Earlier this year, the Defense Security Service (DSS) issued new rules for all government contractors that hold facility security clearances. Several of the new rules, which relate to “inside threats,” take effect Wednesday, Nov. 30, 2016.
The changes are found in the National Industrial Security Program Operating Manual (NISPOM), and include the following requirements:
- A written “insider threat” program plan
- Formal appointment of a senior official to serve as the Insider Threat Program Senior Official (ITPSO)
- Annual certification of self-inspection, including analysis of inside-threat vulnerability
- Continuation of the requirement to report relevant and credible information regarding cleared employees
- A system or process to identify patterns of negligence or carelessness in handling classified information
- Insider-threat training for employees
- User activity monitoring on classified information systems
Contractors who regularly work with U.S. intelligence agencies may already have implemented some or all of these procedures. But all cleared contractors should use the Nov. 30 deadline as a benchmark requiring a thorough review of their policies and procedures by their facility security officer (FSO) and legal counsel.