Policy News/Archives

06/11/2013 Notice regarding contractor inadvertent exposure to classified information in the public domain.

DSS releases notice to Contractors cleared under the National Industrial Security Program regarding inadvertent exposure to potentially classified information in the public domain.  Click here to read the notice... Read more

06/11/2013 DSS release of ISL 2013-04 "Overseas Private Investment Corporation (OPIC)"
DSS releases ISL 2013-04, updating the list of Federal agencies that have entered into an agreement with DoD for Industrial Security services. Click HERE to view ISL 2013-04.
05/22/2013 Use of Drop Boxes for Classified Overnight Delivery Prohibited
NISPOM 5-403e authorizes the use of commercial delivery companies approved by the CSA that provide nationwide, overnight service with computer tracking and reporting features for overnight transmission of SECRET and CONFIDENTIAL material.

As indicated in Industrial Security Letter (ISL) 2006-02, Article 18, "General Services Administration Carriers for Overnight Delivery of SECRET and CONFIDENTIAL Classified Information," the use of drop boxes is prohibited.
04/15/2013 Director of National Intelligence Issues New Security Clearance Guidance
On April 5, 2013, the Director of National Intelligence James R. Clapper issued new security clearance guidance containing revised instructions for completing Question 21 of the SF 86, "Questionnaire for National Security Positions." The guidance, which was issued on an interim basis pending formal revision of the policy, addresses sexual assault and the seeking of mental health counseling, and applies to all executive branch departments and agencies. More information on the guidance can be found here.
04/03/2013 DoD Releases Change 1 to DoD 5220.22-M, "National Industrial Security Program Operating Manual (NISPOM)
On March 28, 2013, the Department of Defense approved Change 1 to DoD 5220.22-M, "National Industrial Security Program Operating Manual." The change includes the addition of the Office of Personnel Management (OPM) as a NISP signatory, recognizes the Director of National Intelligence (DNI) as a Cognizant Security Agency (CSA) vice the Central Intelligence Agency (CIA), it incorporates National Policy for derivative classification and marking requirements, and incorporates US-UK Treaty provisions for the Transfers of Defense Articles to the United Kingdom without a License or Other Written Authorization. The implementation of changes to this Manual by contractors shall be effected no later than 6 months from the date of the published change, with the exception of changes related to US-UK Treaty Requirements in Chapter 10, Section 8 of this Manual, which must be implemented immediately.
Change 1 to DoD 5220.22-M can be found at: http://www.dtic.mil/whs/directives/corres/pdf/522022m.pdf
A Summary of Changes can be found at: http://www.dtic.mil/whs/directives/corres/pdf/522022m_summaryofchanges.pdf
03/25/2013 DSS releases ISL 2013-03, Transfers of Defense Articles to Australia without a License or Other Written Authorization
This Industrial Security Letter (ISL) promulgates updated guidance for information and interpretation of existing paragraphs in Chapters 4 and 10 of the National Industrial Security Program Operating Manual (NISPOM) based on the requirements of that Treaty, for exports and transfers of Defense Articles to Australia. This guidance is effective upon entry into force of the Treaty.
A Rule document will be published in the Federal Register announcing the effective date.
Click here to view ISL 2013-03.
02/27/2013 Mandatory Training for JPAS Industry Users
The Defense Manpower Data Center (DMDC) has posted guidance for mandatory Cyber Awareness Challenge and Personal Identifiable Information (PII) training. Specific guidance on the training can be found on the DMDC JPAS website in the JPAS Policy Changes document and in the JPAS Account Management Policy, paragraph 4.1.3.
02/08/2013 DSS releases ISL 2013-01, Facility Clearance (FCL) Eligibility Requirements (NISPOM 2-102b)
DSS releases ISL 2013-01, to address FCL eligibility for American Indian/Alaska Native tribal entities or those entities that are organized and existing under the laws of any of the tribes recognized by the Assistant Secretary – Indian Affairs, U.S. Department of the Interior.  The ISL further addresses FCL processing for federally-chartered tribal corporations formed under Section 17 of the Indian Reorganization Act (25 U.S.C. § 477) and companies chartered under the laws of a U.S. state, the District of Columbia, or an organized U.S. territory and owned in whole or part by Indian tribes. View ISL 2013-01.
10/19/2012 Information Security Oversight Office (ISOO) Notice 2012-04, "Additional Guidance on Standards for Security Equipment”
ISOO Notice 2012-04 provides additional guidance to the Federal government on the safeguarding of classified national security information in General Services Administration approved security containers and addresses the procurement of GSA-approved security containers. Cleared contractors under the National Industrial Security Program should be aware of the information outlined in the ISOO notice when purchasing GSA-approved security containers and are reminded that in accordance with NISPOM Chapter 5 that containers used for the safeguarding of classified material shall be GSA-approved.
For further assistance regarding these requirements for cleared contractors, contact Policy_HQ@dss.mil.
Contact isoo@nara.gov with questions regarding the ISOO Notice 2012-04.
07/20/2012 DSS Industrial Policy provides answers to FAQs regarding NATO Annual Refresher briefings.
05/22/2012 STATUS OF National Industrial Security Program Operating Manual (NISPOM) REVISION: DoD is continuing informal coordination with the National
Industrial Security Program Policy Advisory (NISPPAC) on revisions to the NISPOM, DoD Manual 5220.22-M guidance to cleared contractors.

