NISPOM, Including Revised Personal Reporting Requirements and Reduced FOCI Mitigation Burden, Codified in Code of Federal Regulations

Yesterday, the Office of the Under Secretary of Defense for Intelligence & Security, Department of Defense (DoD) published a final rule codifying the National Industrial Security Program Operation Manual (NISPOM) (DoDM 5220.22) into 32 C.F.R. Part 117. For the most part, this action simply inserts the long-applicable NISPOM requirements into the CFR, but DoD has taken this opportunity to formalize two additional changes applicable to cleared contractors. First, the new regulation will incorporate mandatory reporting concerning any cleared personnel's foreign contacts and foreign travel, a requirement initially established by Security Executive Agent Directive (SEAD) 3, “Reporting Requirements for Personnel with Access to Classified Information or Who Hold a Sensitive Position” (12 June 2017) for the purpose of more continuously monitoring activities that can affect an individual's national security eligibility. Second, the final rule will implement Section 842 of the 2019 National Defense Authorization Act, which, effective October 1, 2020, removed the requirement that an agency issue a national interest determination (NID) before a foreign-owned entity holding a facility clearance by virtue of a Special Security Agreement may access “proscribed information” (e.g., Top Secret information) where its ultimate and intermediate foreign parents are located in a country within the U.S. national technology and industrial base as defined in 10 U.S.C. § 2500 ( currently Australia, Canada and the U.K.). Comments on the addition of the NISPOM to the CFR may be submitted through February 19, 2021, and the regulation formally becomes effective on February 24, 2021.