Cybersecurity Blog: The Cyber Scene is evolving, are you?

Return to blog

The deadline for implementing changes in the National Industrial Security Program, which makes federal contractors with security clearances partners in the government’s fight against insider threats, is looming. More than 12,000 cleared contractors have until November 18 to comply with Change 2 to the National Industrial Security Operating Manual (NISPOM).

Change 2 to DoD 5220.22-M, NISPOM, was approved in May, giving contractors six months to establish and maintain a formal program to detect, deter and mitigate insider threats.

The National Industrial Security Program was established in 1993 to establish security requirements for private industry with access classified government information. NISP covers contractors to the Department of Defense, the Department of Energy, the Office of National Intelligence, and the Nuclear Regulatory Commission.

The most recent changes in NISPOM basically expand requirements already in place for contractors with access to intelligence data to apply to all contractors with security clearances. Many companies might have to scramble to meet requirements for training, monitoring, reporting, certifying and documenting programs by the Nov. 18 deadline.

Dissecting NISPOM

Regardless where your organization is in the process to become NISPOM compliant, it’s important to understand the basics of Change 2.

The new requirements go into effect Nov. 18, and by Nov. 30 contractors must have a formalized program in place to:

  • Deter employees from becoming insider threats
  • Detect insiders who pose a risk to classified information
  • Mitigate the risk of the threat

A senior official must be designated to oversee the program, which must document capabilities to gather, share and act on relevant information indicative of a potential or actual insider threat. Counterintelligence training must be provided for program officials, and awareness training provided for all contractor employees with security clearances. Network activity must be monitored for suspicious or malicious behavior, and contractors must annually self-certify that the plan has been implemented.

The Department of Defense has provided guidance for implementing the new requirements in an Industrial Security Letter (ISL), to assist contractors as they establish and tailor their programs.

The guidance calls for:

  • A capability to gather relevant insider threat information across the contractor facility (e.g., human resources, security, information assurance, legal), commensurate with the organization’s size and operations.
  • Procedures to access, share, compile, identify and collaborate among the cleared contractor’s functional elements, and report relevant information that could be indicative of a potential or actual insider threat; deter cleared employees from becoming insider threats; detect insiders who pose a risk to classified information; and mitigate the risk of an insider threat.
  • Divulge any corporate-wide program plan that addresses requirements for all cleared facilities within the corporate family and address effective implementation at each cleared entity within the business structure.

It’s Never Too Late

Leidos can help in your efforts to comply with the new NISPOM requirements and with Change 2, whether you’re ahead of the deadline or just getting started. The Leidos Insider Threat Detection Program provides experience and expertise gained from decades working in counterintelligence that can help get your organization up-to-speed, quickly, and get you to NISPOM compliance and beyond. Our holistic approach integrates data across the entire enterprise, not just cyber fingerprints, to provide the Insider Threat Detection your organization needs to comply with NISPOM requirements.

User behavior analytics (UBA) available through our partnership with Interset and Arena ITI empowers your organization with the most robust insider threat protection solution available.

You need a trusted partner who can shepherd you through NISPOM program requirements. Request an Insider Threat Assessment to begin your NISPOM insider threat program, or to audit a current program for compliance reporting and improvement.



Download our guide to implementing NISPOM Change 2



Ollie Luba is a principal systems engineer at Leidos with 30 years of experience in analyzing, modeling and designing complex analytic systems for government and commercial clients. Currently, Ollie is the Product Manager and Technical lead for Leidos' insider threat identification solution. His educational background includes a BSEE from University of Pennsylvania, MSEE from Drexel University and a MS in Technology Management from the Wharton School/Penn Engineering. Ollie is based in Valley Forge, PA.