Reporting Requirments (Dec 2013)

advertisement
National Industrial Security Program Operating
Manual – Reporting Requirements
ISAC/NCMS CONFERENCE
December 12, 2013
Presented by Industrial Security Specialist
Christopher B. Flitcraft
National Industrial Security Program
• The National Industrial Security Program (NISP) was established in
1993 by Executive Order 12829. A major component of the NISP, is
the National Industrial Security Program Operating Manual
(NISPOM) DoD 5220.22-M. The NISPOM establishes the standard
procedures and requirements to prevent the unauthorized disclosure
of classified information.
• Defense Security Service (DSS) administers the NISP on behalf of
the DoD and 26 non-DoD federal agencies within the Executive
Branch of the federal government.
• Each company must execute a DD Form 441 – “DoD Security
Agreement,” which, among other things, states that the company will
implement the security requirements of the program before access
to classified information can occur. The DD Form 441-1
“Appendage to the DoD Security Agreement” extends the terms and
conditions of the agreement to branch offices of the contractor.
National Industrial Security Program
• Both the security agreement and the NISPOM make it clear that the
US government will periodically assess the security program of the
cleared contractor.
• The purpose of the assessment is to evaluate the effectiveness of
the cleared contractor’s security controls and to ensure they are
adequate for the protection of classified information.
• Chapter 1, Section 3 addresses the requirement for cleared industry
partners to report certain events that have an impact on the status of
the facility clearance (FCL), that impact the status of an employee’s
personnel security clearance (PCL), that affect proper safeguarding
of classified information, or that indicate classified information has
been lost or compromised.
Reporting Requirements
1-301 Reports to be Submitted to the FBI (and
DSS or other CSA)
Actual, probable or possible:
• Espionage
• Sabotage
• Terrorism
• Subversive Activities
Reporting Requirements
1-302 Reports to be Submitted to the CSA (DSS)
a.
b.
c.
d.
e.
f.
Adverse Information
Suspicious Contacts
Change in Cleared Employee Status
Citizenship by Naturalization
Employees Desiring Not to Perform on
Classified Work
Standard Form (SF) 312
Reporting Requirements
1-302 Reports to be Submitted to the CSA (DSS)
(Continued)
g. Change Conditions Affecting the Facility
Clearance
h. Changes in Storage Capability
i. Inability to Safeguard Classified Material
j. Security Equipment Vulnerabilities
k. Unauthorized Receipt of Classified Material
l. Employee Information in Compromise Cases
m. Disposition of Classified Material Terminated
From Accountability
n. Foreign Classified Contracts
Reporting Requirements
1-303 Reports of Loss, Compromise, or Suspected
Compromise
a.
b.
c.
Preliminary Inquiry
Initial Report
Final Report
Reporting Requirements
1-304 Individual Culpability Reports
Reporting Requirements
QUESTIONS?
Download