The DoD is moving toward the codification of the National Industrial Security Program Operating Manuel (NISPOM) with their submission to the Code of Federal Regulations. This will impact all entities with a national security program, and program managers and facility security officers (FSOs) need to be prepared in advance. Effective date is February 24.
The Security Executive Agent Directive (SEAD) 3 “Reporting Requirements for Personnel with Access to Classified Information or Who Hold a Sensitive Position” is also included with the NISPOM. The final rule “provides for a single nation-wide implementation plan which will, with this rule, include SEAD 3 reporting by all contractor cleared personnel to report specific activities that may adversely impact their continued national security eligibility, such as reporting of foreign travel and foreign contacts”
What’s the intent?
The intent of the final rule proposed by the DoD is to protect the nation’s secrets from unauthorized disclosure.
Additionally, it will prevent the need for national interest determinations (NID) for “notified DoD components and 33 non-DoD agencies” with which the DoD has industrial security agreements which fall within the provisions of Section 842 of Public Law 115-232.
What is the impact?
The American Action Forum puts the cost to affected entities for the new NISPOM protocol in the neighborhood of $150 million across the entire national industrial security sector.
The real impact will be the reporting requirements contained in SEAD 3 being incorporated into the NISPOM, which ties the cognizant security authorities role more tightly in the reporting/adjudication loop with respect to determining the adverse impact of cleared personnel’s personal actions.
For those needing a refresher, SEAD 3 explicitly calls out the need to report:
- Foreign Travel
- Foreign Contacts
- Foreign Activities
- Need to report on the activities of others which may be security or counterintelligence concern
These individual reports will, upon receipt, be reviewed and the cognizant security authority/agency will carry out an analysis of each reported activity to make a determination if that activity is a threat to the nation’s security.
Contractors have six months from February 24 to comply.