SlideShare a Scribd company logo

NISP.Informational.Brochure

M
Matthew W. Stephan, CISM, CISSP, CRISC, CGEIT, PMP
1 of 2
Download to read offline
700 Pennsylvania Avenue, NW Room 100 Washington, DC 20408 Phone: 202.357.5250 Fax: 202.357.5907 isoo@nara.gov CONTACT INFORMATION THE INFORMATION SECURITY OVERSIGHT OFFICE Director, Information Security Oversight Office National Archives and Records Administration 700 Pennsylvania Avenue, NW, Room 100 Washington, DC 20408 | (202) 357-5250 www.archives.gov/isoo | E-mail: isoo@nara.gov NISP www.archives.gov/isoo/oversight- groups/nisp/index.html | E-mail: nisp@nara.gov NISPPAC http://www.archives.gov/isoo/oversight- groups/nisppac/ | E-mail: nisppac@nara.gov DEFENSE SECURITY SERVICE (DSS) Customer Service | 1-888-282-7682 http://www.dss.mil | E-mail: occ.cust.serv@dss.mil GOVERNMENT & INDUSTRY MEMBERS For information on the Government and industry representatives, please visit the NISPPAC website at: http://www.archives.gov/isoo/oversight- groups/nisppac/membership.html
NISP In January 1993, the National Industrial Security Program (NISP) was established by Executive Order 12829, as amended. The goal of the NISP is the safeguard classified information in the possession of Government contractors, licensees, or grantees in the most efficient and cost effective manner possible. The NISP applies to all executive branch agencies. The major signatories to the Program are the Department of Energy, the Nuclear Regulatory Commission, the Department of Defense (DOD), and the Central Intelligence Agency. Consistent with the goal of achieving greater uniformity in security requirements for classified contracts, the four major tenets of the NISP are: Achieving uniformity in security procedures. Implementing the reciprocity principle in security procedures, particularly with regard to facility and personnel clearances. Eliminating duplicative or unnecessary requirements. Achieving reductions in security costs. Policy and Operational Oversight Information Security Oversight Office— Executive Order 12829, as amended, requires the Information Security Oversight Office (ISOO) to exercise policy oversight on behalf of the National Security Council (NSC). ISOO responsibilities include implementing and monitoring the NISP and overseeing agency, contractor, licensee, and grantee actions to ensure that they comply with Executive Order 12829, as amended. ISOO also reviews all agency implementing regulations, internal rules, or guidelines, and conducts on-site reviews of the implementation of the NISP by each agency, contractor, licensee, and grantee that has access to or stores classified information. Additionally, ISOO reports annually to the President on the NISP. ISOO is also responsible for overseeing the Government-wide security classification program established under Executive Order 13526, “Classified National Security Information”. In addition to reporting to the President annually on the status of this program, ISOO performs similar functions to those noted for the NISP. ISOO also recommends policy changes to the security classification system to the President through the NSC. Secretary of Defense— The NISP assigns operational oversight to the Secretary of Defense, who acts as Executive Agent of the NISP, and has final responsibility for issuing and maintaining the National Industrial Security Program Operating Manual (NISPOM). As the Executive Agent, the Secretary of Defense also provides information on the implementation of the NISP within industry. Defense Security Service— The Director of the Defense Security Service (DSS) administers the NISP on behalf of the Secretary of Defense and its user agencies. DSS adjudicates OPM personnel security investigations to determine an individual’s suitability for access to classified information for a sensitive position within DOD including DOD cleared contractor facilities. NISPPAC Executive Order 12829, as amended, also established the National Industrial Security Program Policy Advisory Committee (NISPPAC). The NISPPAC represents a true partnership between Government and industry in policy making. The NISPPAC, with representation from 16 Government and 8 industry members, advises the Director of ISOO (who serves as its Chair) on all matters concerning the policies of the NISP, including recommending changes to those policies. It serves as a forum for discussing policy issues in dispute. In keeping with its oversight responsibilities, ISOO continues to evaluate the effectiveness of the NISP. The NISPPAC has formed working groups to resolve specific issues that arise in the NISP, such as contractor Personnel Security Clearances (PCL); Foreign, Ownership, Control or Influence (FOCI); and the Certification and Accreditation of Information Systems (C&A). The NISPPAC meets at a minimum of twice a year and its meetings are open to the public. The NISPPAC is administered through the Federal Advisory Committee Act (FACA), its charter, bylaws, as well as reports on committee activities are posted online at the NISPPAC website at: http://www.archives.gov/isoo/oversight-groups/nisppac/

Recommended

Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNtxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNorth Texas Chapter of the ISSA
 
2016 02-14 - tlp-white ce2016 presentation
2016 02-14 - tlp-white ce2016 presentation2016 02-14 - tlp-white ce2016 presentation
2016 02-14 - tlp-white ce2016 presentationisc2-hellenic
 
Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Brian Honan
 
2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapterisc2-hellenic
 
Why 5 sf article
Why 5 sf articleWhy 5 sf article
Why 5 sf articleJhon Kyle
 
ACDM approche detection malware
ACDM approche detection malware ACDM approche detection malware
ACDM approche detection malware youssra chaib
 
Facts you don’t know about pakistan
Facts you don’t know about pakistanFacts you don’t know about pakistan
Facts you don’t know about pakistanMr Cracker
 
Cuarto grado
Cuarto gradoCuarto grado
Cuarto gradoFrancisco J Garduño G
 

Recommended

Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNtxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNorth Texas Chapter of the ISSA
 
2016 02-14 - tlp-white ce2016 presentation
2016 02-14 - tlp-white ce2016 presentation2016 02-14 - tlp-white ce2016 presentation
2016 02-14 - tlp-white ce2016 presentationisc2-hellenic
 
Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Brian Honan
 
2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapterisc2-hellenic
 
Why 5 sf article
Why 5 sf articleWhy 5 sf article
Why 5 sf articleJhon Kyle
 
ACDM approche detection malware
ACDM approche detection malware ACDM approche detection malware
ACDM approche detection malware youssra chaib
 
Facts you don’t know about pakistan
Facts you don’t know about pakistanFacts you don’t know about pakistan
Facts you don’t know about pakistanMr Cracker
 
Cuarto grado
Cuarto gradoCuarto grado
Cuarto gradoFrancisco J Garduño G
 
2004-annual-report
2004-annual-report2004-annual-report
2004-annual-reportMatthew W. Stephan, CISM, CISSP, CRISC, CGEIT, PMP
 
Rapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance GuideRapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance GuideRapid7
 
2002-annual-report
2002-annual-report2002-annual-report
2002-annual-reportMatthew W. Stephan, CISM, CISSP, CRISC, CGEIT, PMP
 
2001-annual-report
2001-annual-report2001-annual-report
2001-annual-reportMatthew W. Stephan, CISM, CISSP, CRISC, CGEIT, PMP
 
2003-annual-report
2003-annual-report2003-annual-report
2003-annual-reportMatthew W. Stephan, CISM, CISSP, CRISC, CGEIT, PMP
 
2002-NISPreport
2002-NISPreport2002-NISPreport
2002-NISPreportMatthew W. Stephan, CISM, CISSP, CRISC, CGEIT, PMP
 
The Business Of Information Security V2.0
The Business Of Information Security V2.0The Business Of Information Security V2.0
The Business Of Information Security V2.0theonassiokas
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Government Technology and Services Coalition
 
Protecting non fed controlled unclassified info nist sp-800-171
Protecting non fed controlled unclassified info nist sp-800-171Protecting non fed controlled unclassified info nist sp-800-171
Protecting non fed controlled unclassified info nist sp-800-171RepentSinner
 
31,000 federal government cyber incidents identified by White House
31,000 federal government cyber incidents identified by White House31,000 federal government cyber incidents identified by White House
31,000 federal government cyber incidents identified by White HouseDavid Sweigert
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsJon Bosco
 
Government can save millions by reforming Security Policy
Government can save millions by reforming Security Policy Government can save millions by reforming Security Policy
Government can save millions by reforming Security Policy Valdes Nzalli
 
NIST SP 800-171 - Protecting Controlled Unclassified Information
NIST SP 800-171 - Protecting Controlled Unclassified Information NIST SP 800-171 - Protecting Controlled Unclassified Information
NIST SP 800-171 - Protecting Controlled Unclassified Information David Sweigert
 
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]Walter Richard Sweeney
 
Contingency Planning Guide for Federal Information Systems Maria.docx
Contingency Planning Guide for Federal Information Systems Maria.docxContingency Planning Guide for Federal Information Systems Maria.docx
Contingency Planning Guide for Federal Information Systems Maria.docxmaxinesmith73660
 
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Global Knowledge Training
 
Information Sharing and Protection
Information Sharing and ProtectionInformation Sharing and Protection
Information Sharing and ProtectionOxford Martin Centre, OII, and Computer Science at the University of Oxford
 
CUI Permanent Presentation.ppt
CUI Permanent Presentation.ppt CUI Permanent Presentation.ppt
CUI Permanent Presentation.pptTom Huskerson
 
CUI Presentation.ppt
CUI Presentation.pptCUI Presentation.ppt
CUI Presentation.pptTomHuskerson1
 

More Related Content

Similar to NISP.Informational.Brochure

Rapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance GuideRapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance GuideRapid7
 
The Business Of Information Security V2.0
The Business Of Information Security V2.0The Business Of Information Security V2.0
The Business Of Information Security V2.0theonassiokas
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
Protecting non fed controlled unclassified info nist sp-800-171
Protecting non fed controlled unclassified info nist sp-800-171Protecting non fed controlled unclassified info nist sp-800-171
Protecting non fed controlled unclassified info nist sp-800-171RepentSinner
 
31,000 federal government cyber incidents identified by White House
31,000 federal government cyber incidents identified by White House31,000 federal government cyber incidents identified by White House
31,000 federal government cyber incidents identified by White HouseDavid Sweigert
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsJon Bosco
 
Government can save millions by reforming Security Policy
Government can save millions by reforming Security Policy Government can save millions by reforming Security Policy
Government can save millions by reforming Security Policy Valdes Nzalli
 
NIST SP 800-171 - Protecting Controlled Unclassified Information
NIST SP 800-171 - Protecting Controlled Unclassified Information NIST SP 800-171 - Protecting Controlled Unclassified Information
NIST SP 800-171 - Protecting Controlled Unclassified Information David Sweigert
 
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]Walter Richard Sweeney
 
Contingency Planning Guide for Federal Information Systems Maria.docx
Contingency Planning Guide for Federal Information Systems Maria.docxContingency Planning Guide for Federal Information Systems Maria.docx
Contingency Planning Guide for Federal Information Systems Maria.docxmaxinesmith73660
 
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Global Knowledge Training
 
CUI Permanent Presentation.ppt
CUI Permanent Presentation.ppt CUI Permanent Presentation.ppt
CUI Permanent Presentation.pptTom Huskerson
 
CUI Presentation.ppt
CUI Presentation.pptCUI Presentation.ppt
CUI Presentation.pptTomHuskerson1
 

Similar to NISP.Informational.Brochure (20)

2004-annual-report
2004-annual-report2004-annual-report
2004-annual-report
 
Rapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance GuideRapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance Guide
 
2002-annual-report
2002-annual-report2002-annual-report
2002-annual-report
 
2001-annual-report
2001-annual-report2001-annual-report
2001-annual-report
 
2003-annual-report
2003-annual-report2003-annual-report
2003-annual-report
 
2002-NISPreport
2002-NISPreport2002-NISPreport
2002-NISPreport
 
The Business Of Information Security V2.0
The Business Of Information Security V2.0The Business Of Information Security V2.0
The Business Of Information Security V2.0
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
 
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
Emile Monette: How do we Strengthen the Public-Private Partnership to Mitigat...
 
Protecting non fed controlled unclassified info nist sp-800-171
Protecting non fed controlled unclassified info nist sp-800-171Protecting non fed controlled unclassified info nist sp-800-171
Protecting non fed controlled unclassified info nist sp-800-171
 
31,000 federal government cyber incidents identified by White House
31,000 federal government cyber incidents identified by White House31,000 federal government cyber incidents identified by White House
31,000 federal government cyber incidents identified by White House
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity Regulations
 
Government can save millions by reforming Security Policy
Government can save millions by reforming Security Policy Government can save millions by reforming Security Policy
Government can save millions by reforming Security Policy
 
NIST SP 800-171 - Protecting Controlled Unclassified Information
NIST SP 800-171 - Protecting Controlled Unclassified Information NIST SP 800-171 - Protecting Controlled Unclassified Information
NIST SP 800-171 - Protecting Controlled Unclassified Information
 
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
20170112 Working Group Assessment Mandate Presentation DRAFT V1[2]
 
Contingency Planning Guide for Federal Information Systems Maria.docx
Contingency Planning Guide for Federal Information Systems Maria.docxContingency Planning Guide for Federal Information Systems Maria.docx
Contingency Planning Guide for Federal Information Systems Maria.docx
 
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
 
Information Sharing and Protection
Information Sharing and ProtectionInformation Sharing and Protection
Information Sharing and Protection
 
CUI Permanent Presentation.ppt
CUI Permanent Presentation.ppt CUI Permanent Presentation.ppt
CUI Permanent Presentation.ppt
 
CUI Presentation.ppt
CUI Presentation.pptCUI Presentation.ppt
CUI Presentation.ppt
 

NISP.Informational.Brochure

  • 1. 700 Pennsylvania Avenue, NW Room 100 Washington, DC 20408 Phone: 202.357.5250 Fax: 202.357.5907 isoo@nara.gov CONTACT INFORMATION THE INFORMATION SECURITY OVERSIGHT OFFICE Director, Information Security Oversight Office National Archives and Records Administration 700 Pennsylvania Avenue, NW, Room 100 Washington, DC 20408 | (202) 357-5250 www.archives.gov/isoo | E-mail: isoo@nara.gov NISP www.archives.gov/isoo/oversight- groups/nisp/index.html | E-mail: nisp@nara.gov NISPPAC http://www.archives.gov/isoo/oversight- groups/nisppac/ | E-mail: nisppac@nara.gov DEFENSE SECURITY SERVICE (DSS) Customer Service | 1-888-282-7682 http://www.dss.mil | E-mail: occ.cust.serv@dss.mil GOVERNMENT & INDUSTRY MEMBERS For information on the Government and industry representatives, please visit the NISPPAC website at: http://www.archives.gov/isoo/oversight- groups/nisppac/membership.html
  • 2. NISP In January 1993, the National Industrial Security Program (NISP) was established by Executive Order 12829, as amended. The goal of the NISP is the safeguard classified information in the possession of Government contractors, licensees, or grantees in the most efficient and cost effective manner possible. The NISP applies to all executive branch agencies. The major signatories to the Program are the Department of Energy, the Nuclear Regulatory Commission, the Department of Defense (DOD), and the Central Intelligence Agency. Consistent with the goal of achieving greater uniformity in security requirements for classified contracts, the four major tenets of the NISP are: Achieving uniformity in security procedures. Implementing the reciprocity principle in security procedures, particularly with regard to facility and personnel clearances. Eliminating duplicative or unnecessary requirements. Achieving reductions in security costs. Policy and Operational Oversight Information Security Oversight Office— Executive Order 12829, as amended, requires the Information Security Oversight Office (ISOO) to exercise policy oversight on behalf of the National Security Council (NSC). ISOO responsibilities include implementing and monitoring the NISP and overseeing agency, contractor, licensee, and grantee actions to ensure that they comply with Executive Order 12829, as amended. ISOO also reviews all agency implementing regulations, internal rules, or guidelines, and conducts on-site reviews of the implementation of the NISP by each agency, contractor, licensee, and grantee that has access to or stores classified information. Additionally, ISOO reports annually to the President on the NISP. ISOO is also responsible for overseeing the Government-wide security classification program established under Executive Order 13526, “Classified National Security Information”. In addition to reporting to the President annually on the status of this program, ISOO performs similar functions to those noted for the NISP. ISOO also recommends policy changes to the security classification system to the President through the NSC. Secretary of Defense— The NISP assigns operational oversight to the Secretary of Defense, who acts as Executive Agent of the NISP, and has final responsibility for issuing and maintaining the National Industrial Security Program Operating Manual (NISPOM). As the Executive Agent, the Secretary of Defense also provides information on the implementation of the NISP within industry. Defense Security Service— The Director of the Defense Security Service (DSS) administers the NISP on behalf of the Secretary of Defense and its user agencies. DSS adjudicates OPM personnel security investigations to determine an individual’s suitability for access to classified information for a sensitive position within DOD including DOD cleared contractor facilities. NISPPAC Executive Order 12829, as amended, also established the National Industrial Security Program Policy Advisory Committee (NISPPAC). The NISPPAC represents a true partnership between Government and industry in policy making. The NISPPAC, with representation from 16 Government and 8 industry members, advises the Director of ISOO (who serves as its Chair) on all matters concerning the policies of the NISP, including recommending changes to those policies. It serves as a forum for discussing policy issues in dispute. In keeping with its oversight responsibilities, ISOO continues to evaluate the effectiveness of the NISP. The NISPPAC has formed working groups to resolve specific issues that arise in the NISP, such as contractor Personnel Security Clearances (PCL); Foreign, Ownership, Control or Influence (FOCI); and the Certification and Accreditation of Information Systems (C&A). The NISPPAC meets at a minimum of twice a year and its meetings are open to the public. The NISPPAC is administered through the Federal Advisory Committee Act (FACA), its charter, bylaws, as well as reports on committee activities are posted online at the NISPPAC website at: http://www.archives.gov/isoo/oversight-groups/nisppac/