In the past, DCSA focused on the National Industrial Security Program Operating Manual, or NISPOM, to guide the agency's oversight compliance actions. However, as a static policy manual, the NISPOM does not:
- Identify what national security information needs the most protection
- Address the methods being used by adversaries
- Consider the vulnerabilities inherent in business processes and the supply chain
These reasons, coupled with the unprecedented threat to our national security information and technology, are the driving factors behind the need for change.
Given this, DCSA is implementing a new methodology that is based on knowing the assets at each facility, analyzing threat to those assets, identifying vulnerabilities, and applying appropriate countermeasures.
This new methodology couples NISPOM compliance with an intelligence-led, asset-focused, and threat-driven approach. It will allow DCSA to work more effectively with cleared industry to design tailored security plans with the ultimate goal of helping to ensure that contracted capabilities, technologies, and services are delivered uncompromised.
DCSA is implementing this methodology using a phased approach, beginning with facilities identified as housing assets most critical to our national security. Those facilities, selected to receive a Comprehensive Security Review, will be asked to complete a Security Baseline. All other facilities will be introduced to the process of asset identification during their Security Vulnerability Assessments.
Use the links below for resources related to identifying assets and completing a Security Baseline.
Toolkit feedback/suggestions? Email firstname.lastname@example.org.