The National Industrial Security Program Operating Manual (NISPOM) establishes the standard procedures and requirements for all government contractors regarding classified information. It covers the entire field of government-industrial security-related matters. Under the NISP, the USG establishes requirements for the protection of classified information to be safeguarded in a manner equivalent to its protection within the executive branch of USG, where practicable. The NISPOM came from DoD 5220.22-M “National Industry Security Program Operating Manual (NISPOM)” but has been replaced by 32 Federal Regulation Part 117.”
Definition: The National Industrial Security Program Operating Manual (NISPOM) establishes requirements for protecting classified information disclosed to or developed by contractors, licensees, grantees, or certificate holders to prevent unauthorized disclosure.
32 Code of Federal Regulation Part 117 “National Industrial Security Program Operating Manual (NISPOM)” Regulation
The NISPOM came from DoD 5220.22-M “National Industry Security Program Operating Manual (NISPOM)” but has been replaced by 32 Federal Regulation Part 117.” On February 24, 2021, 32 CFR Part 117, “National Industrial Security Program Operating Manual (NISPOM)” became effective as a federal rule. Referred to as the “NISPOM rule,” it provides the contractor no more than six months from this effective date to comply with the requirements stipulated therein. The NISPOM rule replaces the NISPOM previously issued as a DOD policy (DOD 5220.22-M).
Main NISPOM References
The websites and documents below links to the most updated NISP information.
-
Website: 32 Code of Federal Regulations Part 117 “National Industrial Security Program Operating Manual”
-
(Replaced) Document: DoD 5220.22-M “National Industrial Security Program Operating Manual (NISPOM)” – 18 May 2016
-
Document: DoD Manual 5220.32 – Volume 1: “National Industrial Security Program: Industrial Security Procedures for Government Activities”
-
Website: Defense Counterintelligence & Security Agency “National Industrial Security Program (NISP)”
Purpose of the National Industrial Security Program Operating Manual (NISPOM)
The purpose of the NISPOM is to establish requirements for protecting classified information disclosed to or developed by contractors, licensees, grantees, or certificate holders to prevent unauthorized disclosure.
What is the National Industrial Security Program (NISP)
The National Industrial Security Program (NISP) was established by Executive Order 12829 in 1993 to ensure that the cleared U.S. defense industry safeguards the classified information in its possession while working on contracts, programs, bids, or research and development efforts. The Defense Counterintelligence Security Agency (DCSA) administers the NISP on behalf of the Department of Defense and 33 other federal agencies.
10 Key Takeaways about the National Industrial Security Program Operating Manual (NISPOM)
The National Industrial Security Program Operating Manual (NISPOM) is a crucial document that provides guidelines and requirements for protecting classified information in the U.S. defense industry. Here are some key takeaways about the NISPOM:
- Purpose: The NISPOM serves as a standard set of security requirements for contractors and organizations that handle classified information on behalf of the U.S. government.
- Scope: The NISPOM applies to all government contractors, subcontractors, and other entities involved in classified contracts or programs, including both cleared defense contractors and non-defense contractors.
- Security Clearances: The NISPOM outlines the procedures and criteria for obtaining and maintaining personnel security clearances necessary for accessing classified information.
- Security Measures: It provides detailed requirements for implementing security measures such as physical security, information systems security, visitor control, classified document control, and personnel security.
- Reporting Requirements: The NISPOM mandates reporting incidents and suspicious activities related to security breaches, compromises, or potential threats to classified information.
- Insider Threat Program: It emphasizes establishing an effective insider threat program, which includes identifying and mitigating risks posed by employees with authorized access to classified information.
- Foreign Ownership, Control, or Influence (FOCI): The NISPOM provides guidelines for managing situations where foreign entities have ownership, control, or influence over cleared defense contractors, ensuring protection against unauthorized access to classified information.
- Security Education and Training: It highlights the importance of regular security education and training programs for employees with access to classified information, promoting awareness and compliance.
- Compliance and Inspections: The NISPOM establishes the Defense Counterintelligence and Security Agency (DCSA) as the agency responsible for oversight, inspections, and compliance enforcement of the NISPOM requirements.
- Changes and Updates: The NISPOM is subject to periodic updates and revisions, so organizations must stay informed and ensure ongoing compliance with the latest version.
Understanding the NISPOM and adhering to its requirements is essential for contractors and organizations involved in classified government projects. Compliance with the NISPOM helps protect national security, safeguard classified information, and maintain the integrity of the defense industry.
NISPOM Table of Content
117.1: Purpose
117.2: Applicability
117.3: Acronyms and Definitions
117.4: Policy
117.5: Information Collection
117.6: Responsibilities
117.7: Procedures
117.8: Report Elements
117.9: Entity eligibility determination to access classified information
117.10: Determination of Eligibility for Access to Classified for Contractor Employees
117.11: Foreign Ownership, Control, or Influence (FOCI)
117.12: Security Training and Briefing
117.13: Classification
117.14: Marking Requirements
117.15: Safeguarding Classified Information
117.16: Visits and Meetings
117.17: Subcontracting
117.18: Information System Security
117.19: International Security Requirements
117.20: Critical Nuclear Weapon Design Information
117.21: COMSEC
117.22: DHS CCIPP
117.23: Supplement to the Rule
117.24: Cognizant Security Office Information
What’s the difference between the National Institute of Standards and Technology (NIST) and the National Industrial Security Program Operating Manual (NISPOM)?
NISPOM’s standards are more general, while NIST’s are more specific and relevant to current needs. As a result, the rules are more up-to-date, clear, and consistent.
What does the National Industrial Security Program (NISP) aim to achieve?
Executive Order 12829 created the National Industrial Security Program (NISP) to ensure that the cleared U.S. defense sector protects the classified information in their care when working on contracts, programs, bids, or R&D projects.
History of the National Industrial Security Program Operating Manual (NISPOM)
In April 1990, President George Bush directed the National Security Council to explore creating a single, integrated industrial security program to improve security protection and provide cost savings. Before this, contractors doing business with different U.S. Government (USG) agencies that required access to classified information had to meet other requirements to protect the same levels of classified information, e.g., the type of safe to protect a specific classified item could vary across both contracts and agencies. The diversity of industrial security requirements levied on contractors by an estimated 21 USG agencies significantly burdened industry and government. It increased the cost of the goods and services provided to the USG.
AcqLinks and References
- Website: 32 Code of Federal Regulations Part 117 “National Industrial Security Program Operating Manual”
- (Replaced) DoD 5220.22-M “National Industrial Security Program Operating Manual (NISPOM)” – 18 May 2016
- DoD Manual 5220.32 Volume 1 “National Industrial Security Program Industrial Security Procedures for Government Activities”
- General Principles of NISPOM Compliance for Cleared Contractors
- DD Form 441 “DoD Security Agreement” – May 2008
- Article: Federal Registry NISPOM – 20 Dec 2020
- Website: Defense Counterintelligence and Security Agency “National Industrial Security Program (NISP)”
Updated: 3/5/2024
Rank: G6