When working in a cleared facility, there are a lot of acronyms to keep straight. Here are some of the most important to know.
If there’s one thing the government loves, it’s an acronym. If you work in the high-security space holding a personnel clearance (PCL), odds are you hear a lot of acronyms being thrown around on a daily basis. With this guide, you’ll be slinging out lingo with the best of them in no time.
ACS: Access Control System. This refers to the tech used to manage access in and out of a secure facility, such as fingerprint recognition, card scanners or PINs.
AFSO: Assistant Facility Security Officer. This role reports directly to the FSO and works with them in obtaining and maintaining FCLs and PCLs.
CAGE: Commercial and Government Entity. A unique identifier assigned to suppliers to various government or defense agencies.
CDC: Cleared Defense Contractor. A private entity granted a clearance by the DoD to access, receive or store classified information.
CFR: Code of Federal Regulations. The codification of the general and permanent regulations from the executive department and agencies of the U.S. federal government. Typically you will hear about the 32 CFR Part 117 and Part 2001 in the industrial security space.
CI: Counterintelligence. Activities designed to thwart spying, intelligence gathering and sabotage by an enemy or foreign adversary.
CNWDI: Critical Nuclear Weapon Design Information. A DoD category of weapon data that reveals the theory of operation or design of the components of a nuclear bomb.
COMSEC: Communications Security. These are measures taken to protect information from telecommunications and a subset of OPSEC.
CSA: Cognizant Security Agency. Agencies of the executive branch that have been authorized to establish an industrial security program. These include the DoD and CIA.
CUI: Controlled Unclassified Information. Government-owned unclassified information that still requires some form of safeguarding, such as PII.
DCSA: Defense Counterintelligence and Security Agency. The security organization in charge of ensuring security in workspaces dealing with classified information.
DISS: Defense Information System for Security. A system used for PCL management, though it is being sunsetted and replaced by NBIS in 2023.
DoDM: Department of Defense Manual. Prior to becoming a federal rule, this is what the NISPOM fell under. This is a document that covers DoD requirements and information for various organizations and situations.
DSS: Defense Security Services. This is an older term used to refer to the DCSA and may still be in use in some DCSA instructions.
e-QIP: Electronic Questionnaires for Investigations Processing. A web-based platform that DCSA uses to house common investigative forms like the SF 86.
FCL: Facility Clearance. A determination made by the federal government that a contractor is eligible for access to classified information.
FGI: Foreign Government Information. Information the U.S. has provided to or received from a foreign government or international organization that is expected to be held in confidence.
FOCI: Foreign Ownership, Control or Influence. A state that may affect a company’s ability to qualify for or maintain an FCL. A company under FOCI is owned, controlled or significantly influenced by a foreign interest.
FOUO: For Official Use Only. This is the old term for CUI but is still in use. Information that is not classified but still needs to be safeguarded.
FSO: Facility Security Officer. An important role within cleared facilities, an official charged with the establishing and maintenance of the company’s FCL.
GCA: Government Contracting Activity. Defines the initial requirements for the product or service for a contract.
GSA: General Services Administration. A government administration that manages and supports the basic functioning of federal agencies. They approve the containers that can hold classified materials.
IDE: Intrusion Detection Equipment. These are the individual pieces of equipment used to monitor if someone has gotten into the facility who shouldn’t be, such as glass break sensors or motion detectors.
IDS: Intrusion Detection System. This is the full system used to monitor if someone has gotten into the facility who shouldn’t be.
ITPSO: Insider Threat Program Senior Official. A position appointed by the SMO who oversees the insider threat working group.
INFOSEC: Information Security. A subset of OPSEC focused on protecting information by mitigating risks.
ISOO: Information Security Oversight Office. Office that is responsible to the president for policy and oversight of the government security classification program and the NISP.
ISL: Industrial Security Letter. These are letters issued by the DoD to announce things like policy changes to cleared contractors.
ISP: Industrial Security Professional. Those working in the industrial security field, specifically those certified by NCMS to join the Society of Industrial Security Professionals.
