August 1, 2018
The DoD Manual 5220.22, Volume 2 - National Industrial Security Program: Industrial Security Procedures for Government Activities was just released.  You can find the document HERE (DOD MANUAL 5220.22, VOLUME 2).

August 1, 2018 
2018 Implementation of Interim Backlog Mitigation Measures for Entities Cleared by DoD under the National Industrial Security Program

In early June 2018, the Director of National Intelligence, in his capacity as the Security Executive Agent, and the Director of the Office of Personnel Management, in his capacity as the Suitability & Credentialing Executive Agent (Executive Agents), jointly issued a memorandum directing the implementation of interim measures intended to mitigate the existing backlog of personnel security investigations at the National Background Investigations Bureau (NBIB). These measures include the deferment of reinvestigations when screening results are favorable and mitigation activities are in place, as directed.(more)

In accordance with the guidance and direction received from the Executive Agents, Defense Security Service (DSS) will adopt procedures to defer the submission of Tier 3 Reinvestigations (T3Rs) and Tier 5 Reinvestigations (T5Rs) for entities cleared under the National Industrial Security Program. Facility Security Officers should continue to submit completed Standard Form 86 and the reinvestigation request, six years from the date of last investigation for the T5Rs and 10 years from the date of the last reinvestigation for the T3Rs. New reinvestigation requests will be screened by DSS using a risk management approach that permits deferment of reinvestigations according to policy. If the determination is made to defer reinvestigations, individuals will be immediately enrolled into the DoD Continuous Evaluation (CE)/Continuous Vetting (CV) capabilities, as required.

The Executive Agents have directed all Federal departments and agencies to reciprocally accept the prior favorable adjudication for deferred reinvestigations that are out of scope (overdue). Existing eligibility remains valid until the individual is removed from CE, no longer has any DoD affiliation, or has their eligibility revoked or suspended. 

The Office of the Under Secretary of Defense for Intelligence signed a memorandum on December 7, 2016, reminding DoD Components that personnel security clearances do not expire. Individuals with current eligibility in the Joint Personnel Adjudication System (JPAS), or its successor, should not be denied access based on an out-of-scope investigation. That memorandum is provided here for ease of reference. If you encounter any challenges with this process, please email dss.ncr.dss-isfo.mbx.psmoi@mail.mil for assistance.

These procedures will remain in effect until further notice.

More information is available in the linked frequently asked questions.

July 31, 2018 
Clarifying guidance for access to SAPs

The DoD Special Access Program Central Office provides clarifying guidance for granting access to Special Access Programs. You can find the guidance HERE (DoD SAPCO Policy Memo) .

Reporting the Threat

Exploitation of Insider Access

Cyber Threats

ISOO Annual Report & 2017 Report to the President ISOO

2018 DoD Virtual Security Conference for Industry- Save the Date!

PSMO Tri-SAC June 2018

CUI Implementation Letter

Over the past several months, DSS has been finalizing the NISS application for deployment. We appreciate your patience throughout this period and are pleased to announce the following NISS deployment timeline to replace the Industrial Security Facilities Database (ISFD) and Electronic Facility Clearance System (e-FCL) to become the system of record for facility clearance information! The timeline for NISS transition follows:

Monday, June 11 – External Notification

    • DSS notifies External user community of the Transition Plan.

Friday, June 15 – FCB New Sponsorship Package Procedure

    • Facility Clearance Branch (FCB) will not be able to process and thus will not accept new Facility Clearance sponsorships after Friday July 15 until Industry and Government users can submit their Facility Clearance Sponsorship Requests in NISS starting July 30.

ID Theft Obituary Risks

Insider threat blind spot enables employee revenge attacks

Security Holes Make Home Routers Vulnerable

Hacktivists, tech giants protest Georgia's 'Hack-Back' bill

SAMSAM Ransomware Evolves its tactics towards targeting whole companies

New SF-312 Guidance

Netflix Email Scam

Jason's Deli data breach impacts up to 2 million customers

Posted January 18, 2018

Jason's Deli fell victim to a data breach that impacted up to 2 million customers in 15 states.

Internet Crime

Posted November 21, 2017

That holiday card in your inbox? Think twice before clicking. That deep discount in your newsfeed on the season’s hot gadget? Does it seem too good to be true?

NISS Update- Industry Registration on November 29, 2017

Posted November 11, 2017

We are pleased to announce that, following successful testing last week,
Industry can begin registering for NISS accounts on November 29, 2017.
Industry account requests will be routed to the facility's assigned DSS
Industrial Security Representative for action. For more information about
how to register for a NISS account, please visit the following website and
find the "Registration" section: http://www.dss.mil/is/niss.html.

