NISPOM | Georgia Tech Procurement Assistance Center

Critical changes for contractors working with classified information

March 22, 2021 By Nancy Cleveland

Two significant changes are underway by the Defense Counterintelligence and Security Agency (DCSA) – both of which require the immediate attention of businesses that hold a U.S. security clearance or are in the process of applying for a clearance.

The first change is the codification of the National Industrial Security Program Operating Manual (NISPOM). As background, the NISPOM has been the key guidance for protecting classified and certain other controlled information in accordance with the National Industrial Security Program (NISP) as currently overseen by the DCSA.

Continue reading at: JD Supra

The NISPOM is becoming a regulation and contractors have six months to comply

March 15, 2021 By Nancy Cleveland

On December 21, 2020, the Department of Defense (“DoD”) published a final rule in the Federal Register that codifies the National Industrial Security Program Operating Manual (“NISPOM”) in the Code of Federal Regulations (“CFR”) at 32 CFR part 117. The rule became effective on February 24, 2021, giving contractors six months from the effective date to comply with the changes.

The NISPOM establishes various requirements and standard procedures for the protection of classified information disclosed to or developed by government contractors. It was first published in 1995 as DoD Manual 5220.22, and was intermittently updated through the years including (most recently) via Conforming Change 1 on March 28, 2013, and NISPOM Change 2 on May 21, 2016. In addition to adding the NISPOM to the CFR, the new rule will incorporate the requirements of Security Executive Agent Directive (“SEAD”) 3, “Reporting Requirements for Personnel with Access to Classified Information or Who Hold a Sensitive Position” (available here), and will implement the provisions of Section 842 of the 2019 National Defense Authorization Act (“NDAA”) (Public Law 115-232) (both of which are discussed below).

Continue reading at: Sheppard Mullin

4 things you need to know about new contractor requirements for classified networks

November 7, 2016 By Nancy Cleveland

dan-valez Over the years, I’ve sought to provide practical perspectives on the National Industrial Security Program Operating Manual from the Defense Security Service (DSS). Known as the NISPOM, the manual serves as a repository of “must do’s” for Department of Defense (DoD) contractors supporting classified programs.

Given that the protection of classified information and tech systems remains an increasingly complex and constantly evolving challenge, DSS updates NISPOM as requirements shift.

national-industrial-security-program-operating-manual-feb-2006 In May, the most recent update was issued in what was called an “Industrial Security Letter” which summarized a number of new, minimum standards referred to collectively as “Conforming Change 2.”

The letter states that contractors cleared for work involving classified information must establish and maintain a program “to detect, deter and mitigate insider threats.” The letter mandates the monitoring of user activity on classified information systems. For example, to track “activity indicative of insider threat behavior.”

User monitoring and other measures now have emerged as requirements – not recommendations – to pursue this line of business with the government.

Keep reading to see the four key changes/provisions in the “new” NISPOM, and what contractors should know about them: https://washingtontechnology.com/articles/2016/10/27/insights-velez-new-cyber-requirements.aspx

4 steps contractors should take now to prepare for new security requirements

May 22, 2015 By ei2admin

In October 2011, President Obama signed Executive Order 13587, “Structural Reforms to Improve the Security of Classified Network and the Responsible Sharing and Safeguarding of Classified Information.” The order established the Senior Information Sharing and Safeguarding Committee to develop and implement government-wide policies and minimum standards. It also created the National Insider Threat Task Force to develop a government-wide program for deterring, detecting and mitigating insider threats.

More Change on the Horizon

The National Industrial Security Program Operating Manual, known as the NISPOM, is the bible for any defense contractor supporting classified government programs. The Defense Security Service is responsible for administering the NISPOM to protect U.S. and foreign classified information and technologies held by cleared defense contractors. The NISPOM was last updated in 2013 with Conforming Change 1.

Now there is a new version on the way. Conforming Change 2, slated to be released later this year, will include updated mandates related to insider threat. But instead of waiting for these updates, facility security officers can take a number of steps now to address insider threat and stay ahead of the coming modifications.

Keep reading this article at: http://washingtontechnology.com/articles/2015/05/08/insights-velez-security-requirements.aspx

Critical changes for contractors working with classified information

The NISPOM is becoming a regulation and contractors have six months to comply

4 things you need to know about new contractor requirements for classified networks

4 steps contractors should take now to prepare for new security requirements

Contracting News

SBA scorecard shows federal government continues to prioritize small business contracting

OMB releases guidance related to small business goals

OMB issues guidance on impact of injunction on government contractor vaccine mandate

Changes coming to DOD’s Cybersecurity Maturity Model Certification under CMMC 2.0

Judge issues nationwide injunction halting enforcement of COVID-19 vaccine mandate

Contracting Tips

Contractors must update EEO poster

The risk of organizational conflicts of interest

The gap widens between COFC and GAO on late is late rule

Are verbal agreements good enough for government contractors?

CMMC 2.0 simplifies requirements but raises risks for government contractors

GTPAC News

VA direct access program events in 2022

Sandia National Laboratories seeks small business suppliers

Navy OSBP hosting DCAA overview (part 2) event Jan. 12, 2022

Navy OSBP hosting cybersecurity “ask me anything” event Dec. 16th

State of Georgia hosting supplier systems training on January 26, 2022

Georgia Tech News

Undergraduate enrollment growth reflects inclusive excellence

Georgia Tech delivers $4 billion in economic impact to the State of Georgia

Georgia Tech awards first round of seed grants to support team-based research

Georgia Tech announces inaugural Associate Vice President of Corporate Engagement

DoD funds Georgia Tech to enhance U.S. hypersonics capabilities