Presentation is loading. Please wait.

Presentation is loading. Please wait.

OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil August 12, 2014 UNCLASSIFIED NISPOM Update.

Published byJunior Edwards Modified over 8 years ago

Similar presentations

Presentation on theme: "OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil August 12, 2014 UNCLASSIFIED NISPOM Update."— Presentation transcript:

1 OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil August 12, 2014 UNCLASSIFIED NISPOM Update

2 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) NISPOM changes Insider threat-related Chp 1 Chp 3 Chp 8 Other changes Chp 1 New appendix D: NISPOM Supplement Continuous evaluation status Questions AGENDA 2 UNCLASSIFIED

3 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) New NISPOM 1-202 Insider Threat Program Establish and Maintain Insider Threat program Designate Insider Threat Senior Official Must be cleared in connection with facility clearance Establish and execute an insider threat program May be FSO, but also has to be a Senior Official FSO must be integral member of contractor’s program Gather, Integrate and Report As required by Cognizant Security Agency Relevant and available information indicative of a potential or actual insider threat Clarification will be by Industrial Security Letter NISPOM Conforming Change #2 3 UNCLASSIFIED

4 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) New NISPOM 3-103: Insider Threat Training Considered appropriate by the CSA Personnel with insider threat program responsibilities Counterintelligence and security fundamentals Procedures for conducting insider threat response actions Applicable laws related to use (or misuse of records and data) All other cleared personnel Insider threat awareness training Required training before being granted access to classified information Establish and maintain a record of all cleared employees who have completed the initial and annual training NISPOM Conforming Change #2 4 UNCLASSIFIED

5 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Chapter 8: Revisions ISSM role includes insider threat awareness User activities on systems are subject to monitoring Banners on all classified information systems (ISs) Signed acknowledgement by each user Acceptance of responsibility for security of classified ISs Activity on classified network is subject to monitoring Could be used in criminal, security or administrative actions Security awareness training for all users (chp 3) CSA guidance will be based on guidance for Federal ISs Terminology updates to synchronize to NIST 800-37 e.g., Assessment and Authorization instead of Certification and Accreditation NISPOM Conforming Change #2 5 UNCLASSIFIED

6 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) New 1-401: Report cyber intrusions into cleared defense contractors (CDCs) classified information systems to DoD (section 941, FY13, NDAA) New Appendix D: NISPOM Supplement: will cancel 1995 NISPOM Supplement 1 NISPOM Conforming Change #2 Other Major Changes 6 UNCLASSIFIED Goal: Promulgate NISPOM Change #2 by end of CY 2014 Implementation: No later than 6 months from publication (NISPOM paragraph 1-102c)

7 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) WNY Implementation Plan Task 1 Objective: Develop a technical solution that supplements existing security processes (e.g., self-reporting) to identify detrimental information and/or adverse activities that occur between Periodic Reinvestigations. A technical CE solution will play a crucial role in improving personnel security and identifying potential insider threats. A successful technical capability may have the potential to replace PRs for personnel with Secret clearances in the future. Continuous Evaluation and Insider Threat 7 UNCLASSIFIED

8 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Executive Order 13467 defines continuous evaluation (CE) CE means: reviewing the background of an individual who has been determined to be eligible for access to classified information (including additional or new checks of commercial databases, Government databases, and other information lawfully available to security officials) at any time during the period of eligibility to determine whether that individual continues to meet the requirements for eligibility for access to classified information. Continuous Evaluation 8 UNCLASSIFIED

9 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Continuous Evaluation Concept Demo (CECD) Goal: initiate CECD in SEP 2014 Continuously evaluate personnel for six months Population: 100,000 personnel of which ~25% will be contractor personnel Random selection criteria IT Contractor Pilot Goal: initiate in AUG/SEP 2014 Single-point-in-time checks Population: 3,000 contractor personnel Random selection criteria Continuous Evaluation Pilots 9 UNCLASSIFIED

10 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Questions Unclassified

11 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Unclassified BACKUP

12 Continuous Evaluation: Authorities and Responsibilities Executive Order 12968, 2 Aug 1995 (as amended). Access to Classified Information. Executive Order 13467, 30 Jun 2008. Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information. Presidential Memo - National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs, 21 Nov 2012 OMB Suitability and Security Processes Review Report to the President, Feb 2104. Recommendation A.3: Accelerate the implementation of a standardized program of Continuous Evaluation (CE), ensure full integration with agency Insider Threat Programs. White House Memo - Near-term Measures to Reduce the Risk of High-Impact Unauthorized Disclosures, 11 Feb 2014. A-3. DNI shall develop and launch a personnel Continuous Evaluation Program (CEP) that includes automated checks…The CEP shall reach initial operating capability by September 30, 2014. Standard Form 86, Questionnaire for National Security Positions, Revised Dec 2010. Form Approved: OMB No. 3206 0005.

13

14

Download ppt "OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil August 12, 2014 UNCLASSIFIED NISPOM Update."

Similar presentations

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
IT Security Law for Federal Agencies As of: 30 December 2002.

IT Security Law for Federal Agencies As of: 30 December 2002.
What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.

What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.
Industrial Security 2010 Worldwide Security Conference.

Industrial Security 2010 Worldwide Security Conference.
Defense Security Service Facility Clearance Branch (FCB)

Defense Security Service Facility Clearance Branch (FCB)
Defense Security Service. DSS Update DSS Changing With A Changing Security Environment.

Defense Security Service. DSS Update DSS Changing With A Changing Security Environment.
Briefing on Presidential Records Act and Federal Records Act Amendments of 2014 (HR 1233, PL 113-187) Gary Stern and Paul Wester Wednesday, December 10,

Briefing on Presidential Records Act and Federal Records Act Amendments of 2014 (HR 1233, PL ) Gary Stern and Paul Wester Wednesday, December 10,
NISPOM Update for JSAC Workshop

NISPOM Update for JSAC Workshop
Chapter 43 An Act Relative to Improving Accountability and Oversight of Education Collaboratives Presentation to Board of Elementary and Secondary Education.

Chapter 43 An Act Relative to Improving Accountability and Oversight of Education Collaboratives Presentation to Board of Elementary and Secondary Education.
In-sourcing Guidelines and Procedures By Dr. John Anderson. PDASA, FMMR, OASA(M&RA)

In-sourcing Guidelines and Procedures By Dr. John Anderson. PDASA, FMMR, OASA(M&RA)
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.

SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.
Summer 200811 IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
UNCLASSIFIED Foreign Ownership, Control, or Influence (FOCI) August 2009.

UNCLASSIFIED Foreign Ownership, Control, or Influence (FOCI) August 2009.
Information Security Policies and Standards

Information Security Policies and Standards
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Supplier Ethics: Program Checklist

Supplier Ethics: Program Checklist
Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Similar presentations

Ads by Google