NISPOM Change 2 Insider Threat Program Requirements Released

On May 18, 2016, the Department of Defense published the long anticipated Change 2 to the NISPOM. Three days later, it followed with an Industrial Security Letter that further specified the requirements for cleared contractors to “…establish and maintain an Insider Threat Program that will gather, integrate, and report relevant and available information indicative of a potential or actual insider threat.” Contractors must have a written program plan in place to begin implementing the insider threat requirements of Change 2 no later than November 30, 2016.

Squadron Defense Group has been at the forefront of these undertakings, providing insight and direct written inputs as a key participant to the policy development team at the DoD Security Policy and Oversight Division and Defense Security Service. As a result, we have designed solutions for each of the Change 2 requirements that can be adapted and scaled for companies of every size and complexity, and we are prepared to assist you in creating and implementing your Insider Threat Program in advance of the mandated deadline.

———————————————————————————————————————

The specific tasks required by NISPOM Change 2 include, but are not limited to:

 

  1. Designate an Insider Threat Program Senior Official (ITPSO) with authority to provide management, accountability and oversight of your facility’s insider threat program.
  1. Draft and approve an Insider Threat Program Implementation Plan that provides a timeline for meeting the Insider Threat Program requirements in NISPOM Change 2.
  1. Draft and approve an Insider Threat Program Plan that specifies Insider Threat responsibilities and describes how your company will “gather, integrate, and report relevant and available information indicative of a potential or actual insider threat.” Your Insider Threat Program Plan will also establish a centralized analysis, reporting and response capability.
  1. Train your Insider Threat Program personnel on their responsibilities in establishing and maintaining the Insider Threat Program.
  1. Develop an Insider Threat Awareness Training program for all your cleared personnel.
  1. Develop a method to track and verify that all of your cleared employees have completed the required Insider Threat Awareness Training.
  1. Conduct an initial self-assessment of your Insider Threat Program and provide those results to DSS.

For more information, contact us at (571) 203-0245 x2246 or probinson@SquadronDefense.com