DoD Update Insider Threat and the NISP

Similar documents
Greg Pannoni April 2016

Introduction to Industrial Security, v3

Personnel Security Update April 2016

February 11, 2015 Incorporating Change 4, August 23, 2018

Personnel Security Update May 2016

FSO Role in the NISP. Student Guide. Lesson 1: Course Introduction. Course Information. Course Overview

Suggested Contractor File Folder Headings

Question Distractors References Linked Competency

Personnel Clearances in the NISP

Security Asset Protection Professional Certification (SAPPC) Competency Preparatory Tools (CPT)

General Security. Question Answer Policy Resource

Department of Defense INSTRUCTION

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON, DC

Security Policy Updates AIA/NDIA Edition

Center for Development of Security Excellence YEAR END REPORT

Department of Defense Consolidated Adjudications Facility

Presented by: Personnel Security Management Office for Industry (PSMO-I)

Protection of Classified National Intelligence, Including Sensitive Compartmented Information

DoD M OPERATING MANUAL. February

DOD Insider Threat Management and Analysis Center COUNTERINTELLIGENCE AWARENESS WEBINAR SERIES

SUMMARY FOR CONFORMING CHANGE #1 TO DoDM , National Industrial Security Program Operating Manual (NISPOM)

AskPSMO-I Webinar: SF-312 Non-Disclosure Agreement

NISPOM Update & Security Basics

September 02, 2009 Incorporating Change 3, December 1, 2011

Presented by: Ryan Dennis Personnel Security Management Office for Industry (PSMO-I)

SECRETARY OF THE ARMY WASHINGTON

August Initial Security Briefing Job Aid

PERSONNEL SECURITY CLEARANCES

NUCLEAR REGULATORY COMMISSION [NRC ] Nuclear Regulatory Commission Insider Threat Program Policy Statement

Department of Defense DIRECTIVE

Department of Defense INSTRUCTION. SUBJECT: DoD Information Security Program and Protection of Sensitive Compartmented Information

Department of Defense

GAO INDUSTRIAL SECURITY. DOD Cannot Provide Adequate Assurances That Its Oversight Ensures the Protection of Classified Information

Personnel Security Briefing NAWCAD Industry Day Larry Paxton

Department of Defense DIRECTIVE

Question Distractors References Linked Competency

NISPPAC Security Policy Updates

DEPUTY SECRETARY OF DEFENSE 1010 DEFENSE PENTAGON WASHINGTON DC

NATIONAL DEFENSE INDUSTRIAL (NDIA)

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE

DEPARTMENT OF DEFENSE (DoD) INITIAL TRAINING GUIDE

NATIONAL INDUSTRIAL SECURITY PROGRAM OPERATING MANUAL

DEPARTMENT OF THE NAVY INSIDER THREAT PROGRAM. (1) References (2) DON Insider Threat Program Senior Executive Board (DON ITP SEB) (3) Responsibilities

Department of Defense INSTRUCTION

SUITABILITY AND SECURITY PROCESSES REVIEW REPORT TO THE PRESIDENT FEBRUARY 2014

Department of Defense DIRECTIVE. DoD Executive Agent (EA) for the DoD Cyber Crime Center (DC3)

REPORT to the PRESIDENT. NATIONAL ARCHIVES and RECORDS ADMINISTRATION

8/11/2015. Navigation in the Meeting Room. Cyber Enabled Threats to Cleared Industry. Host: Rebecca Morgan Counterintelligence Instructor CDSE

Contract Security Classification Specification. DD-254 Guidance

REPORT ON COST ESTIMATES FOR SECURITY CLASSIFICATION ACTIVITIES FOR 2005

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON DC

Information Technology Management

The DD254 & You (SBIR)

BY ORDER OF THE SECRETARY OF THE AIR FORCE AIR FORCE HANDBOOK FEBRUARY Security NATIONAL INTEREST DETERMINATION HANDBOOK

Department of Defense INSTRUCTION

For Immediate Release October 7, 2011 EXECUTIVE ORDER

PERSONNEL SECURITY CLEARANCES

DoD Cloud Computing Strategy Needs Implementation Plan and Detailed Waiver Process

