The best resource and first step is to attend the Small Business Office (SBO) bi-weekly briefing. The bi-weekly briefing is geared toward companies who have not done prior business with the NSA and provides insight into the necessary steps to market your company's capabilities. You will gain insight into the necessary steps to market your company's capabilities. You will gain knowledge about NSA's Provisional Industrial Security Approval (PISA) program, the Acquisition Resource Center (ARC), security clearance process, and business opportunities.
You may register for the bi-weekly briefing by calling 1-866-397-7866. Two representatives from each company are permitted to attend. The following information is required for registration: Company Name, Company Address, Your Name, Your Title, Social Security Number, Date of Birth, Place of Birth, Citizenship, Telephone Number, Fax Number, Email Address, Product/Service Area, Type of Business (SB, WOSB, 8(a), SDB, VOSB, SDVOSB, HZ and other), Level of Facility Clearance (if any), and contracts currently held with NSA or an NSA prime contractors (if any).
There is no charge for the bi-weekly briefing. However, early registration is strongly encouraged; seating is limited, and registration for each session closes two weeks prior to the actual meeting date.
NSA uses a variety of tools to locate small businesses to meet the procurement needs of the Agency. The most widely used market search tool at NSA is the NSA ARC Business Registry.
In addition to registering with the ARC Business Registry, please ensure your company is listed in the Central Contractor Registration (CCR). CCR is the primary database for Department of Defense and other federal government agencies. Companies must update or renew their registration annually to maintain an active status.
The National Security Agency has established the Acquisition Resource Center (ARC) to provide industry with a one-stop source for acquisition information, and to increase competition in contracting. Vendors with appropriate security clearances may visit the facility. Here potential vendors will be able to review acquisition related announcements, business forecasts, Requests for Information (RFIs) and Requests for Proposals (RFPs), as well as search on the "Business Registry" or access documents in a "Contractor Bidders Library" as these services come online. Please note viewing of RFP's is by invitation only.
Registration can be done via the Acquisition Resource Center's homepage.
No. Unfortunately, there are legal and physical barriers that prevent the ARC and CCR databases from interfacing or sharing information. However, if you have a copy of your CCR registration handy it will greatly assist in your ARC registration.
Information changes can be emailed to nsaarc@nsaarc.net . As you make your changes, please remember that you are allowed an unlimited number of POC's and up to 500 words in your capability statement. Your capability statement should focus on keywords, acronyms, Commercial Off the Shelf (COTS) products, etc. Prior or current involvement with any NSA programs or contacts should not be mentioned.
The Provisional Industrial Security Approval (PISA) program is a cooperative effort between the Office of Industrial Security and the Small Business Office (SBO) to increase the level of participation of the small business community in NSA. The emphasis of the PISA program is to sponsor companies that are currently not contracting with NSA in either a prime or subcontracting capacity.
A company must first attend the SBO bi-weekly briefing held at the ARC. All information regarding PISA will be presented at the briefing. You may register for the bi-weekly briefing by calling 1-866-397-7866. Additionally, all companies must register in the ARC business registry database. Registration can be done via the Acquisition Resource Center's homepage. Please be aware that a contract cannot be awarded to a company that is not listed in the ARC business registry.
A Sensitive Compartmented Information Facility (SCIF) is an accredited area, room, group of rooms, buildings, or installation where Sensitive Compartmented Information (SCI) may be stored, used, discussed, and/or processed.
The official management decision to permit operation of an Information System (IS) in a specified environment at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards.
Regulatory documents associated with the SCIF/WAN process can be acquired through your Contracting Officer's Representative (COR).
A contractor must be awarded a contract that stipulates the need for a SCIF to be eligible for SCIF approval and/or connectivity. Under the PISA program, a contractor will not be sponsored for a Facility Clearance (FCL), (which may lead to a SCIF sponsorship) until their company has been added to a bidders list for a classified procurement.
According to the National Industrial Security Program Operating Manual (NISPOM), the governing document of Industrial Security within the Department of Defense, "a facility clearance (FCL) is an administrative determination that a facility is eligible for access to classified information or award of a classified contract."
Each program's requirements are unique; therefore, depth of steps and timeframes will vary. However, most SCIF/WAN development will include the following:
Certification is the comprehensive evaluation of the technical an non-technical security features of an Information Systems (IS) and other safeguards, made as part of and in support of the accreditation process, to establish the extent to which a particular design and implementation meet a specified set of security requirements.
TEMPEST is a short name referring to the investigation, study, and control of compromising emanations from telecommunications and automated information systems equipment.
The Industrial Security Branch performs SCIF accreditations. Their mission is to ensure the protection of NSA classified and sensitive information, assets and facilities entrusted to industry, through a comprehensive risk analysis and implementation of counterintelligence-driven, cost effective security countermeasures; and to develop and provide procedural security guidance and regulatory oversight of industrial contractor activities.
A Contractor Sponsor, NSA Contracting Officer's Representative (COR) or NSA Program Manager, initiates the process by contacting the Office of Technical Security and Countermeasures.