- 2023 - Annual Security Training

- 2023 - Annual Security Training

Take a minute to write an introduction that is short, sweet, and to the point.

The NISP Flow Chart

National Industrial Security Program

All private companies that require access to U.S. classified information fall under the authority of the National Industrial Security Program (NISP).

The NISP was established to ensure that cleared U.S. defense industry safeguards the classified information in their possession while performing work on contracts, programs, bids, or research.

The NISPOM, is the NISP Operation Manual. It establishes the standard procedures and requirements for all government contractors, with regards to classified information.

On February 24, 2021, 32 CFR Part 117, “National Industrial Security Program Operating Manual (NISPOM)” became effective as a federal rule.

Types of Information

Unclassified Information

Just because it’s unclassified doesn’t mean it can be released to the public. The following types of information need to be protected:

Controlled Unclassified Information (CUI)

Information that does not qualify for classification, but is pertinent to the security interests of the United States, and under law, requires protection from unauthorized disclosure.

There are 23 categories of CUI, such as: Emergency Management, Bank Secrecy, Information Systems Vulnerabilities, and Terrorist Screening data. CUI may be government owned data, or privately held data.

Proprietary Company Information (aka trade secret)

Company owned data that should not be divulged to individuals outside the company. It is important to label this data as “Proprietary Information; for Internal Use Only.”

If a company doesn’t take appropriate steps to protect proprietary information, they can lose the ability to claim such data as trade secrets.

How do I protect this information?

Check out the briefing on Sensitive Information.

Classified Information

Information, owned by the government, that would damage national security if disclosed to unauthorized individuals. Classified information is ranked into 3 categories based on damage to national security:

CONFIDENTIAL

Unauthorized disclosure may cause

DAMAGE.

SECRET

Unauthorized disclosure may cause

SERIOUS DAMAGE.

TOP SECRET

Unauthorized disclosure may cause

EXCEPTIONALLY GRAVE DAMAGE.

There are also other categories of classified information that require special access authorization. You may hear terms such as Sensitive Compartmented Information (SCI), or Special Access Program (SAP). Additional information will be provided if you are assigned to work with these programs.

How does information get classified?

Original Classification

An initial determination that information requires protection against unauthorized disclosure in the interest of national security. This is performed by an Original Classification Authority (OCA).

Derivative Classification

Incorporating, restating, paraphrasing or generating in a new form, from classified material. Derivative classifiers must take additional training. Individuals who have received training may perform derivative classification.