Get documents about "NISPPAC Industry Update
Document Sample
May 2005 Update
NISPPAC
Industry Update
10 May 2005
1
May 2005 Update
Reciprocity
• Issues continue
– Agency leadership support is well
documented (Declaration of Principles on
Reciprocity)
• Implementation at the working level remains a
problem
• Examples include;
– Requirements for up-to-date paperwork (very common
request and nothing is processed until it arrives)
– If the candidate is on the 4.5 year mark for a new
investigation, access is denied pending a complete
update
– The clearance for one agency of the USG can be
considered insufficient for another agency
2
May 2005 Update
Reciprocity (cont.)
• Public Trust Positions
– Lack of reciprocity impacting contractor ability to staff
positions
– Examples include recent cases where HHS agencies are not
accepting active DOD clearances as sufficient for access to
public trust positions
• Requiring complete package
• On a bright note - Air Force, Navy and Army created
the JAFANS To Promote Reciprocity in the SAP/SAR
Security Communities
– The document was released to Industry at the Fall 2004 CSSWG
Meeting and provides definitive guidance in a number of key areas
to promote consistency in interpretation and accreditation
• However, industry is concerned that failure to secure
cooperation across the USG will drain already
exhausted resources due to unnecessary
requirements for duplicate investigations
3
May 2005 Update
Reciprocity - Sensitive But Unclassified (SBU)
•Industry continues to gather details on new
versions of SBU
– Requirements for handling information differ
– Defining SBU is difficult and often sweeping in
scope
– Requirements for control and safeguarding are
appearing in the DD254’s
•The February 20, 2004 study by the
Congressional Research Service (“Sensitive
But Unclassified” and Other Federal Security
Controls on Scientific and Technical
Information: History and Current Controversy)
clearly captures the issues and conflicting
requirements
4
May 2005 Update
Reciprocity/SBU -
Recommendations
• Industry proposes a working group within the
NISPPAC to further work the requirements for
clearances and public trust positions and propose
solutions to the current stove pipes
– We need to find solutions to support cross communication
between agencies as the growth of ‘classified-like’ accesses
continue
• Industry also proposes a working group within the
NISPPAC to make recommendations on creating a
standard for the definition and protection of sensitive
information
– Allowing SBU to be defined locally will only exacerbate the
growth
5
May 2005 Update
AIS/Chapter 8 White Paper to DSS
• Industry, via the MOU/NISPPAC prepared a white
paper regarding improvements needed in system
accreditation and approval for classified systems
which was delivered to DSS in March, 2005
– DSS accepted the paper and has proposed two working
groups to meet as early as this month
– One working group will focus on system accreditation cycle
time and the other on ISSM self certification authority
• DSS has appointed an internal lead for the working
group and has asked the NISPPAC/MOU to also
propose a lead to partner with theirs
• Industry is pleased at the responsiveness of DSS to
work this problem
6
May 2005 Update
Other Issues for 2005
• Substandard Containers
– AIA ‘s ISC took the lead on surveying Industry regarding
substandard containers. NISPOM Chapter 5-302 requires that
these containers be eliminated by 2012.
– Industry suggests that most are being used in Closed Areas and
create little risk to the protection of the classified information they
protect
• Other issues related to the transfer are lack of more than one vendor
for the safes and floor load issues in some buildings that make the
safes impractical
• Alarm Response – NCMS lead
– DSS interprets the NISPOM Chapter 5 -903 as requiring guards to
respond to all alarms and does not allow for cleared personnel to
respond
– This interpretation is delaying the approval of IDS systems and
requiring additional expenditures in small company/site operations.
– An additional question in the NCMS survey regarding the cause of
the alarm showed, overwhelmingly, that alarms were not due to
unauthorized entry, but instead internally caused by employees
closing late or failing to follow procedures
– Industry will continue to work this issue in the hopes of securing
common approach to alarm response
7
May 2005 Update
Other Issues for 2005(cont)
• DHS/ICE – Verification of alien status
– Currently verification of authenticity of proof of Permanent
Residency may only be accomplished through the Department of
Homeland Security’s (DHS) Immigration and Customs Enforcement
unit (ICE)
– The system is being beta tested in a number of states but it not
available in all areas
– Further, the system requires that only employers process their
individuals and most of our candidates are contractors
• Forgeries are excellent and cannot be easily detected.
– Verification of authenticity of the documentation is significantly
more important in the defense industry where ITAR controlled
information is unavoidable
– Immigrant aliens (‘green card’ status) are being used as knowledge
workers by industry
• Industry needs the assistance of DHS to work this issue and to
help in expanding the resources to check all immigrants directly
employed or working within our facilities
8
May 2005 Update
MOU Agreement Revision
• The signatories (AIA, NDIA, CSSWG, ISWG, ASIS
and NCMS) have reworked the agreement language
to include the NISPPAC industry representatives
– Wording now incorporates language stressing
cooperative approaches to common issues but
recognizing organizational independence
– Agreement now calls for the election of a Director
who has to be from the signatory organizations or
a NISPPAC member
– Draft is in final review with an end of May target for
approval
• The NISPPAC industry representatives view this as
the best way to try to reach as many constituents of
the NISP as possible
9
