Less than a year ago, the Department of Defense (DoD) issued a ruling that incorporates the National Industrial Security Program Operating Manual (NISPOM) into the code of federal regulations (CFR). Additionally, the NISPOM Rule includes new reporting requirements established by Security Executive Agent Directive Revision 3 (SEAD 3).
The positive impact is that this rule provides a single, nationwide implementation plan and, in theory, should more cohesively protect our nation’s secrets from unauthorized disclosure. However, with its 6-month “grace period,” contractors might now be scrambling to fully abide by these revisions nor fully understand their new reporting responsibilities.
Global Solutions provides full security support to cleared industry contractors. We can help you plan, develop, monitor, and continually assess industrial security operations to maintain compliance.
How Does SEAD 3 Impact Clearances?
SEAD 3 applies to all contractors in the National Industrial Security Program (NISP). It expands the reporting requirements of cleared individuals. This is perhaps the most significant impact of which clearance holders, FSOs, and other security officers need to be aware.
As of Feb. 24th, 2021, SEAD 3 became a federal rule. Contractors had just 6 months to fulfill these new reporting requirements before compliance was enforced. That time has passed.
The responsibility for monitoring personnel security clearance will no longer fall to employers but rather to the individuals themselves. Individuals in “sensitive positions” will be responsible to file self-reports.
SEAD 3 also expands reporting responsibilities for public contractors who deal with classified information.
In summary, some of the key changes under 32 CFR Part 117 NISPOM Rule (dcsa.mil) include:
- References to “Entity Eligibility Determination” have the same meaning as “Facility Security Clearance (FSC)”
- Reporting responsibilities have changed
- Senior Management Officials (SMOs) have specific responsibilities now listed in the NISPOM Rule. SMOs, (ISSMs, FSOs, and higher-level leaders) are officially responsible for NISP compliance. SMOs have responsibility to educate and divulge when reportable items become known, the same as it is on the individuals to report information to maintain their clearance as well.
- The NISPOM Rule replaces the existing DoD policy DoD 5220.22-M.
- Clarifies that upon completion of a classified contract, the contractor is required to return all government-provided or deliverable information to the custody of the government.
Reporting Requirements and SEAD 3
All individuals who are determined eligible for access to classified information or who hold a sensitive position are obligated to recognize, avoid, and report personal behaviors that may negatively impact their continued national security eligibility. Those who fail to comply with reporting requirements
outlined in SEAD 3 may lose their national security eligibility. This includes reporting unofficial travel outside of the U.S., continuous contact with individuals from a foreign country, and any actions by others that are “reportable,” or whose behavior is inconsistent with the interests of national security.
Reporting criteria are based on the eligibility level of the cleared employee and not based on access level.
What Are the Levels of Classified Information?
The U.S. classification of information system has three classification levels — Top Secret, Secret, and Confidential. All are defined in EO 12356.
How Should You Prepare for SEAD 3 and the NISPOM Rule?
Seek professional services to gain clarification and guidance regarding industrial security. We encourage anyone impacted by the NISPOM Rule to contact us as soon as possible. Cleared contractors working for DoD customers must have implemented the change effective August 24, 2021. The Defense Counterintelligence and Security Agency (DSCA) will assess compliance with the SEAD 3 reporting requirements no earlier than March 1, 2022.
If you are part of the cleared industry and need a better understanding of what is required for compliance, we can help.