NISPOM Conforming Change 2 was released May 21, 2016:
The Department of Defense published Change 2 to DoD 5220.22-M, “National Industrial Security Operating Manual (NISPOM).” NISPOM Change 2 requires contractors to establish and maintain an insider threat program to detect, deter and mitigate insider threats. Specifically, the program must gather, integrate, and report relevant and credible information covered by any of the 13 personnel security adjudicative guidelines that is indicative of a potential or actual insider threat to deter cleared employees from becoming insider threats; detect insiders who pose a risk to classified information; and mitigate the risk of an insider threat. Contractors must have a written program plan in place to begin implementing insider threat requirements of Change 2 no later than November 30, 2016.
History of NISPOM:
NISPOM, the National Industrial Security Policy Operating Manual is the roadmap for all U.S. Government Contractors supporting Classified Government Programs. It was published in 2006. It prescribes the requirements, restrictions, and other safeguards to prevent unauthorized disclosure of classified information.
Updates to NISPOM have included Conforming Change 1, March 28, 2013—and now on May 21, 2016, NISPOM Conforming Change 2 has been published. You will have until November 30, 2016 to implement your Insider Threat Program.
Why this update?
All employers face the risk of insider threats. Whether it is due to a malicious insider, or due to honest employee mistakes, the insider threat has no sign of abating in this digital age of storing, transferring and maintaining vital company data. So it makes sense that in response to major government breaches, like Edward Snowden’s informational leaks, the Washington Navy Yard Shooting—and more—The US Government is trying to be sure its Contractors stay ahead of the risk of an internal breach.
NISPOM Conforming Change 2, is all about helping Government Contractors recognize and stop these insider threats from manifesting. Federal law now mandates that Government Contractors not only have an insider threat detection program, but that their internal organizational security meet specific functioning standards.
What you need to do to conform:
Security officers can take each of these steps now to address insider threat and stay ahead of the curve:
· Establish an insider threat program that will identify and report suspicious activities or threats
· Designate a senior contractor official
· Comply with “Minimum Reporting Requirements for Personnel with National Security Eligibility Determinations”
· Provide records pertinent to insider threat
· Train relevant personnel
· Implement protective measures pertinent to user activity monitoring on classified networks
Fully satisfy your user activity monitoring for NISPOM Confirming Change 2 now. Start with a FREE 15-day Trial of ObserveIT. Download a free eBook to learn how to build your Insider Threat Program within 90 days!
Find out more about NISPOM CONFORMING CHANGE 2.