National Industrial Security Program (NISP)
The NISP was established by Executive Order 12829 to ensure that industry safeguards the classified information in their possession or to which they have access while performing work on contracts, programs, bids or research and development efforts. The Defense Security Service (DSS) administers the NISP on behalf of the Department of Defense as well as 24 non-DoD federal agencies within the Executive Branch. Presently, DSS has Industrial Security oversight responsibility for over 13,300 cleared companies participating in the NISP.
To have access to U.S. classified information and participate in the NISP, a company or other designated operating entity in private industry or at a college/university, must have a legitimate U.S. Government or foreign government requirement for such access. Once this requirement has been established, a company can be processed for a Facility Security Clearance (FCL). An FCL is an administrative determination that the company is eligible to access classified information at the same or lower classification category as the FCL being granted. The FCL may be granted at the Top Secret, Secret or Confidential level. When a determination has been made that a company meets the eligibility requirements for a FCL, the company must execute a Defense Security Agreement which is a legally binding document that sets forth the responsibilities of both parties and obligates the company to abide by the security requirements of the National Security Industrial Program Operating Manual (NISPOM).
National Industrial Security Oversight Responsibilities:
Once a company is cleared, DSS has oversight authority to evaluate the security operations of the organization for compliance with the NISP. The Industrial Security Representative (ISR) is the principal interface with cleared industry under the NISP. ISRs visit each cleared company to conduct periodic security reviews to determine whether effective security systems and procedures are being implemented to protect the classified information in the cleared company's possession. Security reviews identify security deficiencies, lost or compromised classified materials, and corrective actions necessary to protect U.S. classified information, personnel and technology. ISRs provide continuing advice and assistance to Facility Security Officers and to company management officials relating to implementing the NISPOM and relating to issues that potentially could otherwise impact the status of a company's FCL, such as, foreign ownership, control and influence (FOCI) factors; detection and mitigation of threats to protected DoD information, or pending changes in key management personnel. ISRs also provide oversight of Arms Ammunition and Explosives programs within certain industrial facilities. DSS addresses the full spectrum of security threats the cleared companies face, including physical, personnel, cyber, information, and operational.
Foreign Ownership, Control or Influence (FOCI). Foreign investment, consistent with U.S. national interests, plays an important role in maintaining the vitality of the U.S industrial base. FOCI security countermeasures are critical to protect against foreign intelligence collection and exploitation that can be associated with such relationships. DSS mitigation efforts include installing corporate, foreign visitor, communications and technology control plans for both classified and export controlled countermeasures. Implementing and inspecting FOCI mitigation measures reduce the risk of foreign interests gaining unauthorized access to U.S. classified or export technology information and enhances the ability of the U.S. industrial base to provide essential goods and services.
Office of the Designated Approving Authority (ODAA). DSS, through the ODAA, is also responsible for certifying, accrediting and evaluating on a continuous basis the automated information systems used by cleared companies to process classified information.
International Division. The International Division (IP-I) coordinates with foreign civilian and military organizations that represent more than 68 foreign governments who are signatories of Bilateral Security Agreements for the timely and secure international movement of both U.S. and foreign classified military technologies and defense systems. The IP-I office is the focal point within the Department of Defense (DoD) for administering the US government's responsibilities pursuant to international security agreements regarding cleared U.S. company involvement with foreign governments, foreign contractors, and NATO as the Cognizant Security Agency.
The IP-I office coordinates investigation reports of the loss or compromise and suspected loss or compromise of foreign government classified information entrusted to American companies, and acts as the point of contact for foreign security authorities when U.S. classified information received from U.S. contractors has been subject to loss or compromise and suspected loss or compromise when in the possession of foreign defense contractors.
Counterintelligence (CI): The DSS Counterintelligence (CI) Directorate identifies known or suspected collectors involved in illicit attempts to obtain U.S. classified or sensitive information (restricted/ITAR technologies) resident in U.S. cleared industrial base cleared under the auspices of the National Industrial Security Program. DSS CI Specialists work in partnership with industry, other DSS stakeholders, and the counterintelligence and law enforcement communities to: determine hostile involvement, refer CI-relevant information reported by cleared industry, identify intelligence collection trends, and provide a baseline for effective countermeasures to protect U.S. technologies and programs at risk to foreign or hostile targeting.
December 2011