Presentation is loading. Please wait.

Presentation is loading. Please wait.

OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil March 20, 2015 UNCLASSIFIED Industrial Security.

Similar presentations


Presentation on theme: "OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil March 20, 2015 UNCLASSIFIED Industrial Security."— Presentation transcript:

1 OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil March 20, 2015 UNCLASSIFIED Industrial Security Policy Update

2 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) NISPOM changes Insider threat-related Chp 1 Chp 3 Chp 8 Other changes Chp 1 New appendix D: NISPOM Supplement DoD process change: national interest determinations Continuous evaluation initiatives Questions AGENDA 2 UNCLASSIFIED

3 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) New NISPOM 1-202 Insider Threat Program Establish and Maintain Insider Threat program Designate Insider Threat Senior Official Must be cleared in connection with facility clearance Establish and execute an insider threat program May be FSO, but also has to be a Senior Official FSO must be integral member of contractor’s program Gather, Integrate and Report As required by Cognizant Security Agency (CSA) Relevant and available information indicative of a potential or actual insider threat Clarification will be by Industrial Security Letter NISPOM Conforming Change #2 3 UNCLASSIFIED

4 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) New NISPOM 3-103: Insider Threat Training Considered appropriate by the CSA Personnel with insider threat program responsibilities Counterintelligence and security fundamentals Procedures for conducting insider threat response actions Applicable laws related to use (or misuse of records and data) All other cleared personnel Insider threat awareness training Required training before being granted access to classified information Establish and maintain a record of all cleared employees who have completed the initial and annual training NISPOM Conforming Change #2 4 UNCLASSIFIED

5 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Chapter 8: Revisions ISSM role includes insider threat awareness User activities on systems are subject to monitoring Banners on all classified information systems (ISs) Signed acknowledgement by each user Acceptance of responsibility for security of classified ISs Activity on classified network is subject to monitoring Could be used in criminal, security or administrative actions Security awareness training for all users (chp 3) CSA guidance will be based on guidance for Federal ISs Terminology updates to synchronize to NIST 800-37 e.g., Assessment and Authorization instead of Certification and Accreditation NISPOM Conforming Change #2 5 UNCLASSIFIED

6 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) New 1-401: Report cyber intrusions into cleared defense contractors (CDCs) classified information systems to DoD (section 941, FY13, NDAA) New Appendix D: NISPOM Supplement: will cancel 1995 NISPOM Supplement 1 NISPOM Conforming Change #2 Other Major Changes 6 UNCLASSIFIED Goal: Promulgate NISPOM Change #2 by end of July 2015. Implementation: No later than 6 months from publication (NISPOM paragraph 1-102c)

7 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Contractors cleared through a Special Security Agreement must have an approved national interest determination (NID) for access to proscribed information Proscribed information: Top Secret, COMSEC, SCI, SAP or Restricted Data (RD) DoD centralized its NID process through a Directive-type memorandum 15-002 on February 11, 2015: DSS proposes NID to the DoD Government Contracting Activity Concurrence still required from NSA for COMSEC, ODNI for SCI and DOE for RD http://www.dtic.mil/whs/directives/corres/pdf/DTM15002.pdf DoD process change: national interest determinations 7 UNCLASSIFIED

8 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Continuous Evaluation (CE) CE--Several Initiatives: Itinerant IT Contractor Pilot – In Oct 2014, DoD commenced single-point-in-time checks on 3,000 cleared contractor personnel. Continuous Evaluation Concept Demo (CECD) – In Jan 2015, DoD re-launched the CECD by conducting continual, automated records checks on 85,000 military, civilian and contractor personnel across DoD. This number will be increased to 100,000 during March 2015. UNCLASSIFIED

9 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Questions Unclassified

10 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Unclassified BACKUP

11 Back to front exit COUNTERINTELLIGENCE FIELD ACTIVITY PUT TEXT HERE COUNTERINTELLIGENCE FIELD ACTIVITY OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Executive Order 13467 defines continuous evaluation (CE) CE means: reviewing the background of an individual who has been determined to be eligible for access to classified information (including additional or new checks of commercial databases, Government databases, and other information lawfully available to security officials) at any time during the period of eligibility to determine whether that individual continues to meet the requirements for eligibility for access to classified information. Continuous Evaluation 11 UNCLASSIFIED

12 Continuous Evaluation: Authorities and Responsibilities Executive Order 12968, 2 Aug 1995 (as amended). Access to Classified Information. Executive Order 13467, 30 Jun 2008. Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information. Presidential Memo - National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs, 21 Nov 2012 OMB Suitability and Security Processes Review Report to the President, Feb 2104. Recommendation A.3: Accelerate the implementation of a standardized program of Continuous Evaluation (CE), ensure full integration with agency Insider Threat Programs. White House Memo - Near-term Measures to Reduce the Risk of High-Impact Unauthorized Disclosures, 11 Feb 2014. A-3. DNI shall develop and launch a personnel Continuous Evaluation Program (CEP) that includes automated checks…The CEP shall reach initial operating capability by September 30, 2014. Standard Form 86, Questionnaire for National Security Positions, Revised Dec 2010. Form Approved: OMB No. 3206 0005.


Download ppt "OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil March 20, 2015 UNCLASSIFIED Industrial Security."

Similar presentations


Ads by Google