MathCraft Newsletter Issue Q1 2021 – Associate Member of NCMS
A New Chapter for Security Officers
2021 is finally here: with new legislation already enacted in a rapidly changing landscape for security and risk, the coming months have many challenges in store for federal executives, FSOs and other security officers. But following one of the most difficult years for federal security on record, we look towards the future with optimism, and we are excited to share new resources to help FSOs on their journey.
- DoD Begins Massive Reform of Clearance Appeal Process – the DoD is reforming its internal appeal process for denied clearance applicants by handing the decision to administrative judges rather than Personall Security Appeals Boards (PSABs). Proponents cite greater transparency and fairness as reasons for the change. Read More
- DOD Issues Final Rule Codifying the NISPOM – National Security Program Operating Manual (NISPOM) has been added to the Code of Federal Regulations (CFR) in 34 CFR Part 117. This makes the requirements of NISPOM part of federal law, including SEAD 3 and other recent additions. Read More
- Google Says North Korean Hackers Target Security Researchers via Social Media – according to experts at Google, malicious foreign actors are targeting members of the cybersecurity community by posing as security researchers with elaborate techniques that blur the line between fiction and reality: some warn about “the next level of cyber warfare.” Read More
- DOD’s Cybersecurity Certification Requirements to Appear in DHS Contracts – 15 prime contractors will be the first to undergo third-party audits of their cybersecurity practices under the DoD’s Cybersecurity Maturity Model Certification (CMMC). The Department of Homeland Security (DHS) is now incorporating this requirement into some contracts. Read More
- Hack Spurs Call for Greater – but Measured – Supply Chain Scrutiny – three months after it occurred, regulators are still grappling with the ramifications of the SolarWinds cyberattack. To prevent similar incidents, Chief Technology Officer (CTO) Steve Grobman calls for an increased oversight of digital supply chains. Read More
- GSA Needs Stronger Insider Threat Program, IG Report Finds – a report by the Inspector General (IG) found flaws with the General Services Administration (GSA)’s Insider Threat Program (ITP). Among other things it cites a lack of monitoring, annual reports and termination of inactive IT accounts: all essential to fight insider threats. Read More
- DoD Formalizes Program Giving Companies More Access to Classified Info – the Pentagon is making it easier for certain defense contractors to access classified information through special-access programs. Among other things, program managers hope the initiative will accelerate technology development and efficiency. Read More
New from MathCraft: FSO Tips
Here at MathCraft, we are always updating our products to comply with the latest in federal security legislation. Accordingly, we strive to provide our customers with up-to-date educational resources that help them achieve their goals through new features and functionality.
To keep FSOs and other security officers in the know, we are excited to announce our new FSO Tips resource: browse detailed blog posts and tutorials describing key features of the Access, Portal and ViSi Commander platforms. Learn how to…
- Find information quickly with data drilldown
- Save time with simplified travel reporting
- Meet DCSA Counterintelligence Requirements
…and so much more when you visit the FSO Tips page today. [To receive new tips as soon as they are released, sign up for our email list and check *option*]
Major NISPOM Update
On Feb. 24th, a final rule was added to the National Industrial Security Program Manual (NISPOM), which is now part of federal law. Cleared contractors have until August (less than six months) to familiarize themselves with the updated manual and comply. But what is changing? Here are some highlights:
- Reporting requirements from SEAD3 have been added to NISPOM, including self-reporting requirements for cleared personnel and non-cleared individuals in “sensitive positions”.
- Countries friendly to the U.S. (including the U.K. North Ireland and Australia) are no longer required to receive a national interest determinations (NID) to access classified information.
- Now that it is part of the CFR, violations of NISPOM now constitute a federal offense.
To learn more about the latest changes to NISPOM and how you can prepare, check out our latest blog post: What Does the New NISPOM Rule Mean for Federal Contractors?
To comply with the latest updates to NISPOM, employees of cleared organizations are not only required to file reports under a variety of circumstances, but they are also required to report their colleagues for behaviors that may be compromising.
Among other things, these include:
- Sustained association with any foreign national, whether in real life or online
- Adoption of children who are non-U.S citizens
- New cohabitants (roommates/housemates/significant others)
- Treatment for drug or alcohol related issues
The latest version of Portal Commander™ provides your organization with everything you need to fight insider threats and meet SEAD 3 reporting requirements:
- Insider Threat Reporting Module
- Anonymous Reporting
- Foreign contact reporting
- …and more
To learn more about self-reporting and the elements of an effective insider threat program (ITP), be sure to read our January blog post: To Detect Insider Threats, Give Your Employees Channels to Report Them.
According to Ponemon Institute, 2 out of 3 insider threat events are caused by employee negligence. While this problem can be mitigated by regular training that helps your personnel to understand and follow security controls, many organizations fail to provide their employees with the resources they need to act responsibly.
In 2019, fewer than 30% of businesses provided employees with training to counteract social engineering attempts that drive a large number of data breaches and other security incidents. To protect their clients and employees, cleared organizations should provide regular training and keep track of progress.
The latest version of Portal Commander makes it easy for FSOs, CSOs and executives to keep track of training progress by employee, and access associated documents from one location. To learn more, visit the Portal Commander product page.
MathCraft Security Technologies, Inc. is the leading provider of innovative software and technologies for Industrial Security professionals. Our tools are compliant with 32 CFR Part 117, NISPOM Rule and are available on-premises or in the cloud. Contact us today to see how our products can transform your security operations!
NCMS Endorsement/Disclaimer: References to commercial products, processes, or services do not necessarily constitute an endorsement by NCMS Inc. The opinions and views expressed on this email and on any linked web sites do not necessarily reflect those of NCMS.