New directives regarding cleared contractors and NISPOM compliance are pending. These directives are driven by Executive Order 13587 — Structural Reforms to Improve the Security of Classified Networks and Responsible Sharing and Safeguarding of Classified Information issued in October 2011. NISPOM Conforming Change 2 (CC#2) and an Industrial Security Letter (ISL) with guidance for implementing CC#2 are undergoing legal sufficiency review within the Department of Defense (DoD). The official release of these additional requirements to the National Industrial Security Program is anticipated immediately upon completion of the DoD legal sufficiency review and approval process.
Squadron Defense Group (SDG) has been at the forefront of these undertakings providing keen insight and direct written inputs as a key participant to the policy development team at the DoD Security Policy and Oversight Division and Defense Security Service.
Cleared defense contractors are required to have a written insider threat program in place ready to begin implementation within six months of the issuance of CC#2. The complexity and burden of 1), the establishment of an insider threat program plan and 2), the implementation of an insider threat program varies greatly between the national industrial base contractors.
SDG has developed a suite of deliverables and procedures prepared to meet forthcoming requirements identified in NISPOM Conforming Change 2 and the associated DSS Industrial Security Letter.
- Insider Threat Program Plan: Squadron Defense Group crafts a comprehensive Insider Threat Program Plan that details procedures to gather, integrate, and report relevant information that may indicate a potential insider threat. Each plan is tailored for individual contractor requirements and operating structure consistent with compliancy requirements.
- Insider Threat Implementation Plan: Squadron Defense Group establishes a concise timeline for implementation. The Insider Threat Implementation Plan addresses Insider Threat personnel identification by role, training requirements, reporting requirements, and production of required documentation for an Insider Threat Awareness Program.
- Insider Threat Program Senior Official: Squadron Defense Group can assist in the selection and training of the most appropriate individual to perform the duties of Insider Threat Program Senior Official. Additionally, Squadron Defense Group has the subject matter expertise in counterintelligence to continually advise the Insider Threat Program Senior Official and assist with analysis and integration.
- Insider Threat Training: Squadron Defense Group can assist in providing the respective training for Insider Threat personnel and cleared employees. This training is compliant with Conforming Change 2 and can be delivered in a variety of formats.
- Records Management: Squadron Defense Group assists in maintaining Insider Threat records. Squadron Defense Group has devised an insider threat records management system that complies with forthcoming DoD and DSS guidance.