The Department of Defense has issued a final rule codifying the National Industrial Security Program Operating Manual in the Code of Federal Regulations at 32 C.F.R. Part 117, effective February 24, 2021. The NISPOM governs the disclosure of classified information to cleared government contractors and personnel and establishes the mechanisms and procedures for protecting such information from unauthorized disclosure, including means to mitigate the national security risks associated with contractors operating under foreign ownership, control or influence (FOCI). The codified NISPOM will also incorporate the reporting requirements under Security Executive Agent Directive 3 (SEAD 3) and eliminate the requirement for a National Interest Determination for particular entities operating under a Special Security Agreement to access certain classified information.

SEAD 3 reporting requirements

The codified NISPOM will implement the contractor reporting requirements established in SEAD 3. SEAD 3 requires cleared contractors to report to the government information that may bear on the national security implications of a cleared employee's continued access to classified information. Such reports will be required on an ongoing basis as part of the government's efforts to reduce insider threats and are to include information relating to security risk factors such as an employee's foreign travel and foreign contacts.

NID requirements

The codified NISPOM also will eliminate the current requirement that certain government contractors operating under an SSA obtain an NID as a condition of being afforded access to highly classified information. This change will only apply to those entities whose ultimate and intermediate parent entities are in the United States, the United Kingdom, Canada or Australia. The goal of this change is to allow such contractors to begin contract performance more quickly and to avoid potentially costly delays associated with waiting for the adjudication of an NID.

Notwithstanding the forthcoming codification, the NISPOM remains a very technical document with important provisions buried in cross-references to other laws and directives. Anyone with questions regarding the NISPOM or related to classified contracts, access to classified information, and facility and personnel security clearances generally, should contact Cooley's government contracts team. For those wishing to submit comments on the final rule, the deadline to do so is February 19, 2021.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.