ARTICLE
31 May 2016

DSS Issues NISPOM Revisions Requiring Cleared Contractors to Create Inside Threat Programs

HK
Holland & Knight

Contributor

Holland & Knight logo
Holland & Knight is a global law firm with nearly 2,000 lawyers in offices throughout the world. Our attorneys provide representation in litigation, business, real estate, healthcare and governmental law. Interdisciplinary practice groups and industry-based teams provide clients with access to attorneys throughout the firm, regardless of location.
Explore Firm Details
On May 18, 2016, the Defense Security Service (DSS) issued a much anticipated Change 2 to DoD-5220.22-M, known as the National Industrial Security Program Operating Manual (NISPOM).
United States Government, Public Sector
Robert K. Tompkins
Your Author LinkedIn Connections
Robert K. Tompkins’s articles from Holland & Knight are most popular:
  • with Inhouse Counsel
  • with readers working within the Aerospace & Defence and Pharmaceuticals & BioTech industries

Robert Tompkins, Partner and James Harris, Senior Counsel are based in our Washington, D.C. office

On May 18, 2016, the Defense Security Service (DSS) issued a much anticipated Change 2 to DoD-5220.22-M, known as the National Industrial Security Program Operating Manual (NISPOM). Change 2 requires all contractors that hold facility security clearances to adopt and maintain an "Insider Threat" program that conforms to certain standards, including those outlined in Executive Order 13587 and the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs.

Among other things, the contractor's insider threat program must do the following:

  • Develop a capability to gather threat information commensurate with the contractor's size and operations, to include gathering, integrating, and reporting relevant and credible information covered by any of the 13 personnel security adjudicative guidelines indicative of a potential or actual insider threat.
  • Formally appoint a senior company official as the insider threat program senior official (ITPSO). 
  • Conduct and document annual self-inspections.
  • Report information indicative of a potential or actual insider threat that is covered by any of the 13 personnel security adjudicative guidelines.
  • Develop a system or process to identify patterns of negligence or carelessness in handing classified information.
  • Implement protection measures to monitor user activity on classified information systems in order to detect activity indicative of insider threat behavior.
  • Provide insider threat program management and awareness training to cleared employees.

Cleared contractors must have this written program plan in place to begin implementing insider threat requirements of Change 2 no later than November 30, 2016.

Holland & Knight attorneys will be reporting on these requirements at the National 8(a) conference in Anchorage next month.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Robert K. Tompkins
Robert K. Tompkins
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More