NAESOC: YEAR ONE
The NAESOC has been operational since October 2019.  With nearly 3,500 facilities assigned, the National Access Elsewhere Security Oversight Center (NAESOC) continues to administer the oversight mission for access-elsewhere companies and prepares for the intake of additional companies.  It promulgates the National Industrial Security Program (NISP) by identifying and mitigating risk for selected non-possessing (access-elsewhere) facilities, those which do not have a requirement to maintain classified information at their location.  Even without classified information on site, these facilities are uniquely targeted by bad actors intending to exploit vulnerabilities in our nation’s security umbrella.

KNOW YOUR CDSE SPEAKER SERIES – NAESOC EDITION
Learn more about the NAESOC, recently it was the subject of CDSE’s “Know Your CDSE” Speaker Series.  This event provided information about the NAESOC and identified key knowledge and skills available to enhance Access Elsewhere facility security.
 

UNDELIVERABLE EMAILS
Emails are being returned to the NAESOC as "undeliverable" or being blocked by the receiving company's firewall.  Please ensure that your IT Department adds the following email boxes as safe: dcsa.dcsa-northern.dcsa.mbx.general-mailbox@mail.mil (Alias: DCSA.NAESOC.generalmailbox@mail.mil)

NON-POSSESSING BRANCH/DIVISION OFFICES
The NAESOC has identified non-possessing branch/division offices while conducting initial reviews of companies transferred under its purview.  Per Industrial Security Letter (ISL) 2006-02 #7, non-possessing divisions do not require a Facility Clearance (FCL), except under rare circumstances. Any non-possessing branch/division office identified by the NAESOC will receive a letter of intent to administratively terminate the FCL unless justification is received by the NAESOC within 30 days.  The NAESOC is committed to working with companies under its purview on the need for maintaining their FCL. For additional questions or concerns, please contact the NAESOC at DCSA.NAESOC.generalmailbox@mail.mil

IS YOUR NISS PROFILE ACCURATE? 
The Industrial Facility Profile Updates Feature in NISS provides Industry with the ability to update information formerly collected using the paper Request for Information (RFI) and eliminates the need to complete the RFI form.  The job aid for Industrial Facility Profile Updates can be found in the NISS Knowledge Base under "Facility Profile Update Request - Full Operational Capability."  Log in today!
 

COMMON REASONS FOR FACILITY CLEARANCE PACKAGE REJECTIONS
Per Section 1-302g of the NISP Operating Manual (NISPOM), you are required to report all changes affecting your Facility Clearance (FCL), including the following:  Ownership; Legal Structure; Operating Name or Address; Key Management Personnel; Foreign Ownership, Control or Influence; Bankruptcy; or Termination of Business or Operations.  You must to use NISS to submit these changes in an FCL Change Condition package.  Below are the most common issues causing rejection of these packages.
No Supporting Documents:
•     Business documentation to support Changes to Organization (e.g. Operating Agreements, By-Laws, Merger/Acquisition Agreements)
•     FSO/Insider Threat Program Senior Official (ITPSO) Letters of Appointment to support Changes in Officers
Incomplete or outdated DD 441 and SF 328:
•     Current DD 441
•     Current SF 328
•     Completion guides can be found in the DCSA FCL Orientation Handbook.
 

COMMON INSIDER THREAT VULNERABILITIES
Insider Threat Awareness is such a vital part of your security program, please review those items that are key to you, as a NAESOC facility, in addressing your Insider Threat Program:
•     NISPOM 3-103, Insider Threat Awareness Training:  As part of your Insider Threat Program (ITP), you are required to provide training to all personnel with assigned duties related to ITP management.  Training must be completed within 30 days of those duties being assigned, and must cover topics listed under 3-103a.  Additionally, all cleared contractor personnel must be provided Insider Threat Awareness Training before being granted access to classified information, and annually thereafter.
•     NISPOM 1-202a, ITP Plan:  All cleared contractor companies must establish and maintain an ITP Plan that is endorsed by the ITPSO.  The ITP Plan must cover all applicable topics listed in Industrial Security Letter ISL 2016-02 and be tailored to your facility’s operations.
Resources:
•     Use this Sample ITP Plan and tailor it to your company’s operations.
•     You can find additional resources at CDSE Insider Threat Job Aids.
 

SECURITY VIOLATION TIPS
Facilities assigned to the NAESOC must immediately report security violations via NISS Messenger.  The DoD 5220.22-M defines a security violation as a failure to comply with the policy and procedures established by the NISPOM that reasonably could result in the loss or compromise of classified information.  Security incidents involving classified information must be appropriately reported to DCSA and investigated.
The Administrative Inquiry (AI) Process Job Aid provides instructions for conducting an AI and submitting the initial and final reports.
NAESOC must approve the use of a Public Destruction Facility (PDF) to destroy classified materials affected by a data spill.  When evaluating a PDF, ensure the destruction equipment is appropriate for the material you are destroying and is listed on the NSA/CSS Evaluated Products list, found in the NSA Media Destruction Guides.