Windows Upgrade Guidance
• DCSA Assessment and Authorization Process Manual (DAAPM) Version 2.2 (Effective August 31, 2020)
• Summary of Changes to the DCSA Assessment and Authorization Process Manual (DAAPM) Version 2.2
• DAAPM Appendix A Security Controls Version 2.2 (Effective August 31, 2020)
• National Industrial Security Program Operating Manual
• NIST 800-53 Security & privacy Controls for Federal Information Systems and Organizations
• JSIG Guidance for Special Access Programs (SAP)
• Committee on National Security Systems Instruction (CNSSI) 1253 (March 2014)
• DoD 8510.01 Risk Management Framework for DoD Information Technology

• NCMS FAQ 2020
• NAO FAQ 2020
• NISP eWAN Job Aid (April 2019)
• NCMS 2018 Frequently Asked Questions (FAQ)
• Risk Management Framework (RMF) FAQ - April 2018
• NCMS 2017 Questions and Answers
• Risk Management Framework (RMF) FAQ - April 2017
• National Industrial Security Program Authorization Office (NAO) Homepage
• SCAP Compliance Checker & DISA STIG Viewer
• DISA STIG Viewer
• Gain Control with RMF Version 1
• Article: Successful eMASS Package Submission

• CDSE
• Introduction to the Risk Management Framework
• Getting Started with the SCAP compliance checker and STIG Viewer
• DCSA RMF Training Slides (August 2016)
• NIST - Applying the Risk Management Framework to Systems
• IASE - DoD Cybersecurity Policy
• FedVTE - Cyber Risk Management for Technicians
• DISA - eMASS/RMF (Instructor-led Courses)

• NAO Configuration Toolkit Job Aid
• SCAP Compliant Tools and Products
• ISSM Toolkit

• Contingency Plan Template
• Data Transfer Agent Authorization Form
• Government-to-Contractor ISA Template
• Hardware List
• Incident Response Plan Template
• IS Access Authorization and Briefing Form
• IS Privileged Access Authorization and Briefing Form
• Upgrade-Downgrade Procedure Record
• ISSM Appointment Letter
• Maintenance Operating System & Security Software Change Log
• Mobility System Plan Template
• POA&M
• Risk Assessment Report
• RMF Security Plan Submission and Certification Statement
• Software List

• National Interest Determination (NID) Overview PowerPoint
• Facilities Location Plan Template
• Visitation Plan
• Affiliated Services
• FOCI Collocation

• Affiliated Operations Plan Template
• Navigating the Affiliated Operations Plan: A Guide for Industry (05/11/2016)

• Sample Technology Control Plan

• Removal of Phone Log Requirement Memo
• Electronic Communications Plan Template
• Electronic Communications Plan Sample

• FCL Orientation Handbook
• Contract Security Classification Specifications (DD Form 254)

• Six Module Training Course for Outside Directors, Proxy Holders, and Voting Trustees
• Guidelines for Trustees, Proxy Holders and Outside Directors
• Qualifications for Outside Directors, Proxy Holders and Voting Trustees
• Outside Director Questionnaire Sample
• Partnering with Outside Directors & Proxy Holders to Strengthen FOCI Boards: A White Paper

Contact the DISA eMASS Help Desk:
Email: disa.global.servicedesk.mbx.ma-ticket-request@mail.mil
Commercial Phone: 1-(844)-347-2457 Options 1, 3

Contact the RMF Technical Inquiries Team at:
osd.pentagon.dod-cio.mbx.support-rmfknowledgeservice@mail.mil
The following information must be included with each help desk ticket submission:

• Contact information
• Domain: NIPR
• Errors: What type of error? What does the error say? When do you receive the error (if possible, attach a screenshot)?

Contact the DCSA NISP eMASS Mailbox:
dcsa.quantico.dcsa.mbx.emass@mail.mil

Contact the DCSA NISP eMASS Mailbox:
dcsa.quantico.dcsa.mbx.emass@mail.mil