The National Industrial Security Program Operating Manual (NISPOM) establishes the standard procedures and requirements for all government contractors regarding classified information. It covers the entire field of government-industrial security-related matters. The NISPOM came from DoD 5220.22-M “National Industry Security Program Operating Manual (NISPOM)” but has been replaced by 32 Federal Regulation Part 117.” The website below links to the most updated NISP information.
Main NISPOM References
Purpose of the NISPOM
The purpose of the NISPOM is to establish requirements for protecting classified information disclosed to or developed by contractors, licensees, grantees, or certificate holders to prevent unauthorized disclosure.
The 32 Code of Federal Regulations Part 117, National Industrial Security Program Operating Manual,” provides relevant information on oversight of the NISP. The 32 CFR Part 117 or NISPOM Rule replaced the NISPOM previously issued as a DOD policy (DOD 5220.22-M) on Feb. 24, 2021.
What is the National Industrial Security Program (NISP)
The National Industrial Security Program (NISP) was established by Executive Order 12829 in 1993 to ensure that the cleared U.S. defense industry safeguards the classified information in their possession while working on contracts, programs, bids, or research and development efforts. The Defense Counterintelligence Security Agency (DCSA) administers the NISP on behalf of the Department of Defense and 33 other federal agencies.
10 Key Takeaways about the National Industrial Security Program Operating Manual (NISPOM)
The National Industrial Security Program Operating Manual (NISPOM) is a crucial document that provides guidelines and requirements for protecting classified information in the U.S. defense industry. Here are some key takeaways about the NISPOM:
- Purpose: The NISPOM serves as a standard set of security requirements for contractors and organizations that handle classified information on behalf of the U.S. government.
- Scope: The NISPOM applies to all government contractors, subcontractors, and other entities involved in classified contracts or programs, including both cleared defense contractors and non-defense contractors.
- Security Clearances: The NISPOM outlines the procedures and criteria for obtaining and maintaining personnel security clearances necessary for accessing classified information.
- Security Measures: It provides detailed requirements for implementing security measures such as physical security, information systems security, visitor control, classified document control, and personnel security.
- Reporting Requirements: The NISPOM mandates reporting incidents and suspicious activities related to security breaches, compromises, or potential threats to classified information.
- Insider Threat Program: It emphasizes establishing an effective insider threat program, which includes identifying and mitigating risks posed by employees with authorized access to classified information.
- Foreign Ownership, Control, or Influence (FOCI): The NISPOM provides guidelines for managing situations where foreign entities have ownership, control, or influence over cleared defense contractors, ensuring protection against unauthorized access to classified information.
- Security Education and Training: It highlights the importance of regular security education and training programs for employees with access to classified information, promoting awareness and compliance.
- Compliance and Inspections: The NISPOM establishes the Defense Counterintelligence and Security Agency (DCSA) as the agency responsible for oversight, inspections, and compliance enforcement of the NISPOM requirements.
- Changes and Updates: The NISPOM is subject to periodic updates and revisions, so organizations must stay informed and ensure ongoing compliance with the latest version.
Understanding the NISPOM and adhering to its requirements is essential for contractors and organizations involved in classified government projects. Compliance with the NISPOM helps protect national security, safeguard classified information, and maintain the integrity of the defense industry.
NISPOM Table of Content
117.3: Acronyms and Definitions
117.5: Information Collection
117.8: Report Elements
117.9: Entity eligibility determination to access classified information
117.10: Determination of Eligibility for Access to Classified for Contractor Employees
117.11: Foreign Ownership, Control, or Influence (FOCI)
117.12: Security Training and Briefing
117.14: Marking Requirements
117.15: Safeguarding Classified Information
117.16: Visits and Meetings
117.18: Information System Security
117.19: International Security Requirements
117.20: Critical Nuclear Weapon Design Information
117.22: DHS CCIPP
117.23: Supplement to the Rule
117.24: Cognizant Security Office Information
What’s the difference between the National Institute of Standards and Technology (NIST) and the National Industrial Security Program Operating Manual (NISPOM)?
NISPOM’s standards are more general, while NIST’s are more specific and relevant to current needs. As a result, the rules are more up-to-date, clear, and consistent.
What does the National Industrial Security Program (NISP) aim to achieve?
Executive Order 12829 created the National Industrial Security Program (NISP) to ensure that the cleared U.S. defense sector protects the classified information in their care when working on contracts, programs, bids, or R&D projects.
AcqLinks and References
- Website: 32 Code of Federal Regulations Part 117 “National Industrial Security Program Operating Manual”
- (Replaced) DoD 5220.22-M “National Industrial Security Program Operating Manual (NISPOM)” – 18 May 2016
- General Principles of NISPOM Compliance for Cleared Contractors
- DD Form 441 “DoD Security Agreement” – May 2008
- Article: Federal Registry NISPOM – 20 Dec 2020
- Website: Defense Counterintelligence and Security Agency “National Industrial Security Program (NISP)”