Once the informal NISPPAC coordination is completed, DoD must:

  1. Conduct DoD formal coordination of the revised draft;
  2. Gain concurrence of the other 3 CSAs (Department of Energy, Nuclear
    Regulatory Commission and Office of the Director of National Intelligence);
  3. Consult with the 24 non-DoD agencies for which DoD provides industrial services;
  4. Post the NISPOM draft in the Federal Register for public comment; and
  5. Promulgate the revised NISPOM."
05/17/2012 DSS Releases ISL 2012-03 FSO Training (NISPOM 3-102)
DSS releases ISL 2012-03, which aligns the FSO training requirements with the recently updated FSO training curricula being delivered by the DSS Center for Development of Security Excellence. This ISL provides clarification on the FSO orientation and FSO Program Management Course requirements referenced in the NISPOM, and rescinds previously published guidance. Click here to view ISL 2012-03.
05/03/2012 Information Security Oversight Office (ISOO) Notice 2012-03, "Additional Guidance on Supplemental Controls Required for Safeguarding Classified National Security Information."
PDF ISOO Notice 2012-03 provides guidance on the requirements for intrusion detection systems (IDS) used to safeguard classified national security information as outlined in 32 CFR 2001.43(b). This guidance does not currently apply to cleared contractors. Cleared contractors must continue following the IDS requirements outlined in National Industrial Security Program Operating Manual paragraph 5-900.

Contact isoo@nara.gov with questions regarding the ISOO Notice 2012-03.

