National Industrial Security Program Operating Manual – Reporting Requirements ISAC/NCMS CONFERENCE December 12, 2013 Presented by Industrial Security Specialist Christopher B. Flitcraft National Industrial Security Program • The National Industrial Security Program (NISP) was established in 1993 by Executive Order 12829. A major component of the NISP, is the National Industrial Security Program Operating Manual (NISPOM) DoD 5220.22-M. The NISPOM establishes the standard procedures and requirements to prevent the unauthorized disclosure of classified information. • Defense Security Service (DSS) administers the NISP on behalf of the DoD and 26 non-DoD federal agencies within the Executive Branch of the federal government. • Each company must execute a DD Form 441 – “DoD Security Agreement,” which, among other things, states that the company will implement the security requirements of the program before access to classified information can occur. The DD Form 441-1 “Appendage to the DoD Security Agreement” extends the terms and conditions of the agreement to branch offices of the contractor. National Industrial Security Program • Both the security agreement and the NISPOM make it clear that the US government will periodically assess the security program of the cleared contractor. • The purpose of the assessment is to evaluate the effectiveness of the cleared contractor’s security controls and to ensure they are adequate for the protection of classified information. • Chapter 1, Section 3 addresses the requirement for cleared industry partners to report certain events that have an impact on the status of the facility clearance (FCL), that impact the status of an employee’s personnel security clearance (PCL), that affect proper safeguarding of classified information, or that indicate classified information has been lost or compromised. Reporting Requirements 1-301 Reports to be Submitted to the FBI (and DSS or other CSA) Actual, probable or possible: • Espionage • Sabotage • Terrorism • Subversive Activities Reporting Requirements 1-302 Reports to be Submitted to the CSA (DSS) a. b. c. d. e. f. Adverse Information Suspicious Contacts Change in Cleared Employee Status Citizenship by Naturalization Employees Desiring Not to Perform on Classified Work Standard Form (SF) 312 Reporting Requirements 1-302 Reports to be Submitted to the CSA (DSS) (Continued) g. Change Conditions Affecting the Facility Clearance h. Changes in Storage Capability i. Inability to Safeguard Classified Material j. Security Equipment Vulnerabilities k. Unauthorized Receipt of Classified Material l. Employee Information in Compromise Cases m. Disposition of Classified Material Terminated From Accountability n. Foreign Classified Contracts Reporting Requirements 1-303 Reports of Loss, Compromise, or Suspected Compromise a. b. c. Preliminary Inquiry Initial Report Final Report Reporting Requirements 1-304 Individual Culpability Reports Reporting Requirements QUESTIONS?