*Please note, external government users who created an account in Sept/Oct
will need to re-request NISS access through NCAISS.*

As we prepare for NISS full operational capability (date TBD), here are a
few reminders:

- At this time, ISFD and e-FCL remain the systems of record for all facility
oversight activity
- NISS is in a TEST state, therefore any data entered will be purged prior
to the full cutover
- Continue to submit system feedback (bugs, issues, etc.) using the System
Feedback link on your dashboard
 

New DD Form 254 published

Posted November 1, 2017

New DD Form 254, "Department of Defense Contract Security Classification Specification," has been published. On Nov. 1, 2017, Washington Headquarters Services posted the new DD Form 254 and supporting instructions to the "DoD Forms Management Program," website.

Virtual Kidnaping

Posted October 16, 2017

Law enforcement agencies have been aware of virtual kidnapping fraud for at least two decades, but a recent FBI case illustrates how this frightening scam—once limited to Mexico and Southwest border states—has evolved so that U.S. residents anywhere could be potential victims.

National Industrial Security System (NISS) Deployment Schedule

Posted October 11, 2017

On Monday, 30 October, DSS will deploy NISS Soft Launch 2.0.  Thanks to user
feedback over the past month, issues have been identified and Monday's
release is slated to resolve most of those issues.  An outstanding "known
issue" log will be available within the system. 

NISS will stay in this Soft Launch test state until no critical issues
remain.  At that point DSS will communicate in advance the date when we will
formally transition off of ISFD/e-FCL over to NISS.

**Important** During the Soft Launch period please still use ISFD and e-FCL
for all official business.  NISS is in a TEST state and not for official
business.

The bug that was preventing the process for industry registration has been
resolved in the test environment and should allow industry users to begin
registration in early November.  Specifics to follow! 

FBI Breaks Ground for New Data Center

Posted October 5, 2017

Today, October 5, 2017, the FBI, along with its partners in the Department of Justice, participated in a groundbreaking ceremony for a new Data Center in Pocatello, Idaho. It is a milestone in the efforts to consolidate and optimize Data Center infrastructure, information, and services as part of a broad multi-year IT transformation.

New Network Security Standards Will Protect Internet's Routing

Posted October 3, 2017

Electronic messages traveling across the internet are under constant threat from data thieves, but new security standards created with the technical guidance of the National Institute of Standards and Technology (NIST) will reduce the risk of messages being intercepted or stolen. These standards address a security weakness that has been a part of the internet since its earliest days

NICE Announces the First Annual National Cybersecurity Career Awareness Week

Posted October 3, 2017

The National Cybersecurity Career Awareness Week (NCCAW), brought to you by the National Initiative for Cybersecurity (NICE), is a week-long campaign focused on increasing awareness about careers in cybersecurity and building a national cybersecurity workforce to enhance America’s national security and promote economic prosperity. NICE brings to the forefront information of local, regional, and national interest to inspire, educate, and engage citizens to pique their interest in cybersecurity careers. National Cybersecurity Career Awareness Week takes place during November’s National Career Development Month, and each day of the week-long celebration provides an opportunity to learn about the contributions, innovations, and opportunities that can be found by choosing a career in cybersecurity.

NIST, DHS Join Forces to Create Cybersecure Communities Around the Globe

Posted August 24, 2017

The National Institute of Standards and Technology (NIST) and the Department of Homeland Security (DHS) will jointly sponsor the 2018 Global City Teams Challenge (GCTC), which will focus on designed-in cybersecurity for “smart city” systems that are more secure, reliable, resilient and protective of privacy.

NIST Crafts Next-Generation Safeguards for Information Systems and the Internet of Things

Posted August 15, 2017

Information systems—from communications platforms to internet-connected devices—require both security and privacy safeguards to work successfully and protect users in our increasingly complex and interconnected world.

NIST Publishes NICE Cybersecurity Workforce Framework: Categorizing and Describing Cybersecurity Work for the Nation

Posted August 7, 2017

The National Initiative for Cybersecurity Education (NICE) is pleased to announce the release of Special Publication 800-181, the NICE Cybersecurity Workforce Framework. This publication serves as a fundamental reference to support a workforce capable of meeting an organization’s cybersecurity needs. It provides organizations with a common, consistent lexicon that categorizes and describes cybersecurity work by Category, Specialty Area, and Work Role. It is a resource from which organizations or sectors can develop additional publications or tools that meet their needs to define or provide guidance on different aspects of workforce development, planning, training, and education.