NISPOM Conforming Change 2 – Understanding the Change and How to Conform

Share and earn Cybytes
Facebook Twitter LinkedIn Email

by Gaby Friedlander


History of NISPOM

NISPOM, the National Industrial Security Policy Operating Manual is the roadmap for all U.S. Government Contractors supporting Classified Government Programs. It was published in 2006. It prescribes the requirements, restrictions, and other safeguards to prevent unauthorized disclosure of classified information.

Updates to NISPOM have included Conforming Change 1, March 28, 2013—and sources say that in 2016, NISPOM Conforming Change 2 will be published. Once it’s published, you will have 6 months to implement your Insider Threat Program.


Why the Update?

All employers face the risk of insider threats. Whether it is due to a malicious insider, or due to honest employee mistakes, the insider threat has no sign of abating in this digital age of storing, transferring, and maintaining vital company data.

It makes sense that, in response to major government breaches, like Edward Snowden’s informational leaks, the Washington Navy Yard Shooting and more, the US Government is trying to ensure its Contractors stay ahead of risks for internal breaches.

NISPOM Conforming Change 2 centers around helping Government Contractors recognize and stop insider threats from manifesting. Federal law now mandates that Government Contractors not only have an insider threat detection program, but their internal organizational security meet specific functioning standards.  


How to Conform

Instead of waiting for the updates (and to make the most of the short 6-month timetable, once NISPOM Conforming Change 2 is published), security officers can take these steps now to address insider threats and stay ahead of the curve:

·        Establish an insider threat program that will identify and report suspicious activities or threats

·        Designate a senior contractor official

·        Comply with “Minimum Reporting Requirements for Personnel with National Security Eligibility Determinations”

·        Provide records pertinent to insider threat

·        Train relevant personnel

·        Implement protective measures pertinent to user activity monitoring on classified networks.

← Back

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About ObserveIT
ObserveIT is a user monitoring and investigation solution that identifies and eliminates insider threats. It continuously monitors user behavior and alerts IT and Security teams about activities that put their organizations at risk. ObserveIT provides comprehensive visibility into what all users are doing, while meeting compliance standards and reducing investigation time from days or hours to minutes.
Promoted Content
[report] 2018 Cost of Insider Threats: Global Organizations
According to The Ponemon Institute’s report, “2018 Cost of Insider Threats: Global Organizations,” the average cost of an insider threat annually is $8.76 million. It’s critical for organizations to understand the main causes of insider threats, because detecting insiders in a timely manner could save millions of dollars. Depending on the industry and size of company, the cost of an insider threat varies dramatically. Check out the full report to see The Ponemon Institute’s findings, and understand how to detect and prevent insider threats in the future.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?