CHAPTER 1 General Provisions and Requirements

INTELLIGENCE COMMUNITY DIRECTIVE NUMBER 501

DOD DIRECTIVE INTELLIGENCE OVERSIGHT

Industrial Security Program

Recommendations Table

EXECUTIVE ORDER 12333: UNITED STATES INTELLIGENCE ACTIVITIES

Subj: DEPARTMENT OF THE NAVY (DON) INFORMATION SECURITY PROGRAM (ISP) INSTRUCTION

Department of Defense Suitability and Fitness Guide

Department of Defense INSTRUCTION

Q-53 Security Training: Transmitting and Transporting Classified Information, Part I

Acquisitions and Contracting Basics in the National Industrial Security Program (NISP)

Naval Security Enterprise Newsletter

DODEA ADMINISTRATIVE INSTRUCTION , VOLUME 1 DODEA PERSONNEL SECURITY AND SUITABILITY PROGRAM

Department of Defense DIRECTIVE. Inspector General of the Department of Defense (IG DoD)

Revised Federal Investigative Standards (FIS) Short

Department of Defense DIRECTIVE

Naval Security Enterprise Newsletter

Department of Defense DIRECTIVE. SUBJECT: Unauthorized Disclosure of Classified Information to the Public

Self-Inspection Handbook for NISP Contractors

ISL 02L-1 April 22, Industrial Requests Affected by Operation Enduring Freedom

Department of Defense MANUAL

Department of Defense MANUAL

DERIVATIVE CLASSIFICATION TRAINING/IMPLEMENTATION AND OVERVIEW OF EXECUTIVE ORDERS IMPACTING THE NISP

JAN ceo B 6

Department of Defense INSTRUCTION. Office of the Inspector General of the Department of Defense Access to Records and Information

Presenting a live 90 minute webinar with interactive Q&A. Td Today s faculty features:

DEPARTMENT OF THE NAVY COUNTERINTELLIGENCE

OVERLOOK SYSTEMS TECHNOLOGIES, INC. Standard Practice Procedure

INSIDER THREATS. DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems

Department of Defense INSTRUCTION

AskPSMO-I: Interim Determination Process

Department of Defense MANUAL

Identification and Protection of Unclassified Controlled Nuclear Information

JRSS Discussion Panel Joint Regional Security Stack

Export-Controlled Technology at Contractor, University, and Federally Funded Research and Development Center Facilities (D )

Department of Defense INSTRUCTION

DEFENSE OFFICE OF HEARINGS & APPEALS (DOHA) April 20, 2006 Briefing for the JSAC and NCMS (ISSIG)

Department of Defense INSTRUCTION

DOD DIRECTIVE SPECIAL OPERATIONS POLICY AND OVERSIGHT COUNCIL (SOPOC)

Agency Mission Assurance

B. ACCESS, STORAGE, CUSTODY, CONTROL AND TRANSMISSION OF CLASSIFIED INFORMATION

Transcription:

UNCLASSIFIED OFFICE OF THE UNDER SECRETARY OF DEFENSE DoD Update Insider Threat and the NISP Steve Lewis Valerie Heil May 19, 2015 UNCLASSIFIED

Continuous Evaluation IMESA Insider Threat NISPOM Change 2 SAP Policy Issuances NISPOM Rewrite Questions OFFICE OF THE UNDER SECRETARY OF DEFENSE AGENDA 2

Why Continuous Evaluation OFFICE OF THE UNDER SECRETARY OF DEFENSE Early detection and mitigation of potential insider threats Reduce cost of performing traditional background investigations Response to multiple unauthorized disclosures of classified information and shooting incidents involving trusted insiders Secretary of Defense approved CE implementation as one of four key Washington Navy Yard recommendations Authorized by Executive Order 13467 (Reforming Processes ) and individually on the SF 86 release (2010 version) exit

