OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil August 12, 2014 UNCLASSIFIED NISPOM Update.

Slides:



Advertisements
Similar presentations
Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
Advertisements

IT Security Law for Federal Agencies As of: 30 December 2002.
What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.
Industrial Security 2010 Worldwide Security Conference.
Defense Security Service Facility Clearance Branch (FCB)
Defense Security Service. DSS Update DSS Changing With A Changing Security Environment.
Briefing on Presidential Records Act and Federal Records Act Amendments of 2014 (HR 1233, PL ) Gary Stern and Paul Wester Wednesday, December 10,
NISPOM Update for JSAC Workshop
Chapter 43 An Act Relative to Improving Accountability and Oversight of Education Collaboratives Presentation to Board of Elementary and Secondary Education.
In-sourcing Guidelines and Procedures By Dr. John Anderson. PDASA, FMMR, OASA(M&RA)
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
SPēD Certification Program Executive Overview. 2April 2012Executive Overview Purpose Outline the SPēD Program Provide SPēD Program update Provide SPēD.
Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.
UNCLASSIFIED Foreign Ownership, Control, or Influence (FOCI) August 2009.
Information Security Policies and Standards
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Office of Inspector General (OIG) Internal Audit
Computer Security: Principles and Practice
Supplier Ethics: Program Checklist
Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.
1 Creating a Joint Personnel Adjudication System (JPAS) Analysis Report Michael S. Campbell Industrial Security Specialist Defense Security Service San.
Complying With The Federal Information Security Act (FISMA)
Internal Auditing and Outsourcing
OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil March 20, 2015 UNCLASSIFIED Industrial Security.
Information Systems Security Computer System Life Cycle Security.
DoD Acquisition Domain (Sourcing) (DADS) Analysis of Alternatives (AoA) E-Business/SPS Joint Users’ Conference November 15-19, 2004 Houston, TX.
1 Vicki Cutcliffe Chief 2012 Bureau of Law Enforcement.
Just In Time Training (JITT): How Not to Jump from the Frying Pan into the Fire.
ISP Preparation Series 3- Chapter 6. NISPOM Chapter 6- Visits and Meetings  General- anticipate discussion  Classified visits- minimum and.
1 DOE IMPLEMENTATION WORKSHOP ASSESSING MY EMS Steven R. Woodbury
PERFORMING ON CLASSIFIED CONTRACTS.
Section Five: Security Inspections and Reviews Note: All classified markings contained within this presentation are for training purposes only.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
NMS Certification and Accreditation (C&A) Removal of Material Weakness for NMS Security and Access Controls Jim Craft USAID ISSO.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
UNCLASSIFIED DITSCAP Primer. UNCLASSIFIED 1/18/01DITSCAP Primer.PPT 2 DITSCAP* Authority ASD/C3I Memo, 19 Aug 92 –Develop Standardized C&A Process DODI.
Presidential Memorandum on Managing Government Records Paul Wester Chief Records Officer for the U.S. Government National Archives and Records Administration.
1 CIP Cyber Security – Personnel & Training Steve Garn CIP Compliance Workshop Baltimore, MD August 19-20, 2009 © ReliabilityFirst Corporation.
Procurement Division Procurement Reform Recommendation #19  “DGS shall authorize individual signature authority for contracting and procurement officials.
Department of the Navy Information Security Program
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
Company Confidential Registration Management Committee (RMC) AS9104/2A Presentation San Diego, CA January 17, 2013 Tim Lee The Boeing Company 1 Other Party.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
Creating an Insider Threat Program.
OMB Memorandum M Implementation of the Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act) September 2013.
Defense Security Service Contractor SIPRNet Process June 2013
NISPOM Update for Dulles ISAC
Effectively Integrating Information Technology (IT) Security into the Acquisition Process A course for the Department of Commerce contracting and contracting.
NISPOM Chapter 1 Basics General Requirements Reporting Responsibilities Steven Rivera, FSO July 10, 2013.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
Federal Information Security Management Act (F.I.S.M.A.) [ Justin Killian ]
For Official Use Only (FOUO) and Similar Designations NPS Security Office
DEPUTY UNDER SECRETARY OF DEFENSE (Intelligence & Security) COUNTERINTELLIGENCE DIRECTORATE DoD Polygraph & Adjudication Process Study Mr. Thomas Ferguson.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Department of the Navy Security Enterprise Leadership Course Curriculum for Security Program Oversight 1.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.
Office of Economic Adjustment Roles and Assistance David F. Witschi Associate Director, OEA
ACCREDITATION PROCESS
SAA-COSA Annual Meeting Session 301: Capstone Officials & Public Records Arian D. Ravanbakhsh Office of the Chief Records Officer for the U.S. Government.
INSIDER THREAT AWARENESS
Derivative Classification Overview
Overview of the FEPAC Accreditation Process
Monitoring and Evaluation using the
DOE Office of Security Policy, AU-51 July 2018
Office of Departmental Personnel Security (AU-53) July 17, 2018
Aerodrome Certification Workshop
Office of Departmental Personnel Security (AU-53) April 23-25, 2019
Presentation transcript:

OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil August 12, 2014 UNCLASSIFIED NISPOM Update

Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) NISPOM changes Insider threat-related Chp 1 Chp 3 Chp 8 Other changes Chp 1 New appendix D: NISPOM Supplement Continuous evaluation status Questions AGENDA 2 UNCLASSIFIED

Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) New NISPOM Insider Threat Program Establish and Maintain Insider Threat program Designate Insider Threat Senior Official Must be cleared in connection with facility clearance Establish and execute an insider threat program May be FSO, but also has to be a Senior Official FSO must be integral member of contractor’s program Gather, Integrate and Report As required by Cognizant Security Agency Relevant and available information indicative of a potential or actual insider threat Clarification will be by Industrial Security Letter NISPOM Conforming Change #2 3 UNCLASSIFIED

Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) New NISPOM 3-103: Insider Threat Training Considered appropriate by the CSA Personnel with insider threat program responsibilities Counterintelligence and security fundamentals Procedures for conducting insider threat response actions Applicable laws related to use (or misuse of records and data) All other cleared personnel Insider threat awareness training Required training before being granted access to classified information Establish and maintain a record of all cleared employees who have completed the initial and annual training NISPOM Conforming Change #2 4 UNCLASSIFIED

Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Chapter 8: Revisions ISSM role includes insider threat awareness User activities on systems are subject to monitoring Banners on all classified information systems (ISs) Signed acknowledgement by each user Acceptance of responsibility for security of classified ISs Activity on classified network is subject to monitoring Could be used in criminal, security or administrative actions Security awareness training for all users (chp 3) CSA guidance will be based on guidance for Federal ISs Terminology updates to synchronize to NIST e.g., Assessment and Authorization instead of Certification and Accreditation NISPOM Conforming Change #2 5 UNCLASSIFIED

Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) New 1-401: Report cyber intrusions into cleared defense contractors (CDCs) classified information systems to DoD (section 941, FY13, NDAA) New Appendix D: NISPOM Supplement: will cancel 1995 NISPOM Supplement 1 NISPOM Conforming Change #2 Other Major Changes 6 UNCLASSIFIED Goal: Promulgate NISPOM Change #2 by end of CY 2014 Implementation: No later than 6 months from publication (NISPOM paragraph 1-102c)

Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) WNY Implementation Plan Task 1 Objective: Develop a technical solution that supplements existing security processes (e.g., self-reporting) to identify detrimental information and/or adverse activities that occur between Periodic Reinvestigations. A technical CE solution will play a crucial role in improving personnel security and identifying potential insider threats. A successful technical capability may have the potential to replace PRs for personnel with Secret clearances in the future. Continuous Evaluation and Insider Threat 7 UNCLASSIFIED

Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Executive Order defines continuous evaluation (CE) CE means: reviewing the background of an individual who has been determined to be eligible for access to classified information (including additional or new checks of commercial databases, Government databases, and other information lawfully available to security officials) at any time during the period of eligibility to determine whether that individual continues to meet the requirements for eligibility for access to classified information. Continuous Evaluation 8 UNCLASSIFIED

Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Continuous Evaluation Concept Demo (CECD) Goal: initiate CECD in SEP 2014 Continuously evaluate personnel for six months Population: 100,000 personnel of which ~25% will be contractor personnel Random selection criteria IT Contractor Pilot Goal: initiate in AUG/SEP 2014 Single-point-in-time checks Population: 3,000 contractor personnel Random selection criteria Continuous Evaluation Pilots 9 UNCLASSIFIED

Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Questions Unclassified

Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Unclassified BACKUP

Continuous Evaluation: Authorities and Responsibilities Executive Order 12968, 2 Aug 1995 (as amended). Access to Classified Information. Executive Order 13467, 30 Jun Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information. Presidential Memo - National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs, 21 Nov 2012 OMB Suitability and Security Processes Review Report to the President, Feb Recommendation A.3: Accelerate the implementation of a standardized program of Continuous Evaluation (CE), ensure full integration with agency Insider Threat Programs. White House Memo - Near-term Measures to Reduce the Risk of High-Impact Unauthorized Disclosures, 11 Feb A-3. DNI shall develop and launch a personnel Continuous Evaluation Program (CEP) that includes automated checks…The CEP shall reach initial operating capability by September 30, Standard Form 86, Questionnaire for National Security Positions, Revised Dec Form Approved: OMB No

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.