DoD – NISPOM Change 2
The Defense Security Service’s Conforming Change 2 to DoD 5220.22-M, National Industrial Security Program Operating Manual (NISPOM) and an accompanying Industrial Security Letter were released on 18 May 2016.
Among other changes, the updates require that DoD-cleared contractors implement an insider threat program. Contractors had until 30 November 2016 to self-certify compliance with new guidelines. DSS is currently employing anew 21 question checklist to ensure compliance with this requirement.
Specifically, the NISPOM states: “Defense Security Service (DSS) to require that all entities possessing a facility clearance/cleared personnel shall incorporate insider threat based technologies and processes to maintain their current ability to hold clearances.” The four referenced processes are:
* Designate Insider Threat Program Manager
* Provide Employee Insider Threat Training Within First 30 Days
* Institute Classified Network User Monitoring
* “Build and maintain an insider threat analytic response capability to manually and/or electronically gather, integrate, review, assess, and respond to information derived from CI, IA, security/law enforcement, [human resources], and other sources.”
ClearForce solves the Insider Threat Analytic Response Requirement and addresses the 13 adjudicative guidelines for a Federal security clearance. ClearForce pulls high quality data from financial and legal information providers, matches it to internal HR data, generates alerts when an employee exceeds a baseline value, and offers a legally compliant workflow to investigate the alert and a centralized data repository.