HomeMission AreasCritical Technology ProtectionIndustrial Security Field Operations (IO)NISP Authorization Office (NAO)NAO FAQs

Industrial Security

NAO Frequently Asked Questions (FAQ)

This page contains a collection of responses to the most commonly asked questions the National Industrial Security Program (NISP) Authorization Office (formerly known as Office of the Designated Approving Authority (ODAA)) received from industry over the past months. This is a new initiative and we will endeavor to keep this list current.

NEW! Risk Management Framework (RMF) FAQ - April 2018

Risk Management Framework (RMF) FAQ - April 2017

FAQs from 2018 NCMS Seminar (April 2018)

Asking Questions and Sending Comments

Keep in mind that these are FAQs and not a substitute for the working relationship you have with DSS personnel. Questions of a specific nature should be addressed to your local Industrial Security Representative (IS Rep) or Information Systems Security Professional (ISSP).

If you have any comments, or if you have a question about the DSS National Industrial Security Program (NISP) authorization or Risk Management Framework (RMF) process that was not answered here, feel free to send it to us by way of the ODAA Mail Box: dss.quantico.dss-hq.mbx.odaa@mail.mil. Place ”NAO FAQ” in the subject of your message and please include the title of the question in your email and your contact information.

We may not be able to answer every question, but we'll answer as many as we can. Questions that we receive repeatedly may be added to the FAQ.

If you have an addition for the FAQ, please send it. Contributions may be in any format, but we prefer Microsoft Word.


This FAQ is currently compiled and maintained by NAO, with assistance from the Industrial Security Policy branch and ISSPs throughout the United States.