On December 21, 2020, the Department of Defense (“DoD”) published a final rule in the Federal Register that codifies the National Industrial Security Program Operating Manual (“NISPOM”) in the Code of Federal Regulations (“CFR”) at 32 CFR part 117. The rule became effective on February 24, 2021, giving contractors six months from the effective date to comply with the changes.
The NISPOM establishes various requirements and standard procedures for the protection of classified information disclosed to or developed by government contractors. It was first published in 1995 as DoD Manual 5220.22, and was intermittently updated through the years including (most recently) via Conforming Change 1 on March 28, 2013, and NISPOM Change 2 on May 21, 2016. In addition to adding the NISPOM to the CFR, the new rule will incorporate the requirements of Security Executive Agent Directive (“SEAD”) 3, “Reporting Requirements for Personnel with Access to Classified Information or Who Hold a Sensitive Position” (available here), and will implement the provisions of Section 842 of the 2019 National Defense Authorization Act (“NDAA”) (Public Law 115-232) (both of which are discussed below).
Continue reading at: Sheppard Mullin