LRAFB SFPC - National Industrial Security Program (NISP) Reporting Requirements

Changes Affecting the Facility (2)

Reports to be submitted to the Cognizant Security Agency (CSA): • Changed Conditions Affecting the Facility Clearance • Changes in Storage Capability • Inability to Safeguard Classified Material • Unsatisfactory Conditions of a Prime or Subcontractors • Dispositioned Material Previously Terminated • Foreign Classified Contracts • Improper Receipt of Foreign Government Material • Reporting by Subcontractor • Loss, Compromise or Suspected Compromise • Employee Information in Compromise Cases • Individual Culpability Reports • Cyber Incident Reports

Security Executive Agent Directive (SEAD) 4, National Security Adjudicative Guidelines (13):

Security Executive Agent Directive (SEAD) 4, National Security Adjudicative Guidelines (13): • Allegiance to the United States • Foreign influence • Foreign preference • Sexual behavior • Personal conduct • Financial considerations • Alcohol consumption • Drug Involvement and substance misuse • Psychological conditions • Criminal conduct • Handling protected information • Outside activities • Use of information technology

Change Conditions Affecting the Facility Clearance (FCL)

The National Industrial Security Program Operating Manual (NISPOM) requires contractors to report the following changed conditions that affect the contractor's eligibility for access to classified information and certain events that affect the status of the Facility Clearance (FCL): • Changes in company or facility ownership. • Changes in the name or address of the company or facility. • Changes to Key Management Personnel (KMP). • Termination of company operations for any reason, including bankruptcy, and actual or anticipated changes in Foreign Ownership, Control, or Influence (FOCI).

Changes Affecting & Reporting on Personnel

The six reportable Personnel items from the National Industrial Security Program Operating Manual (NISPOM): • Adverse Information • Suspicious Contacts • Change in Cleared Employee Status • Citizenship by Naturalization • Employees Desiring Not to be Processed for a personnel clearance (PCL) or Not to Perform on Classified Work • Refusal to Sign Standard Form (SF) 312

Why do contractors need to be concerned with reporting?

To protect our national security, to protect our service members, to protect our economic stability, and to protect your company's own competitive advantage in the marketplace.

Adverse Information

• Adverse information can also be an indicator of a potential or actual insider threat. • It is important and required that you not only have a system in place to report adverse information using the appropriate function in the DOD personnel security system of record, but that your employees understand what is meant by the term adverse information.

Federal Bureau of Investigation (FBI)

• Although you will submit the majority of your reports to Defense Counterintelligence and Security Agency (DCSA) as the Cognizant Security Agency (CSA), some potentially grave threats to national security require immediate reporting directly to the Federal Bureau of Investigation (FBI). • Such threats include any information involving actual, probable, or possible espionage, sabotage, terrorism, or subversive activities. • When reporting to the FBI, an initial report may be made by phone, but a written report must follow. • The National Industrial Security Program Operating Manual (NISPOM) requires that you provide the DCSA Industrial Security (IS) Rep a copy of the report submitted to the FBI.

Facility Clearance (FCL) System of Record

• An electronic system that is a repository of information about DOD cleared contractor facilities. • The system has internal users (with full access) such as Defense Counterintelligence and Security Agency (DCSA) personnel and external users (with limited access). • It offers a variety of functionality that facilitates the process for Facility Clearance (FCL) requests, processing, and maintenance. • Functions and features include but are not limited to the following: request an FCL, report a change condition, message your Industrial Security (IS) Rep, request a facility profile update, submit an FCL verification and submit an annual self-inspection certification.

Suspicious Contacts (1)

• Efforts by any individual, regardless of nationality, to obtain illegal or unauthorized access to classified information. • Efforts by any individual to elicit information from a cleared employee. • Any contact which suggests the employee may be the target of an attempted exploitation by an intelligence service of another country.

Facility Security Officer (FSO) Reporting Requirements (1)

• On the industry side, each cleared contractor facility must appoint an Facility Security Officer (FSO), who supervises and directs security measures for implementing applicable National Industrial Security Program Operating Manual (NISPOM) and related government security requirements to ensure the protection of classified information. • The FSO is the link between government and industry. • One of the FSO's responsibilities is to ensure that appropriate reports are made in a timely manner.

How to report Issues affecting Personnel Security Clearances (PCLs)

• Reports affecting Personnel Security Clearances (PCLs) are submitted to Defense Counterintelligence and Security Agency (DCSA) via the DOD personnel security system of record while reports affecting your Facility Clearance (FCL) or safeguarding capabilities are submitted to the DCSA Industrial Security (IS) Rep. • Depending on the nature of the report, the DCSA IS Rep may further disseminate the report to other DCSA personnel such as the Counterintelligence Special Agent (CISA) and the Information System Security Professional/Security Control Assessor (ISSP/SCA).