For further assistance regarding IDS requirements for cleared contractors, contact Policy_HQ@dss.mil.
05/02/2012 USD(I) reissues DoD 5100.76-M, "DoD Physical Security of Sensitive Conventional Arms, Ammunition, and Explosives (AA&E) Manual"
On April 17, 2012, the Under Secretary of Defense for Intelligence (USD(I)) reissued DoD 5100.76-M, "DoD Physical Security of Sensitive Conventional Arms, Ammunition, and Explosives (AA&E)" PDF This manual supersedes the DoD 5100.76-M manual, dated August 12, 2000.
04/25/2012 The guidance found within ISL 2012-02 is now in effect.
On April 13, 2012, Department of State announced the official enforcement of the United States (US) and the United Kingdom (UK) Defense Trade Control Treaty.  This enforcement implements the guidance of ISL 2012-02, as of April 13, 2012.  Please click here for additional information.
02/23/2012 DSS Releases ISL 2012-01
This ISL amends the list of federal agencies that DoD has entered into agreements with for industrial security services. Please PDF click here to obtain additional information.
11/14/2011 Attention All Users
September 14, 2011, the Deputy Secretary of Defense released the "Improving Implementation of Policy Guidance for Foreign Ownership, Control, or Influence (FOCI)" memorandum. This is an internal memorandum that directs actions by the heads of the Military Departments, Defense Agencies and other DoD Components. It does not direct actions by our Industry partners.
05/02/2011 DSS releases ISL 2011-02
This ISL provides guidance regarding Puerto Rico birth certificates as acceptable proof of citizenship when issued on or after, July 1, 2010. This ISL also clarifies when COMSEC material is considered "proscribed"
information. Please PDF click here to obtain additional information.
02/11/2011 DSS provides notice to contractors cleared under the National Industrial Security Program (NISP) regarding protecting classified information and the integrity of government data on cleared contractor information technology (IT) systems. The widespread distribution of the documents posted on WikiLeaks has prompted the requirement to use other than normal spill procedures, as identified in this notice:
In light of the damage caused to our national security by the unauthorized disclosure of U.S. Government documents by WikiLeaks, the Acting Undersecretary of Defense (Intelligence) directed the Defense Security Service to notify cleared companies of their obligations to protect classified information and to follow established and authorized procedures for accessing classified information. This notice reiterates basic, existing obligations and principles governing the protection of classified information for contractors cleared under the NISP. PDF Click here to view the notice.
01/24/2011 DSS Guidance to Industry Reference USCYBERCOM Communications Tasking Order (CTO) 10-133, "Protection of Classified Information on Department of Defense (DoD) Secret Internet Protocol Router Network (SIPRnet)":
DSS understands there have been several questions regarding the issuance of the recent USCYBERCOM CTO 10-133. Please be advised this issuance applies only to contractors with whose information systems have connectivity to the SIPRNet. Additional guidance can be obtained through your local DSS ISFO/ODAA representative.
12/13/2010 DSS provides a security reminder to Industry regarding accessing publically posted classified information:
Industry is reminded that accessing or downloading classified or potentially classified information to an IT system not certified and accredited to process classified information constitutes a security violation. PDF Click here for additional information.
07/14/2008 Use of non-GSA-approved security containers NISPOM paragraph 5-303 applies to contractors the provision of Classified National Security Information Directive No. 1 which prohibits the use of non-GSA-approved security containers for the storage of classified material effective October 1, 2012. The Department of Defense will not waive the requirement to terminate the use of non-GSA approved security containers for the storage of classified information. PDF More guidance is available here.
12/08/2008 Reminder from Defense Security Service - NISPOM Requirement to Check for Malicious Code On Nov. 15, 2008, the Commander, U.S. Strategic Command released the message, SUBJ: Suspension of Removable Flash Media (FOUO). DSS has received questions from cleared contractors on whether the message applies to them. The order to suspend the use of removable flash media applies to DoD networks and computer systems only. The message does not apply to contractor systems. Cleared contractors are reminded that their classified security programs are governed by the National Industrial Security Program Operating Manual (NISPOM).

NISPOM paragraph 8-305 requires that all Information Systems (IS), regardless of their operating system, be protected against malicious code. NISPOM paragraph 8-101f(5) requires that the Information Systems Security Manager (ISSM) implement and maintain security features, policies, and procedures that detect and deter incidents caused by malicious code, viruses, intruders or unauthorized modifications to software or hardware.

Removable media may have embedded malicious software (malware). The NISPOM paragraph 8-302 requirement to examine all commercial hardware and software before being placed into use on the IS applies to such removable media. Software must be tested to ensure that it does not contain features detrimental to the security of the IS. All security-related software must be tested to verify that the security features function as specified. The ISSM has the responsibility to ensure that IS employs the appropriate software to check and remove viruses or other malicious code and that all files, data, or external communications are checked before being introduced into the IS.

DSS recommends that contractors increase their awareness of and vigilance against potential security and cyber threats through the application of best security practices whether at work, home, or on travel.