DCSA Holds First National Industrial Security Program Signatory Workshop

Photo By Christopher Gillis | Jon Cofer, National Industrial Security Program (NISP) Authorization Office...... read more read more

Photo By Christopher Gillis | Jon Cofer, National Industrial Security Program (NISP) Authorization Office representative, discusses the Defense Counterintelligence and Security Agency’s role in authorizing information systems that process classified information within cleared defense contractors during the agency's first NISP Signatory Workshop held Feb. 9 in Quantico, Va. The NISP was established by Executive Order 12829 to ensure that cleared U.S. defense industry safeguards the classified information in their possession while performing work on contracts, programs, bids or research and development efforts. The Defense Counterintelligence and Security Agency (DCSA) administers the NISP on behalf of the Department of Defense and 35 other federal agencies. There are approximately 12,500 contractor facilities that are cleared for access to classified information under DCSA’s security oversight responsibilities. DCSA provides field personnel, Government Contracting Activities and cleared contractors with timely, consistent policy guidance and to provide effective interpretation of the NISP.  see less | View Image Page

UNITED STATES

03.20.2024

Story by Dantavius Swift 

Defense Counterintelligence and Security Agency

✔ ✗ Subscribe

70

The Defense Counterintelligence and Security Agency (DCSA) Industrial Security directorate hosted its first National Industrial Security Program (NISP) Signatory Workshop in the Russell-Knox Building, Quantico, Va.

More than 80 DCSA government partners participated in the Feb. 9 workshop in person and virtually.

The NISP was established by Executive Order 12829 to ensure that cleared U.S. defense industry safeguards the classified information in their possession while performing work on contracts, programs, bids or research and development efforts. DCSA administers the NISP on behalf of the Department of Defense and 35 other federal agencies.

There are approximately 12,500 contractor facilities that are cleared for access to classified information under DCSA’s security oversight responsibilities. DCSA provides field personnel, Government Contracting Activities (GCAs) and cleared contractors with timely, consistent policy guidance and to provide effective interpretation of the NISP.

Assistant Director for Industrial Security Matthew Redding opened the workshop by reflecting on the transformation of DCSA from the legacy Defense Security Service and sharing his perspective on where the nation stands against its adversaries.

“It’s important that the federal family, those who have signed on to the National Industrial Security Program, recognize that your job and your agency is the most important component because you oversee and administer classified contracts,” Redding said. “Each one of your agencies has a national security role and that means defending the nation and overseeing compliance.”

Redding continued his reflections, highlighting the accomplishments the industrial security team had made, to include transferring legacy functions to Field Operations, while concurrently preparing for the transition from the National Industrial Security System to utilizing NISS Increment II (NI2) capabilities, acquisition and government strategy.

He closed out his comments by looking ahead, noting the directorate is progressing toward a number of goals such as enhancing field operations, formalizing the continuous entity vetting process and working on building up entity vetting capability.

Keith Minard, IS Policy, shared the latest policy updates relating to industrial security, to include the process for getting Industrial Security Letters (ISLs) released. ISLs are issued periodically to inform cleared contractors, GCAs and DOD entities of information and clarifications of existing policy and requirements relating to industrial security. Prior to the new process, ISLs needed to be approved by the Office of the Under Secretary of Defense for Intelligence and Security (OUSD(I&S)). Now, ISLs are reviewed by the Office of Management and Budget to ensure that they meet requirements and can be issued as guidance and then are approved by the Director, DCSA for issuance.

“We have worked on a lot of things that are challenging to do our mission to ensure it is successful not only for you but also to enable the cleared contractors to fulfill their duties efficiently,” Minard said.

In addition to Minard, Allyson Renzella, who serves as the IS branch chief in OUSD(I&S), provided information regarding updates pending to 32 CFR Part 117, “NISP Operating Manual (NISPOM) Rule.”

“There are many factors at play, the most important being that it is an election year,” said Renzella. “Rule making ceases because the federal government does not want to place new rules into play with the potential of having a new administration gaining control and reversing the new rules that just passed.”

Minard closed with, “DCSA works with the NISP community to enable you as signatories.”

Kevin Williamson – DCSA Industrial Security Branch chief and NISP Mission Performance senior action officer – emphasized that DCSA serves as the “front line trace of the field workforce” while presenting a brief on the security rating process.

“The agency conducted 3,632 security reviews for fiscal year 2023 and 99% of the companies achieved a rating of at least satisfactory,” he said, noting the rating reflects the guidance provided by industrial security representatives and GCAs, as well as updates made to the security review process.

“We are committed to protecting your exterior companies, your assets and your people by educating, training and providing resources and support to confidently handle classified information,” he said.

“We understand that while we are in an oversight element, our goal is that these companies are all compliant and continue to support the respective signatory on their classified programs,” Williamson concluded.

The NISP Authorization Office (NAO) serves as ground zero for the monitoring of authorized information systems that process classified information as part of classified contracts.

“The NISP Authorization Office serves as the nexus between field operations, the Department of Defense and our government partners,” said Jon Cofer, a designated representative within NAO. “In our execution of the risk management framework, we produce the external guidance that lets industry know how to configure and how to continuously monitor these information systems.”

By using interconnection agreements, such as memorandums of understanding and memorandums of agreement, sometimes in conjunction with interconnection security agreements, DCSA provides oversight of contracts operated by cleared contractors who process classified information.

“An interconnection security agreement is a document that details the technical configuration of a connection,” said Cofer. “It details how that connection is executed, how it is secured and the physical and logical administrative security controls that are applicable for that connection.”

Cofer went on to discuss the importance of the Enterprise Mission Assurance Support Service (eMASS), which is the web-based application used for comprehensive fully integrated cybersecurity management. It provides an integrated suite of authorization capabilities and prevents cyber-attacks by establishing strict process control mechanisms for obtaining authorization decisions. This application is used to identify how many systems are currently registered within industrial security, placing the authorizations into six categories, such as authorization to operate, expired, to not yet authorized.

“The system itself is operating to standard as it is interconnected with our operations,” said Cofer. “Our authorization timelines are getting better every day,” noting that DCSA has 5,600 registered systems, 3,600 NISP eMASS users and 2,200 authorizations processed in fiscal year 2023.

The NISP Signatory Workshop is an example of the agency working to strengthen its partnerships through continuous cross-collaboration as it continues the mission of America’s Gatekeeper.