Policy News/Archives

07/20/2012	DSS Industrial Policy provides answers to FAQs regarding NATO Annual Refresher briefings.
05/22/2012	STATUS OF National Industrial Security Program Operating Manual (NISPOM) REVISION: DoD is continuing informal coordination with the National Industrial Security Program Policy Advisory (NISPPAC) on revisions to the NISPOM, DoD Manual 5220.22-M guidance to cleared contractors. Once the informal NISPPAC coordination is completed, DoD must: Conduct DoD formal coordination of the revised draft; Gain concurrence of the other 3 CSAs (Department of Energy, Nuclear Regulatory Commission and Office of the Director of National Intelligence); Consult with the 24 non-DoD agencies for which DoD provides industrial services; Post the NISPOM draft in the Federal Register for public comment; and Promulgate the revised NISPOM."
05/17/2012	DSS Releases ISL 2012-03 FSO Training (NISPOM 3-102) DSS releases ISL 2012-03, which aligns the FSO training requirements with the recently updated FSO training curricula being delivered by the DSS Center for Development of Security Excellence. This ISL provides clarification on the FSO orientation and FSO Program Management Course requirements referenced in the NISPOM, and rescinds previously published guidance. Click here to view ISL 2012-03.
05/03/2012	Information Security Oversight Office (ISOO) Notice 2012-03, "Additional Guidance on Supplemental Controls Required for Safeguarding Classified National Security Information." ISOO Notice 2012-03 provides guidance on the requirements for intrusion detection systems (IDS) used to safeguard classified national security information as outlined in 32 CFR 2001.43(b). This guidance does not currently apply to cleared contractors. Cleared contractors must continue following the IDS requirements outlined in National Industrial Security Program Operating Manual paragraph 5-900. Contact isoo@nara.gov with questions regarding the ISOO Notice 2012-03. For further assistance regarding IDS requirements for cleared contractors, contact Policy_HQ@dss.mil.
05/02/2012	USD(I) reissues DoD 5100.76-M, "DoD Physical Security of Sensitive Conventional Arms, Ammunition, and Explosives (AA&E) Manual" On April 17, 2012, the Under Secretary of Defense for Intelligence (USD(I)) reissued DoD 5100.76-M, "DoD Physical Security of Sensitive Conventional Arms, Ammunition, and Explosives (AA&E)" This manual supersedes the DoD 5100.76-M manual, dated August 12, 2000.
04/25/2012	The guidance found within ISL 2012-02 is now in effect. On April 13, 2012, Department of State announced the official enforcement of the United States (US) and the United Kingdom (UK) Defense Trade Control Treaty. This enforcement implements the guidance of ISL 2012-02, as of April 13, 2012. Please click here for additional information.
02/23/2012	DSS Releases ISL 2012-01 This ISL amends the list of federal agencies that DoD has entered into agreements with for industrial security services. Please click here to obtain additional information.
11/14/2011	Attention All Users September 14, 2011, the Deputy Secretary of Defense released the "Improving Implementation of Policy Guidance for Foreign Ownership, Control, or Influence (FOCI)" memorandum. This is an internal memorandum that directs actions by the heads of the Military Departments, Defense Agencies and other DoD Components. It does not direct actions by our Industry partners.
05/02/2011	DSS releases ISL 2011-02 This ISL provides guidance regarding Puerto Rico birth certificates as acceptable proof of citizenship when issued on or after, July 1, 2010. This ISL also clarifies when COMSEC material is considered "proscribed" information. Please click here to obtain additional information.
02/11/2011	DSS provides notice to contractors cleared under the National Industrial Security Program (NISP) regarding protecting classified information and the integrity of government data on cleared contractor information technology (IT) systems. The widespread distribution of the documents posted on WikiLeaks has prompted the requirement to use other than normal spill procedures, as identified in this notice: In light of the damage caused to our national security by the unauthorized disclosure of U.S. Government documents by WikiLeaks, the Acting Undersecretary of Defense (Intelligence) directed the Defense Security Service to notify cleared companies of their obligations to protect classified information and to follow established and authorized procedures for accessing classified information. This notice reiterates basic, existing obligations and principles governing the protection of classified information for contractors cleared under the NISP. Click here to view the notice.
01/24/2011	DSS Guidance to Industry Reference USCYBERCOM Communications Tasking Order (CTO) 10-133, "Protection of Classified Information on Department of Defense (DoD) Secret Internet Protocol Router Network (SIPRnet)": DSS understands there have been several questions regarding the issuance of the recent USCYBERCOM CTO 10-133. Please be advised this issuance applies only to contractors with whose information systems have connectivity to the SIPRNet. Additional guidance can be obtained through your local DSS ISFO/ODAA representative.
12/13/2010	DSS provides a security reminder to Industry regarding accessing publically posted classified information: Industry is reminded that accessing or downloading classified or potentially classified information to an IT system not certified and accredited to process classified information constitutes a security violation. Click here for additional information.
7/14/2008	Use of non-GSA-approved security containers NISPOM paragraph 5-303 applies to contractors the provision of Classified National Security Information Directive No. 1 which prohibits the use of non-GSA-approved security containers for the storage of classified material effective October 1, 2012. The Department of Defense will not waive the requirement to terminate the use of non-GSA approved security containers for the storage of classified information. More guidance is available here.
12/8/2008	Reminder from Defense Security Service - NISPOM Requirement to Check for Malicious Code On Nov. 15, 2008, the Commander, U.S. Strategic Command released the message, SUBJ: Suspension of Removable Flash Media (FOUO). DSS has received questions from cleared contractors on whether the message applies to them. The order to suspend the use of removable flash media applies to DoD networks and computer systems only. The message does not apply to contractor systems. Cleared contractors are reminded that their classified security programs are governed by the National Industrial Security Program Operating Manual (NISPOM). NISPOM paragraph 8-305 requires that all Information Systems (IS), regardless of their operating system, be protected against malicious code. NISPOM paragraph 8-101f(5) requires that the Information Systems Security Manager (ISSM) implement and maintain security features, policies, and procedures that detect and deter incidents caused by malicious code, viruses, intruders or unauthorized modifications to software or hardware. Removable media may have embedded malicious software (malware). The NISPOM paragraph 8-302 requirement to examine all commercial hardware and software before being placed into use on the IS applies to such removable media. Software must be tested to ensure that it does not contain features detrimental to the security of the IS. All security-related software must be tested to verify that the security features function as specified. The ISSM has the responsibility to ensure that IS employs the appropriate software to check and remove viruses or other malicious code and that all files, data, or external communications are checked before being introduced into the IS. DSS recommends that contractors increase their awareness of and vigilance against potential security and cyber threats through the application of best security practices whether at work, home, or on travel.