• Website: 32 Code of Federal Regulations Part 117 “National Industrial Security Program Operating Manual”

• (Replaced) Document: DoD 5220.22-M “National Industrial Security Program Operating Manual (NISPOM)” – 18 May 2016

• Website: Defense Counterintelligence & Security Agency “National Industrial Security Program (NISP)”

10 Key Takeaways about the National Industrial Security Program Operating Manual (NISPOM)

The National Industrial Security Program Operating Manual (NISPOM) is a crucial document that provides guidelines and requirements for protecting classified information in the U.S. defense industry. Here are some key takeaways about the NISPOM:

1. Purpose: The NISPOM serves as a standard set of security requirements for contractors and organizations that handle classified information on behalf of the U.S. government.
2. Scope: The NISPOM applies to all government contractors, subcontractors, and other entities involved in classified contracts or programs, including both cleared defense contractors and non-defense contractors.
3. Security Clearances: The NISPOM outlines the procedures and criteria for obtaining and maintaining personnel security clearances necessary for accessing classified information.
4. Security Measures: It provides detailed requirements for implementing security measures such as physical security, information systems security, visitor control, classified document control, and personnel security.
5. Reporting Requirements: The NISPOM mandates reporting incidents and suspicious activities related to security breaches, compromises, or potential threats to classified information.
6. Insider Threat Program: It emphasizes establishing an effective insider threat program, which includes identifying and mitigating risks posed by employees with authorized access to classified information.
7. Foreign Ownership, Control, or Influence (FOCI): The NISPOM provides guidelines for managing situations where foreign entities have ownership, control, or influence over cleared defense contractors, ensuring protection against unauthorized access to classified information.
8. Security Education and Training: It highlights the importance of regular security education and training programs for employees with access to classified information, promoting awareness and compliance.
9. Compliance and Inspections: The NISPOM establishes the Defense Counterintelligence and Security Agency (DCSA) as the agency responsible for oversight, inspections, and compliance enforcement of the NISPOM requirements.
10. Changes and Updates: The NISPOM is subject to periodic updates and revisions, so organizations must stay informed and ensure ongoing compliance with the latest version.

Understanding the NISPOM and adhering to its requirements is essential for contractors and organizations involved in classified government projects. Compliance with the NISPOM helps protect national security, safeguard classified information, and maintain the integrity of the defense industry.

What’s the difference between the National Institute of Standards and Technology (NIST) and the National Industrial Security Program Operating Manual (NISPOM)?

NISPOM’s standards are more general, while NIST’s are more specific and relevant to current needs. As a result, the rules are more up-to-date, clear, and consistent.

What does the National Industrial Security Program (NISP) aim to achieve?

Executive Order 12829 created the National Industrial Security Program (NISP) to ensure that the cleared U.S. defense sector protects the classified information in their care when working on contracts, programs, bids, or R&D projects.