NISPOM Conforming Change 2 – All You Need to Know!

Share and earn Cybytes
Facebook Twitter LinkedIn Email

NISPOM Conforming Change 2 was released May 21, 2016:

The Department of Defense published Change 2 to DoD 5220.22-M, “National Industrial Security Operating Manual (NISPOM).” NISPOM Change 2 requires contractors to establish and maintain an insider threat program to detect, deter and mitigate insider threats. Specifically, the program must gather, integrate, and report relevant and credible information covered by any of the 13 personnel security adjudicative guidelines that is indicative of a potential or actual insider threat to deter cleared employees from becoming insider threats; detect insiders who pose a risk to classified information; and mitigate the risk of an insider threatContractors must have a written program plan in place to begin implementing insider threat requirements of Change 2 no later than November 30, 2016.

History of NISPOM:

NISPOM, the National Industrial Security Policy Operating Manual is the roadmap for all U.S. Government Contractors supporting Classified Government Programs. It was published in 2006. It prescribes the requirements, restrictions, and other safeguards to prevent unauthorized disclosure of classified information.

Updates to NISPOM have included Conforming Change 1, March 28, 2013—and now on May 21, 2016, NISPOM Conforming Change 2 has been published. You will have until November 30, 2016, to implement your Insider Threat Program.

Why this update?

All employers face the risk of insider threats. Whether it is due to a malicious insider, or due to honest employee mistakes, the insider threat has no sign of abating in this digital age of storing, transferring and maintaining vital company data. So it makes sense that in response to major government breaches, like Edward Snowden’s informational leaks, the Washington Navy Yard Shooting—and more—The US Government is trying to be sure its Contractors stay ahead of the risk of an internal breach.

NISPOM Conforming Change 2, is all about helping Government Contractors recognize and stop these insider threats from manifesting. Federal law now mandates that Government Contractors not only have an insider threat detection program but that their internal organizational security meet specific functioning standards.

What you need to do to conform:

Security officers can take each of these steps now to address insider threat and stay ahead of the curve:

  • Establish an insider threat program that will identify and report suspicious activities or threats
  • Designate a senior contractor official
  • Comply with “Minimum Reporting Requirements for Personnel with National Security Eligibility Determinations”
  • Provide records pertinent to insider threat
  • Train relevant personnel
  • Implement protective measures pertinent to user activity monitoring on classified networks

Fully satisfy your user activity monitoring for NISPOM Confirming Change 2 now. Start with a FREE 15-day Trial of ObserveIT. Download a free eBook to learn how to build your Insider Threat Program within 90 days!

Find out more about NISPOM CONFORMING CHANGE 2.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About ObserveIT
ObserveIT is a user monitoring and investigation solution that identifies and eliminates insider threats. It continuously monitors user behavior and alerts IT and Security teams about activities that put their organizations at risk. ObserveIT provides comprehensive visibility into what all users are doing, while meeting compliance standards and reducing investigation time from days or hours to minutes.
Promoted Content
[report] 2018 Cost of Insider Threats: Global Organizations
According to The Ponemon Institute’s report, “2018 Cost of Insider Threats: Global Organizations,” the average cost of an insider threat annually is $8.76 million. It’s critical for organizations to understand the main causes of insider threats, because detecting insiders in a timely manner could save millions of dollars. Depending on the industry and size of company, the cost of an insider threat varies dramatically. Check out the full report to see The Ponemon Institute’s findings, and understand how to detect and prevent insider threats in the future.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?