July 22, 2016
2016 Industry interim Secret determinations
Effective August 1, 2016, Industry interim Secret determinations will be based on the following: Acceptable proof of citizenship, favorable review of a completed Standard Form 86, favorable review of local personnel, base, military police, medical, and security records as applicable, an appropriate investigation opened by the Investigation Service Provider, and favorable review of the Federal Bureau Investigations Criminal History Report (fingerprint report). The interim Secret determination will be processed after the Personnel Security Management Office for Industry submits the investigation request to the Office of Personnel Management and receives the fingerprint results.
July 13, 2016
The Personnel Security Management Office for Industry (PSMO-I) has posted new RRU guidance. For more information, click here.
July 7, 2016
RMF Implementation Date Extended to October. 1, 2016
DSS phased transition to Risk Management Framework (RMF) was scheduled to begin on August 1, 2016. Due to information and workload data obtained from the RMF Industry Pilot, the transition date is now October 1, 2016.
RMF is the unified information security framework for the entire federal government that is replacing the legacy Certification and Accreditation (C&A) processes within federal government departments and agencies, the Department of Defense (DOD), and the Intelligence Community (IC). After phased implementation, the use of C&A processes will cease and Assessment and Authorization (A&A) will become the "new normal" for ISSPs and DSS risk managers throughout the National Industrial Security Program (NISP).
As we work through the overhaul of the legacy C&A process, we recognize that the mechanics of RMF transition may be challenging to execute. We ask for both your flexibility and cooperation as we collectively work to manage this change without degradation of the information Assurance security procedures essential to the NISP.
Questions and issues should be addressed through your Regional Authorizing Official, formerly RDAA.
July 7, 2016
Updated security rating matrix available
DSS has updated the 2016 DSS Vulnerability Assessment Rating Matrix Vulnerabilities and NISP Enhancement Categories, to better align with Change 2 of the NISP Operating Manual (NISPOM) and Industrial Security Letter 2016-02.
Edits have been made based on revisions to NISPOM references, new contractor requirements for implementation of an Insider Threat Program, and changes to the requirements of a contractor self-review. The updated document can be found at: http://www.dss.mil/documents/facility-clearances/VulnAssm_RatingMatrix_2016Update.pdf
July 6, 2016
Personnel Security Investigation for Industry (PSI-I) Update
To stay within its budget authority for PSI-Is, DSS metered the expenditure of PSI-I funds and maintained a daily limit on the number of cases submitted to the Office of Personnel Management (OPM).
This limit caused a delay in processing industry submissions to OPM, increasing the inventory workload. DSS recently received additional funding for the PSI-I program through a reprogramming approved by Congress. With this reprogramming, DSS will continue to process all PSI-I requests and will continue to work down the inventory. As a result, industry should begin to see improved timelines. Industry should continue to submit initial requests as well as requests for periodic reinvestigations. DSS will continue to monitor the PSI-I program and its expenditures.
July 1, 2016
Industry Protected Distribution System (PDS) transition guidance
In accordance with the Committee on National Security Systems Instruction (CNSSI) 7003, dated September 2015 (available on the DSS website), cleared contractors are required to have compliant PDS by September 30, 2018.
In an effort to transition from old guidance to new, cleared contractors should work with their assigned Information Systems Security Professional (ISSP) to assess their existing PDS configuration against the CNSSI 7003 requirements. A PDS Plan of Action and Milestones (POA&M) needs to be created to document when non-compliant PDSs issues will be remediated. The POA&M must be submitted to the NISP Authorization Office (NAO) (formerly ODAA) mailbox at email@example.com by September 30, 2016. Please include your assigned Information Systems Security Professional (ISSP) and Industrial Security Representative (ISR) on the email submission.
The CNSSI 7003 also requires the approval of PDS by the DSS Authorization Official (AO) (formerly the RDAA). Effective immediately, all PDS Installation Plans/PDS Request will be submitted to the NAO Mailbox noted above. Once the plan has been reviewed and validated by the ISSP, the AO will sign and forward an approval letter to the originator. As a note, the Facility PDS Installation Plan is approved separately from the Information System Authorizations (formerly C&A process). Once approved, the PDS Installation Plan/PDS Request and approval letter would then be uploaded into OBMS for each system Unique Identifier (UID) (that uses the PDS), as a supporting artifact to a System Security Plan (SSP).
Previously approved PDSs are authorized to continue in support of Information Systems (IS). However, any PDS that is not currently compliant could affect the expiration dates of ATOs (not to exceed September 30, 2018) for new or revised information systems. Please consult with your ISSP for questions concerning PDS.
Effective immediately, all PDS self-certification authorizations are hereby withdrawn.
June 8, 2016
2016 Cogswell Awards Announced
The Defense Security Service (DSS) is pleased to announce the winners of the 2016 James S. Cogswell Outstanding Industrial Security Achievement Award. Forty-two facilities were selected for the award, presented today at the annual NCMS training seminar, in Nashville, Tenn. The entire list of winners can be seen here.
May 25, 2016
DSS Releases ISL 2016-02, "Insider Threat"
DSS releases ISL 2016-02, which provides DoD implementation guidance for NISPOM Change 2, Insider Threat Program Implementation. Click here to view ISL 2016-02.
Additional information on implementing the requirements of NISPOM Change 2 related to insider threat can be found in the Most Requested Links section on the home page of www.dss.mil.
May 19, 2016
DoD Releases Change 2 to DoD 5220.22-M, National Industrial Security Program Operating Manual (NISPOM)
On May 18, 2016, the Department of Defense approved Change 2 to DoD 5220.22-M, "National Industrial Security Program Operating Manual (NISPOM)."
The change includes requirements for contractors to implement an insider threat program consistent with national policy; adds reporting requirements for Cleared Defense Contractors (CDC) relative to cyber incidents on CDC information systems approved to process classified information and can include activities occurring on unclassified information systems; addresses alignment with Federal standards for classified information systems, incorporates and cancels Supplement 1 to the NISPOM.
• Change 2 to DoD 5220.22-M can be found here.
• A Summary of Changes can be found here.
In order to keep industry updated with new insider threat program information as it becomes available the DSS website will be updated soon to include a webpage under "Most Requested Links" for insider threat implementation information. The webpage, "Industry Insider Threat Information and Resources," will serve as a single entry point to access information, tools, training, and resources for implementing your insider threat programs.
May 11, 2016
Navigating the AOP
DSS has published the "Navigating the Affiliated Operations Plan: A Guide for Industry," which is designed to assist companies with mitigating and managing affiliated operations per the requirements of the Foreign Ownership, Control, or Influence (FOCI) mitigation agreement. Click the title to access the document.
|06/01/16||ATTENTION ALL DSS application USERS: DSS will be implementing new application certificates on Thursday, 2 June 2016 8:00 PM - 10:00 PM ET. All DSS applications will be getting new certificates to include NCAISS, ISFD, STEPP, and OBMS. Please contact the Knowledge Center for further assistance or questions (888) 282-7682 Press Option #1 .|
|04/13/16||ATTENTION NCAISS USERS: DSS is currently experiencing server latency with our NCAISS system; we are working to resolve the issue but do not have a time frame for completion. Multiple systems are impacted due to the NCAISS latency issues to include ISFD, OBMS, and STEPP.|
|02/18/16||ATTENTION ISFD USERS: On Saturday, Feb. 20, 2016, Defense Security Service will be placing Industrial Security Facilities Database (ISFD) access behind the NISP Central Access Information Security System (NCAISS) portal. Access to NCAISS, user guides and tutorials, Frequently Asked Questions, and points of contact can all be found here.|
|12/09/15||ATTENTION OBMS USERS: The auto-generation feature within OBMS for templates
is currently not working properly.(more)
Templates can be downloaded at http://www.dss.mil/isp/odaa/odaa_links.html#Downloads. Please complete the templates off-line and upload the completed documents within the "Supporting Document "section within OBMS for processing.