Understand the new guidelines and requirements from SEAD-3 for reporting in the upcoming version of NISPOM
The National Industrial Security Program Operating Manual (NISPOM) is being turned into a new federal law, known as 32 CFR Part 117. With this change comes the addition of new guidelines for what information must be reported by industry personnel who hold a personnel clearance. These guidelines make it so that individuals will need to report their foreign travel, finances, relationships and other situations. These were formerly not required to be reported, though some organizations may have enforced them internally.
The new NISPOM guidelines were released and came into effect Feb. 24, 2021. You will need to report all the information from that February date onward, but companies will not be penalized for lack of reporting until August. There is a grace period of six months, meaning all cleared personnel must comply by Aug. 24, 2021.
NISPOM is pulling these requirements from Security Executive Agent Directive 3 (SEAD-3), which—until now—only applied to government employees. Now personnel on the industry side will be held to the same standards as government employees.
According to the Defense Counterintelligence and Security Agency (DCSA), “Some of the changes in the Rule are intended to better align with national policy for the protection of Classified National Security Information, some are to address changes in law or regulations, and some are to enhance the protection of classified material that contractors access or possess.”
Insider threats have been on the rise in recent years, and these new changes may be able to help mitigate these. You will likely need to help your team get used to the new requirements and come into compliance.
These changes ensure the people with access to Confidential and Secret information are cleared appropriately and can uphold security standards. The goal is ultimately to protect the information and ensure the people with access to it are trustworthy.
What all cleared individuals need to report
All cleared individuals will have to report any foreign travel. Travel to U.S. territories and possessions, like Guam and Puerto Rico, do not need to be reported. If you deviate from your planned itinerary while traveling, you will have to report those within five days of your return.
Similarly, if you take an unplanned trip to either Mexico or Canada, you have to report those once you return within five business days. If you have any foreign contacts, you also have to report those. The DoD has extended the deadline for reporting foreign travel 18 months from the effective date of Aug. 24 for contractors under DoD cognizance.
Personnel may have previously reported travel to their Facility Security Officer (FSO), but these reports being mandated is new.
What to report about others
You will be responsible to report any information about other cleared individuals that may be a security concern. This includes if they are refusing to cooperate with security rules, if they’re either in an excessive amount of debt our have come into unexplained wealth, or if they’re abusing alcohol or using illegal drugs.
If the behavior of someone you work with makes you concerned they could compromise security, that is another situation you’re obligated to report.
Related: Download our NISPOM Reporting Requirements Poster
What personnel who deal with Confidential and Secret information need to report
If you have clearance to deal with Confidential and Secret information, there are some extra requirements you face. For one, you must report if you have or apply for a foreign passport or citizenship. You also have to report if anyone tries to blackmail or exploit you for knowledge, or if a media contact tries to gain access to classified information outside of official purposes.
Other reportable activities include any arrests, bankruptcy, delinquencies of over 120 days on debts, or any alcohol- or drug-related treatment.
What personnel who deal with Top Secret information need to report
With a clearance for Top Secret information, you need to report all the same information as those who deal with Confidential and Secret information, but you are subject to additional requirements.
Going forward, you will have to report foreign dealings, such as any foreign bank accounts, a direct involvement in a foreign business, and adoption of non-U.S. citizen children. You’ll also have to report any foreign property you own or if you vote in a foreign election.
Along with bankruptcies and debt delinquencies, you also need to report any infusion of assets worth more than $10,000. If you have a roommate who is a foreign national, you will have to report that as well as any cohabitants or marriages.
If you need to make a report, you’ll first make it to the Facility Security Officer (FSO). From there, they will launch an investigation to ensure the report is accurate and not based on rumor. If the FSO finds reason to escalate, they will pass it on to the Industrial Security Representative (aka “IS Rep”) who will perform their own investigation and determine if further action is necessary. They may send it on to the FBI if federal investigation is needed.
For those who already hold a facility clearance, the changes won’t be retroactive, so if, for example, you filed for bankruptcy two years ago, you won’t need to report that. However, those applying for new facility clearances will have to disclose several years of information.
These requirements will now need to be included in initial security briefings for personnel gaining a new facility clearance. You can also use visual aids, like a poster in a heavily trafficked area, to help remind personnel of the requirements.
Starting in August 2021, when the new NISPOM officially comes out, all cleared personnel must be in full compliance with these new reporting requirements, so take advantage of the remaining grace period and get it done sooner rather than later. The DCSA has released some further clarifications on how to follow these rules, which you can find here.
How you communicate the new requirements is up to you. You can hold a training on the new requirements or send them in an email to all cleared personnel. You will want to incorporate them into future annual security trainings.
Experts at Adamo can come alongside your team and help you navigate these new requirements and other security needs you may have with our FSO support plans. Contact us to find out how we can help you enhance your security team.