UNCLASSIFIED OFFICE OF THE UNDER SECRETARY OF DEFENSE DoD CE Way Ahead DoD actively consulting, collaborating, and coordinating with DNI and other Performance Accountability Council principals on its CE efforts. Goal is to develop CE processes that provide the same or more information than that developed by Tier 3 (Secret &below) investigations at greater frequency and at substantially less cost. CE will be a critical feed into DoD Insider Threat Program capabilities at all levels

Identity Matching Engine for Security and Analysis (IMESA) Validates Credentials (e.g. CACs)/ Checks NCIC wanted persons file 5M The approximate number of persons registered 2.5 3M The approximate number of swipe transactions per week 200K The approximate number of persons registered each month > 1,000 126 The approximate number of person matches with open active warrants The number of installations connected 5

NISPOM Change #2 New NISPOM 1-202 Insider Threat Program Establish and Maintain Insider Threat program Designate Insider Threat Senior Official Must be cleared in connection with facility clearance Establish and execute an insider threat program May be FSO, but also has to be a Senior Official FSO must be integral member of contractor s program Gather, Integrate and Report As required by Cognizant Security Agency (CSA) Relevant and available information indicative of a potential or actual insider threat Clarification will be by Industrial Security Letter 6

NISPOM Change #2 New NISPOM 3-103: Insider Threat Training Considered appropriate by the CSA Personnel with insider threat program responsibilities Counterintelligence and security fundamentals Procedures for conducting insider threat response actions Applicable laws related to use (or misuse of records and data) All other cleared personnel Insider threat awareness training Required training before being granted access to classified information Establish and maintain a record of all cleared employees who have completed the initial and annual training 7

NISPOM Change #2 Chapter 8: Revisions ISSM role includes insider threat awareness User activities on contractor s classified systems are subject to monitoring Banners on all classified information systems (ISs) Activity on classified network is subject to monitoring Could be used in criminal, security or administrative actions Security awareness training for all users (initial and refresher) (chp 3) CSA guidance will be based on guidance for Federal ISs Terminology updates to synchronize to NIST 800-37 e.g., Assessment and Authorization instead of Certification and Accreditation 8

Other Major Changes in NISPOM Change #2 New 1-401: Report cyber intrusions into cleared defense contractors (CDCs) classified information systems to DoD (section 941, FY13, NDAA) New Appendix D: NISPOM Supplement: will cancel 1995 NISPOM Supplement 1 No gap in guidance, since DoD will not publish NISPOM change #2 until DoD SAP volumes are published. 9

Progress toward publication OFFICE OF THE UNDER SECRETARY OF DEFENSE Required concurrence by DOE, NRC, ODNI and DHS Received: NISPOM Change #2 NRC and ODNI concurrence in March 2015 DOE concur with comments on April 1, 2015 DHS concur on May 11, 2015 Resolved DOE comments as of May 11, 2015 Now in DoD pre-signature edit and then legal sufficiency review Goal remains to publish by July 31, 2015 Implementation no later than 6 months from publication (NISPOM paragraph 1-102c) 10

DoD SAP Manual DoDM 5205.07 Vol 1, General Procedures DoDM 5205.07 Vol 2, Personnel Security DoDM O-5205.07 Vol 3, Physical Security DoDM 5205.07 Vol 4, Marking Status Volumes 3 and 4 published. Volume 1 has completed legal review and is ready for signature. Volume 2 in legal review. Note: DoD Issuance Website: http://www.dtic.mil/whs/directives/index.html 11

NISPOM Rewrite Will replace 2006 NISPOM and its two conforming changes Planning process started with CSAs: DOE, NRC, ODNI and DHS NISPPAC NISPOM ad hoc Working Group reestablished Series of workshops planned through the summer NISPOM topics divided into six working buckets CSA workshop for each bucket - followed by - NISPPAC NISPOM ad hoc WG workshop May 20 CSA workshop for bucket #1 (Responsibilities, General Information, Reporting Requirements) June 2 NISPPAC NISPOM ad hoc WG for bucket #1 12

UNCLASSIFIED OFFICE OF THE UNDER SECRETARY OF DEFENSE Questions? 13

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback