NISPPAC Industry Update

1
NISPPACIndustry Update

• 10 May 2005

2
Reciprocity

• Issues continue
• Agency leadership support is well documented
  (Declaration of Principles on Reciprocity)
• Implementation at the working level remains a
  problem
• Examples include
• Requirements for up-to-date paperwork (very
  common request and nothing is processed until it
  arrives)
• If the candidate is on the 4.5 year mark for a
  new investigation, access is denied pending a
  complete update
• The clearance for one agency of the USG can be
  considered insufficient for another agency

3
Reciprocity (cont.)

• Public Trust Positions
• Lack of reciprocity impacting contractor ability
  to staff positions
• Examples include recent cases where HHS agencies
  are not accepting active DOD clearances as
  sufficient for access to public trust positions
• Requiring complete package
• On a bright note - Air Force, Navy and Army
  created the JAFANS To Promote Reciprocity in the
  SAP/SAR Security Communities
• The document was released to Industry at the Fall
  2004 CSSWG Meeting and provides definitive
  guidance in a number of key areas to promote
  consistency in interpretation and accreditation
• However, industry is concerned that failure to
  secure cooperation across the USG will drain
  already exhausted resources due to unnecessary
  requirements for duplicate investigations

4
Reciprocity - Sensitive But Unclassified (SBU)

• Industry continues to gather details on new
  versions of SBU
• Requirements for handling information differ
• Defining SBU is difficult and often sweeping in
  scope
• Requirements for control and safeguarding are
  appearing in the DD254s
• The February 20, 2004 study by the Congressional
  Research Service (Sensitive But Unclassified
  and Other Federal Security Controls on Scientific
  and Technical Information History and Current
  Controversy) clearly captures the issues and
  conflicting requirements

5
Reciprocity/SBU - Recommendations

• Industry proposes a working group within the
  NISPPAC to further work the requirements for
  clearances and public trust positions and propose
  solutions to the current stove pipes
• We need to find solutions to support cross
  communication between agencies as the growth of
  classified-like accesses continue
• Industry also proposes a working group within the
  NISPPAC to make recommendations on creating a
  standard for the definition and protection of
  sensitive information
• Allowing SBU to be defined locally will only
  exacerbate the growth

6
AIS/Chapter 8 White Paper to DSS

• Industry, via the MOU/NISPPAC prepared a white
  paper regarding improvements needed in system
  accreditation and approval for classified systems
  which was delivered to DSS in March, 2005
• DSS accepted the paper and has proposed two
  working groups to meet as early as this month
• One working group will focus on system
  accreditation cycle time and the other on ISSM
  self certification authority
• DSS has appointed an internal lead for the
  working group and has asked the NISPPAC/MOU to
  also propose a lead to partner with theirs
• Industry is pleased at the responsiveness of DSS
  to work this problem

7
Other Issues for 2005

• Substandard Containers
• AIA s ISC took the lead on surveying Industry
  regarding substandard containers. NISPOM Chapter
  5-302 requires that these containers be
  eliminated by 2012.
• Industry suggests that most are being used in
  Closed Areas and create little risk to the
  protection of the classified information they
  protect
• Other issues related to the transfer are lack of
  more than one vendor for the safes and floor load
  issues in some buildings that make the safes
  impractical
• Alarm Response NCMS lead
• DSS interprets the NISPOM Chapter 5 -903 as
  requiring guards to respond to all alarms and
  does not allow for cleared personnel to respond
• This interpretation is delaying the approval of
  IDS systems and requiring additional expenditures
  in small company/site operations.
• An additional question in the NCMS survey
  regarding the cause of the alarm showed,
  overwhelmingly, that alarms were not due to
  unauthorized entry, but instead internally caused
  by employees closing late or failing to follow
  procedures
• Industry will continue to work this issue in the
  hopes of securing common approach to alarm
  response

8
Other Issues for 2005(cont)

• DHS/ICE Verification of alien status
• Currently verification of authenticity of proof
  of Permanent Residency may only be accomplished
  through the Department of Homeland Securitys
  (DHS) Immigration and Customs Enforcement unit
  (ICE)
• The system is being beta tested in a number of
  states but it not available in all areas
• Further, the system requires that only employers
  process their individuals and most of our
  candidates are contractors
• Forgeries are excellent and cannot be easily
  detected.
• Verification of authenticity of the documentation
  is significantly more important in the defense
  industry where ITAR controlled information is
  unavoidable
• Immigrant aliens (green card status) are being
  used as knowledge workers by industry
• Industry needs the assistance of DHS to work this
  issue and to help in expanding the resources to
  check all immigrants directly employed or
  working within our facilities

9
MOU Agreement Revision

• The signatories (AIA, NDIA, CSSWG, ISWG, ASIS and
  NCMS) have reworked the agreement language to
  include the NISPPAC industry representatives
• Wording now incorporates language stressing
  cooperative approaches to common issues but
  recognizing organizational independence
• Agreement now calls for the election of a
  Director who has to be from the signatory
  organizations or a NISPPAC member
• Draft is in final review with an end of May
  target for approval
• The NISPPAC industry representatives view this as
  the best way to try to reach as many constituents
  of the NISP as possible