U.S. industry develops and produces the majority of our nation's defense technology - much of which is classified and thus plays a significant role in creating and protecting the information that is vital to our nation's security. The National Industrial Security Program (NISP) was established by Executive Order 12829 to ensure that cleared U.S. defense industry safeguards the classified information in their possession while performing work on contracts, programs, bids, or research and development efforts.
DSS administers the NISP on behalf of the Department of Defense and 30 other federal agencies. There are approximately 13,000 contractor facilities that are cleared for access to classified information.
To have access to U.S. classified information and participate in the NISP, a facility - a designated operating entity in private industry or at a college/university - must have a legitimate need for access to classified information in connection with a U.S. Government or foreign government requirement. Once this requirement has been established, a facility may be sponsored for a Facility Security Clearance.
In order to obtain the clearance, the contractor must execute a Defense Security Agreement which is a legally binding document that sets forth the responsibilities of both parties and obligates the contractor to abide by the security requirements of the National Industrial Security Program Operating Manual.
Once a facility is cleared, DSS has oversight authority to evaluate the security operations of the organization. The DSS Industrial Security Representative (ISR) is the principal interface with cleared industry under the NISP. These individuals, spread across the United States in four geographic regions and 48 field locations, work in a professional partnership with the contractor's facility management staff and facility security officer to ensure the protection of classified information released under contractual obligations or research and development efforts. In addition, the ISR works with government customers on facility clearance issues which may impact on the contractor's ability to perform on the classified contract. Information Systems Security Professionals (ISSPs) ensure that industry’s information systems operating within established information assurance standards to mitigate technology and cyber security risk. In fiscal year 2014, ISRs conducted over 6,500 security vulnerability assessments and DSS issued 1,301 new facility clearances.
DSS is also responsible for certifying, accrediting and evaluating on a continuous basis the automated information systems used by cleared industrial facilities to process classified information. At the end of FY14, there were over 14,000 accredited systems in industry.