Skip to content

Menu

LexBlog, Inc. logo
CommunitySub-MenuPublishersChannelsProductsSub-MenuBlog ProBlog PlusBlog PremierMicrositeSyndication PortalsAboutContactResourcesSubscribeSupport
Join
Search
Close

Critical Changes for U.S. Cleared Facilities

By David Vance Lucas & Andrew Tuggle on March 18, 2021
Email this postTweet this postLike this postShare this post on LinkedIn

Critical Changes for U.S. Cleared FacilitiesCodification of the NISPOM and replacement of JPAS

Two significant changes are underway by the Defense Counterintelligence and Security Agency (DCSA) – both of which require the immediate attention of businesses that hold a U.S. security clearance or are in the process of application for a clearance.

The first change is the codification of the National Industrial Security Program Operating Manual (NISPOM). As background, the NISPOM has been the key guidance for protecting classified and certain other controlled information in accordance with the National Industrial Security Program (NISP) as currently overseen by the DCSA.

The Department of Defense (DoD) published a Final Rule codifying the NISPOM on December 21, 2020, which became effective February 24, 2021. The Final Rule requires that contractors must implement changes no later than six months after the date the Final Rule is published (August 2021). The NISPOM is now codified at 32 CFR Part 117. Further guidance on the Final Rule’s implementation will be published in an Industrial Security Letter (ISL).

The Final Rule establishes requirements, policies and procedures in accordance with the NISP – which outlines the protection of classified information that is disclosed to, or developed by contractors, licensees, grantees, or certificate holders to prevent unauthorized disclosure.

Key changes include:

  • Requirements for cleared contractors to submit reports pursuant to Security Executive Agent Directive (SEAD) 3 and cognizant security agency (CSA) guidance.
  • An additional facility clearance tool for DCSA and government contracting activities (GCAs) as a limited entity eligibility specific to the requesting GCA’s classified information, and to a single, narrowly defined contract, agreement, or circumstance.
  • Elimination of the requirement for National Interest Determinations (NIDs) for certain covered contractors operating under a special security agreement with ownership by countries designated as part of the National Technology and Industrial Base (United Kingdom, Canada or Australia).
  • Determinations by a CSA with respect to requirements for top secret accountability.
  • Permitting Intrusion Detection System (IDS) installation and UL-2050 certification by an Occupational Safety and Health Administration (OSHA) Nationally Recognized Testing Laboratory (NRTL).
  • Directing cleared contractors to refer to 32 CFR Part 2001 for guidance on requirements for the protection of classified national security information (CNSI) to ensure consistency with national policy.
  • Clarification of responsibilities for Senior Management Officials (SMO).
  • Clarification that upon completion of a classified contract, the contractor must return all government provided or deliverable information to the custody of the government.

Significantly, for non-U.S. entities, the Final Rule also eliminates the requirement that entities under Foreign Ownership, Control, or Influence (FOCI) operating under a Special Security Agreement (SSA) attain a NID. Under the Final Rule, SSA entities covered by the NITB will be permitted to begin contract performance without first obtaining a NID.

The DCSA is currently reviewing existing ISLs to determine those that will be retained, re-issued, and/or rescinded. DCSA is also working on revisions to NISP-related forms, including the SF-328 – “Certificate Pertaining to Foreig-n Interests,” DD Form 441 – “Security Agreement,” and DD Form 441-1 – “Security Agreement Appendage.”

The second significant change by the DCSA is the retirement of the Joint Personnel Adjudications System (JPAS). JPAS is being replaced by the Defense Information Security System (DISS) as the next step toward deployment of the National Background Investigation Services (NBIS) and implementation of the Trusted Workforce 2.0 continuous vetting policy.

JPAS transitioned to a read-only mode on March 15, 2021, and will be fully retired on March 31, 2021. All updates to eligibility, access, and visit data must be completed in DISS prior to March 15.

Cleared contractors should work with their SMO, DCSA representative and counsel to assure their understanding and compliance with these significant changes. For other updates and alerts regarding national security law developments, subscribe to Bradley’s privacy blog Online and On Point.

Photo of David Vance Lucas David Vance Lucas

David Lucas provides legal strategy for technology and business. He applies legal, technological and operational experience to craft strategic advice on a variety of intellectual property, international trade and complex litigation matters.

Read more about David Vance LucasEmail
Photo of Andrew Tuggle Andrew Tuggle

Andrew Tuggle’s practice focuses on technology and intellectual property law. He helps clients protect their innovations and comply with laws about data and technology.

Andrew helps clients protect their innovations through patents, trademarks, and trade secrets. With a strong technical background, he advises…

Andrew Tuggle’s practice focuses on technology and intellectual property law. He helps clients protect their innovations and comply with laws about data and technology.

Andrew helps clients protect their innovations through patents, trademarks, and trade secrets. With a strong technical background, he advises clients on how to comply with laws about cybersecurity, data privacy, digital assets, and exports.

Read more about Andrew TuggleEmail Andrew's Linkedin Profile
Show more Show less
  • Posted in:
    Privacy & Data Security
  • Blog:
    Online & On Point
  • Organization:
    Bradley Arant Boult Cummings LLP
  • Article: View Original Source

LexBlog, Inc. logo
Facebook LinkedIn Twitter RSS
Real Lawyers
99 Park Row
  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service
  • Products
  • Blog Pro
  • Blog Plus
  • Blog Premier
  • Microsite
  • Syndication Portals
  • LexBlog Community
  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center

New to the Network

  • Boston ERISA & Insurance Litigation Blog
  • Stridon News and Insights
  • Taft Class Action & Consumer Insights
  • Labor and Employment Law Insights
  • Age of Disruption
Copyright © 2022, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo