Why reading this long document matters and tips on how to be better informed on security policies
The NISPOM (National Industrial Security Program Operating Manual), or 32 CFR Part 117, NISPOM, is the foundational cornerstone that enables Facility Security Officers (FSOs) to do their jobs well. It outlines a variety of protocols including how to maintain facility clearances (FCLs), what to do if you’re possessing or non-possessing, what does foreign ownership look like, how to handle limited entity eligibility and much more. While the document is more than 100 pages long, knowing its requirements is a central part of an FSO being able to succeed in their role.
While this influx of information can be a lot to absorb, experts agree that all FSOs should be well versed in the NISPOM. So Adamo has compiled a clear guide on the importance of understanding and implementing the NISPOM.
Quick Overview of the NISPOM
Up until 2021, the NISPOM was a DoD manual before becoming a federal rule, which changed some requirements and changed where some information could be found. Currently, the 32 CFR contains over 2,000 parts, and the NISPOM makes up one section of the code. While you do not need to read all 2,000+ parts of the 32 CFR, it’s helpful to know how the NISPOM fits into the scheme of things. In addition to Part 117, Part 2001 also contains information about safeguarding that will be relevant for possessing facilities.
Why Should You Read the NISPOM?
The NISPOM offers the requirements for maintaining your company’s FCL, and it is a guiding document to help you succeed in your job. It is crucial that the entities and companies handling classified information are ensuring the protection, maintenance and security of such information. Knowing the NISPOM allows you to ensure you’re ticking the boxes. If you don’t know the requirements, you’re putting your FCL, company security and national security at risk.
Additionally, reading the NISPOM helps you and your company establish the ways you will fulfill and interpret the protocols found within the document. Whether reading a book, poem or government document, we all interpret words differently. So, it’s important to come to a common consensus in your company regarding the NISPOM to make sure education and implementation is consistent.
Here are some things to keep in mind as you consider the NISPOM protocols:
- Do you have all of your company’s policies and procedures in compliance and up to date?
- Do your clients or partners identify with any other clearances that your company may not necessarily have? Have you read about them?
- Are you educating your fellow employees on how they can help the company stay in compliance?
- What could be changed in your company to help you stay in the clear?
Trying to learn such a large document and the security rules held within it can feel like a daunting task. We have four tips that can help you stay on top of the NISPOM and any rule changes that may come your way.
1. Set aside time to read.
This first tip is often easier said than done, but the only way to actually absorb the information is to take the time to read it. The NISPOM is structured in a straightforward way, despite the information being a lot to absorb. It’s written logically and definitions are
written out foundationally, meaning the chapters begin with lowest level clearance and work their way up to more heightened levels, which require more security protocols.
These concepts, however, are often interconnected, so topics may be addressed throughout the handbook. For this reason, it’s important to read and fully analyze what you’re digesting.
Often, we’re tempted to run right to the search bar or “command F” on the keyboard. But, if you don’t actually know what you’re looking for, you’re more likely to read something and interpret it wrong or miss key information.Experts recommend you get through at least the first 10 chapters to have a foundational understanding. Return to the chapters, even if you’ve already read through them. This information is dense and requires more than a quick skim.
When you’re doing your first read-through, don’t try to read it all in one sitting. There’s too much dense information to be able to absorb all at once. Instead, set up 30 minutes in your day to chip away at it until you’ve read the whole thing. This will make it feel more doable while also allowing you time to digest the information you’ve read.
2. Read on DCSA.mil. Don’t read a PDF version.
Although this may seem like a minor detail, reading a PDF version of the NISPOM can lead you down a rabbit hole with very few answers. In the most recent version of the NISPOM, some major structural changes were made to make it more user friendly, but that means you have to be intentional with the way you read it. Hyperlinks are often used in the NISPOM, so make sure you’re reading on DCSA.mil. If you just read the NISPOM as a PDF, it is highly likely you’re missing hyperlinks to key information.
3. Stay Up to Date With Government Portals
Luckily, with the relatively recent move of adding the NISPOM to the CFR, it’s likely major changes won’t be happening anytime soon. However, because the NISPOM was reworked to address broader topics, there is some ambiguity. For example, the NISPOM may direct you to reference or input information to a “system of records.” Most FSOs know there are a lot of different portals to choose from where you could upload the information. Some of the portals include the Defense Information System for Security (DISS), National Background Investigation Services (NBIS), NCAISS (National Industrial Security Program Central Access Information Security system) and SWFT (Secure Web Fingerprint Transmission). Being aware of the different portals is imperative. Additionally, it’s important to keep an eye out for industrial security letters which will offer updates as needed.
A helpful change that came with the recent NISPOM move to CFR is that the hyperlinks will often take you directly to the additional documents the NISPOM wants you to reference.
4. Maintain a Healthy Relationship with Your DCSA Representative
As mentioned above, with any form of communication, we all interpret things in our own way. That may be something you run into with fellow employees or with your DCSA representative. In navigating situations where you might interpret the NISPOM differently from your representative, it’s best to approach the scenario with humility and questions. Come from a place of wanting to understand and learn rather than point out or confront.
It’s important to maintain a healthy relationship with your DCSA representative because they are the people who help you maintain your clearance. It’s often helpful to have your conversations documented (in writing), and don’t be afraid to turn to the NISPOM as a guiding source for your questions.
If a DCSA representative is asking you to do something that is not clearly found in the NISPOM, it is your responsibility and duty to ask questions such as, “Can you let us know where it states that in the NISPOM? If it’s not in the NISPOM, how can we follow it?” If they are unwilling to answer your questions or unmoving in their requests, you can also escalate your concerns to the field chief officer.
Need additional help learning the NISPOM? Reach out to Adamo.
It’s our prerogative and priority to know the NISPOM and help our clients understand it too. While it’ll take your intentionality and time to go through and read the NISPOM yourself, Adamo can help with creating additional educational resources and keeping you up to date on any changes. At Adamo, we have on-staff experts in security who can help you succeed in your role as an FSO. Check out our FSO support services today.