DOD Personnel Security System of Record

• Reports that may affect the status of cleared personnel are submitted to Defense Counterintelligence and Security Agency (DCSA) using the DOD personnel security system of record. Term: DOD Personnel Security System of Record: A system of record for personnel security, adjudication determination, clearance, verification, and history. • The term applies not only to this system but to any successor of the DOD personnel security system of record.

Defense Counterintelligence and Security Agency (DCSA) Industrial Security (IS) Rep

• Reports that may affect the status of your company's FCL and events that affect proper safeguarding of classified information are sent to the Defense Counterintelligence and Security Agency (DCSA) Industrial Security (IS) Rep. • These reports are submitted either in writing, by letter or e-mail, directly to the DCSA IS Rep or through the Facility Clearance (FCL) System of Record.

Standard Form 312, Classified Information Nondisclosure Agreement

• Required part of the Personnel Security Clearance (PCL), process. • All cleared employees must sign this form prior to having access to classified information. • Any cleared employee who refuses to complete and sign the SF 312 must be reported to Defense Counterintelligence and Security Agency (DCSA) using the appropriate function in the current DOD personnel security system of record.

Suspicious Contacts (2)

• Suspicious contacts may suggest serious threats to national security. • Taken individually, each unique incidence of suspicious contact may seem relatively innocuous. • But collectively, reports of suspicious contacts can be combined from various sources to paint a much different picture, helping the government to identify patterns of suspicious behavior that are much more pervasive than they may first appear.

Facility Security Officer (FSO) Reporting Requirements (2)

• The Facility Security Officer (FSO) is responsible for reporting events they have directly witnessed, and ensuring their cleared employees are making the appropriate required reports. • Not only is the FSO responsible for ensuring that their cleared employees are aware of the National Industrial Security Program Operating Manual (NISPOM) reporting requirements, they must also ensure their employees know what information should be reported and how to make reports. • Once a report is received by the FSO, it is then up to the FSO to submit the reports accordingly.

National Industrial Security Program Operating Manual (NISPOM) Reporting Requirements

• The National Industrial Security Program Operating Manual (NISPOM) establishes the baseline security requirements to ensure that safeguards employed by contractors are adequate for the protection of classified information. • One such requirement, defined in the NISPOM, states that contractors must report certain events to the appropriate government agencies, that may have an effect on the status of the entity's or an employee's eligibility for access to classified information. This requirement includes both your own observations and those of your cleared employees. • This requirement to report applies to certain events that may have an effect on the status of the contractor's favorable entity eligibility determination, also referred to as a Facility Security Clearance (FCL) or affect the status of an employee's favorable national security eligibility determination, also referred to as a Personnel Security Clearance (PCL); may indicate an insider threat to classified information or to employees with access to classified information; affect the proper safeguarding of classified information, and indicate that classified information has been, or is suspected to be, lost or compromised.

Changes Affecting the Facility (1)

• The National Industrial Security Program Operating Manual (NISPOM) lists different types of information or events that may affect the facility and its facility clearance (FCL).

What must be reported?

• The National Industrial Security Program Operating Manual (NISPOM) lists the various events that must be reported. • The easiest way to understand these reports is to group them by where most reports will be submitted. • According to the NISPOM, most reports are submitted to the Federal Bureau of Investigation (FBI), or the Cognizant Security Agency (CSA). • The CSA reports are submitted to the Defense Counterintelligence and Security Agency (DCSA) via the DOD personnel security system of record, with certain reports going to your DCSA Industrial Security Representative (IS Rep).

Defense Counterintelligence and Security Agency (DCSA)

• The majority of National Industrial Security Program Operating Manual (NISPOM) reports will be submitted to the DCSA, acting as the Cognizant Security Office (CSO) on behalf of your Cognizant Security Agency (CSA). • Depending on the type of information that is being reported, CSA reports should be submitted to DCSA in one of two ways. • Reports that have an effect on the status of your company's FCL and safeguarding capability are submitted to the DCSA Industrial Security (IS) Rep assigned to your facility. • Reports that may have an effect on the status of the Personnel Security Clearances (PCLs) of your cleared employees are submitted to DCSA via the DOD personnel security system of record.

Suspicious Indicators

• Unsolicited requests for information: Individuals or organizations making unsolicited requests for information about a company. Such requests may involve surveys or questionnaires being sent electronically to individuals within the company. individuals within your facility. • Academic solicitation: An overqualified individual seeking an intern role in a cleared environment. • Inappropriate conduct during office visits: Individuals displaying inappropriate conduct during visits to a facility. This may include visitors having a hidden agenda or asking questions outside the scope of the visit. • Suspicious work offers: Suspicious offers to perform work for a company, such as foreign scientists, engineers, or interns offering their services for free. • Targeting cultural commonalities: Foreign contact with individuals in a company based on their family origin. • Suspicious network activity: Indicators include activities like multiple attempts to unsuccessfully log into a system or accessing a system that is unrelated to the cleared employee's purview.