Alert

DOD Issues Final Rule Codifying the NISPOM

December 30, 2020

The Department of Defense (DOD) is adding the National Industrial Security Program Operating Manual (NISPOM) to the Code of Federal Regulations (CFR). According to the final rule recently published in the Federal Register, the NISPOM will be codified at 34 CFR Part 117 effective February 24, 2021. Although the codification does not change current NISPOM requirements, the rule does make two significant changes related to industrial security. Upon codification, cleared entities will have six months to comply with the rule’s changes.

NISPOM

The NISPOM is issued and maintained in accordance with the National Industrial Security Program (NISP), which is the U.S. government’s integrated program for protecting classified information and U.S. economic and technological interests. The NISPOM is the operating manual governing the disclosure of classified information released by executive branch agencies and departments to government contractors, licensees, grantees, and certificate holders (collectively, “contractors”) as well as classified information developed by contractors. The NISPOM sets out procedures, requirements, and other safeguards to protect and prevent unauthorized disclosure across all classes of classified information. This rule simply relocates the NISPOM from DOD Manual DOD 5220.22-M to Title 34, Part 117 of the CFR.

SEAD 3 and NID Requirements

In addition to adding the NISPOM to the CFR, the rule makes two important changes regarding industry access to classified information.

First, the rule incorporates the requirements of Security Executive Agent Directive (SEAD) 3, ‘‘Reporting Requirements for Personnel with Access to Classified Information or Who Hold a Sensitive Position.’’ SEAD 3 requires all contractor cleared personnel eligible for access to classified information to be aware of risks associated with such access and to report to the government on an ongoing basis specific information and activities that may adversely impact their clearance eligibility, including foreign contacts and foreign travel.

Second, the rule implements the provisions of Section 842 of the 2019 National Defense Authorization Act (NDAA), which removes the requirement for a covered National Technology and Industrial Base (NTIB) entity operating under a Special Security Agreement (SSA) to obtain a National Interest Determination (NID) as a condition for access to certain proscribed information (e.g., information classified as Top Secret). An SSA is one mechanism the U.S. government uses to mitigate security risks presented by U.S. entities operating under foreign ownership, control or influence (FOCI). This provision is limited to the small number of cleared entities whose ultimate parent and any intermediate parents are located in a foreign country that is part of the NTIB. In addition to the United States, the NTIB is currently comprised of the United Kingdom of Great Britain and Northern Ireland, Canada, and Australia. According to the rule, “this provision will allow covered NTIB entities to begin performing on contracts that require access to proscribed information without having to wait on a NID, and thus removing costly contract performance delays.”

Because this rule involves matters relating to public grants or contracts it is exempt from notice and comment procedures. Nevertheless, the DOD is seeking public comments, which are due by February 19, 2021.

Should you have any questions, please contact one of the authors listed on this alert.


Paul Coyle, a Law Clerk at Wiley Rein LLP, contributed to this alert.

Read Time: 3 min
Jump to top of page

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek