Licensed defense contractors provide the technology and knowledge that deliver products and services to our defense industry. CDC and be a prime contractor or subcontractor and are contracted to support government organizations. The CDC designation indicates that the organization is a government contractor with installation authorization and is comprised of employees with personnel security clearance. With classified contracts, CDC is obligated to protect the classified information of its government customers while performing the classified contracts.

The CDC is part of the National Industrial Safety Program (NISP). The National Industrial Security Program Operating Manual (NISPOM) provides guidance on how to perform on classified contracts. The guide includes topics such as employee responsibilities, required training, ongoing assessment, maintaining security clearance, and much more. The Defense Counterintelligence and Security Agency (DCSA), formally known as DSS, provides most of the DoD agency’s oversight and compliance reviews. They conduct vulnerability assessments and determine how well a CDC protects classified information according to NISPOM.

Cleared Defense Contractors do a great job not only performing classified contracts, protecting classified information, but also documenting or validating compliance. The following tools should be in CDC’s toolbox and can be used to help them remain compliant and demonstrate their level of compliance.

1. Operational Manual of the National Industrial Program (NISPOM)

The National Industrial Security Program Operating Manual (NISPOM) is the Department of Defense’s instruction to contractors on how to protect classified information. This printing of NISPOM includes the latest from the Defense Security Services to include an Industrial Security Index and Letters. The NISPOM addresses the responsibilities of an approved contractor, including: security clearances, required training and briefings, classification and markings, protection of classified information, visits and meetings, subcontracting, information system security, special requirements, security requirements international and much more.

2. International Traffic in Arms Regulations (ITAR)

“Any person engaged in the business of manufacturing or exporting defense articles or providing defense services in the United States must register…” ITAR “It is the responsibility of the contractor to comply with all applicable laws and regulations regarding controlled exports “. elements.”-DDTC

Companies that provide defense goods and services must know how to protect American technology; ITAR provides the answers. ITAR is the defense products and services provider’s guide to when and how to obtain an export license. This book provides answers to:

Which defense contractors must register with the DDTC?

What defense products require export licences?

What defense services require export licences?

What are the export responsibilities of companies and governments?

What constitutes an export?

How do I apply for a license or support agreement?

3. NISP Contractor Self-Inspection Manual

The National Industrial Safety Program Operating Manual (NISPOM) requires that all participants in the National Industrial Safety Program (NISP) conduct their own safety reviews (self-inspections). This Self-Inspection Manual is designed as a job aid to help you comply with this requirement. It is not intended to be used as a checklist only. Rather, its goal is to help you develop a viable self-inspection program specifically designed for the classified needs of your chartered business. You will also find that they have included several techniques that will help improve the overall quality of your self-inspection. To be most effective, it is suggested that you consider your self-inspection as a three-step process: 1) pre-inspection 2) self-inspection 3) post-inspection.

4. Training for authorized employees

in. Initial Security Awareness Training and Security Awareness Refresher Training

Initial Security Awareness Training and Security Awareness Refresher Training

The main presentation is excellent for initial training or for the annual security awareness refresher training that is required of all authorized employees.

NISPOM requires the following training topics during initial training and refresher training:

• Threat awareness security report, including insider threat

• Counterintelligence awareness briefing

• General description of the securities classification system

• Employee reporting obligations and requirements, including insider threat

• Cybersecurity awareness training for all authorized IS users

NISPOM training contains the requirements for annual security training and initial security training.

B. Derivatives classifier training

The NISPOM outlines the requirements for derivatives classification training to include… the proper application of derivatives classification principles, with an emphasis on avoiding overclassification, at least once every 2 years. Those who do not have this training are not authorized to perform the tasks.

Contractor personnel make derivative classification decisions when they incorporate, paraphrase, reformulate, or re-generate information that is already classified; then mark the newly developed material in a manner consistent with the classification marks that apply to the source information.

against Insider Threat Training

This training program includes the insider threat training requirements identified by NISPOM. NISPOM has identified the following requirements for establishing an insider threat program. Download and submit the training here and complete the training requirements:

• Appoint a senior insider threat officer

• Establish an Insider Threat Program / Self-certify Implementation Plan in writing to DSS.

• Establish an Insider Threat Program group

• Provide insider threat training

• Monitor classified network activity

• Collect, integrate and report relevant and credible information; detect privileged information that poses a risk to classified information; and mitigate the risk of insider threats

• Conduct Insider Threat Program self-inspections.

D. SF 312 Briefing

This training is for newly authorized employees and should be given prior to initial safety briefings.

Newly authorized employees must sign an SF-312 Confidentiality Agreement. Instead of just asking them to sign the box, why not give them the proper SF-312 Report that describes what exactly is on the form and why they are signing it?

As mentioned above, CDCs not only have to perform on classified contracts according to contractual requirements, but are also evaluated on how well they protect classified information. The tools listed above are designed to help CDC comply with the requirements.