ISR: Industrial Security Representative. These are field workers for DCSA who support the agency’s mission and clear facilities and personnel, provide oversight and guidance, and assess the security of cleared facilities.
KMP: Key Management Personnel. Personnel who have authority and responsibility for the cleared facility, listed in the KMP list.
MFA: Multi-factor Authentication. When a system requires multiple types of verification of identity before granting access.
MFO: Multiple Facility Organizations. A company with multiple facilities where the collection of all facilities is considered a single legal entity with a home office acting as the headquarters.
NAESOC: National Access Elsewhere Security Oversight Center. Designed to provide oversight and security management for facilities who do not possess their classified information on-site but access it elsewhere.
NATO: North Atlantic Treaty Organization. An intergovernmental military alliance between 30 member states. You need to be separately briefed and read in to access NATO information if you have a need to know.
NBIS: National Background Investigation Services. A system for managing PCLs. Currently being transitioned to from DISS.
NCAISS: NISP Central Access Information Security System. This acronym inside an acronym is a web-based application that provides PKI-based authentication services to DCSA applications.
NCMS: National Classification Management Society. This organization typically only goes by their acronym. They are a non-profit society of industrial security professionals and offer networking events as well as opportunities for professional development.
NISP: National Industrial Security Program. This program ensures that cleared U.S. defense contractors safeguard the classified information in their possession.
NISPOM: National Industrial Security Program Operating Manual. The document that contains the requirements that cleared facilities and personnel must meet in order to safeguard information. The full name is the 32 CFR Part 117, NISPOM.
NISS: National Industrial Security System. This is the system FSOs use for FCL management.
NSA: National Security Agency. A national-level intelligence agency of the DoD that is responsible for the protection of national communications systems and collecting information about foreign adversaries’ secret communications.
NSI: National Security Information. Information that requires protection against unauthorized disclosure and is marked with its classified status.
OPSEC: Operations Security. This refers to any systems and processes put in place to protect information and assets from potential adversaries.
PCL: Personnel Clearance. A determination made by the federal government that an individual is eligible for access to classified information. In order to obtain one, the individual must have a need to know based on their employment with a cleared facility.
PII: Personal Identifiable Information. Information including Social Security Numbers, addresses, birthdays, or anything else related to a person’s identity.
PKI: Public Key Infrastructure. A card used to access certain information systems and DCSA applications.
SAP: Special Access Program. Security protocols that provide highly classified information with safeguards. Typically associated with Department of Defense programs.
SCI: Secure Compartmented Information. Information about certain intelligence sources and methods that needs to safeguarded.
SEAD: Security Executive Agent Directive. Most likely SEAD 3. This is a document that establishes requirements for people working in the executive branch. SEAD 3 is included in the NISPOM to extend to those in industrial security.
SF: Standard Form. Forms used government wide in administering classification programs.
SMO: Senior Management Official. A high-ranking member of leadership at the company with ultimate authority over the facility’s operations and authority to direct actions necessary for the safeguarding of classified information.
SOP: Standard Operating Procedure. A set of instructions created to help workers carry out routine operations.
SPP: Standard Practice Procedures. Your process for applying the NISPOM to your organization as you work on classified contract requirements.
SSA: Special Security Agreement. This is an agreement that may be used for a facility that is effectively owned or controlled by a foreign entity.
SSBI: Single Scope Background Investigation. A type of investigation conducted to obtain a top secret clearance and access to SCI.
TCP: Technology Control Plan. A customized plan which outlines the procedures to prevent access to technology and data by unauthorized individuals.
TFA: Two-factor authentication. When a system requires two types of verification of identity before granting access.
UL: Underwriters’ Laboratories. A safety science corporation that sets standards for alarm systems. UL 2050 is the standard for SCIFs.
VAL: Visit Authorization Letter. A GSA form that must be completed in order to visit an area requiring a clearance. Also known as a VAR.
VAR: Visit Authorization Request. A GSA form that must be completed in order to visit an area requiring a clearance. Also known as a VAL.
VRO: Vetting Risk Operations. The center that handles interim clearances for people seeking a PCL.