It’s a tough time to be a compliance executive at a federal contractor. Whether you’re a Chief Compliance Officer, Chief Legal Officer, Chief Security Officer, or VP or Director accountable for compliance, you are faced with a rapidly changing landscape dominated by privacy and security rules.

If you're a federal contractor, your reporting requirements just changed -- dramatically.  The days of perhaps one report to security per employee every year is over. 

Security Agent Executive Directive 3 (SEAD 3) just dropped from our friends at the Office of the Director of National Intelligence (DNI). SEAD 3 became effective June 12, 2017 and requires contractors holding sensitive positions or who have access to any type of classified information to report a variety of life events, including all non-work related foreign travel and substantive foreign contacts to their local security office. 

This is well beyond the NISPOM or security clearance reporting we're used to and the time to get smart on it is now. Keep reading to learn more. 

SUMMARY:

The Defense Security Service (DSS) is planning a completely new way of thinking about industrial security and the NISPOM. Are you ready? The infographic below highlights a few things cleared federal contractors need to do to begin adapting to "DSS in Transition" (DiT).

I was saddened to read about yet another case of an employee at a defense contractor spying for a foreign power. This time it was Monica Elfriede Witt, who wasn’t just some low level clearance-holder like Manning; she had access to some of our most sensitive national security information in her counterintelligence and Special Access Program roles. This is truly a devastating setback.

John Dillard and ThreatSwitch were featured in a recent interview by StartCharlotte:

The following information was retrieved via Amazon Press Releases:

Does your company have a classified U.S. Government contract? Do you and your staff currently hold a Facility Security Clearance (FCL)? If so, there is no policy change more vitally important to the success of your business than Conforming Change 2 of the National Industrial Security Program Operating Manual (NISPOM).

Security threats to organizations can be broadly categorized into external threats and insider threats. An external actor usually must do some leg work or research to first identify, then figure out how to take advantage of, an organization’s weaknesses. They are not a member of the organization, so they must either hide their presence or force their way through existing defenses and then get out quickly. On the other hand, an insider not only has special knowledge of his or her organization’s weaknesses, but is also wearing “team colors.” As a trusted member of the organization, it is less likely that their activities will arouse suspicion.

According to EY's 2015 Global Information Security Survey, the overwhelming majority of businesses today believe their security protocols related to insider threat are not up to standard. So why is it that insider threat programs rarely get the funding needed? While building an insider threat program is on the agenda for most companies, it normally doesn’t make it to the top of the priority list. One of the top three reasons Insider Threat Programs don’t receive funding is due to LACK OF EXECUTIVE AWARENESS OR SUPPORT. Gaining executive buy-in and sponsorship can be the biggest hurdle to resourcing the level of security your company needs. It’s up to you to ensure your leadership is aware of the facts about insider threat, and why now is the time to do something about it.

An insider threat is one of the greatest dangers you can face at your federal agency.

When our team thinks about the goals of ThreatSwitch, it is to make the tough job of a security manager a little bit easier. That goal starts even before a security manager logs in, when the question arises "What do I need to get done today?" In order to help answer that question, we're releasing the first version of the ThreatSwitch Inbox.

As the government moves towards increasingly using Continuous Evaluation to expedite the investigation, ThreatSwitch has you covered. You can now mark personnel as Continuous Evaluation, filter based on that flag, and run exports based on that information.

Wrestling with Excel is so exhausting. Sometimes you would love to have the exact data that you're looking for without having to create tables and sort and filter. With our latest exports, you can query the exact data you need directly in ThreatSwitch and our enhanced reports will provide you with that perfect slice of data.

Contracts are an essential part of organizing security compliance. Now in ThreatSwitch you have the tools to better organize and sort your contracts by assigning contracts as "Prime" or "Subcontract"

We're also excited to announce that you can now control when welcome emails are sent. This should be helpful for customers who want to send a formal internal communication before employees receive login credentials.

We've implemented a couple of design changes to make ThreatSwitch easier-than-ever to use. You'll notice that a slew of small changes that should add up to make navigating in ThreatSwitch a more enjoyable experience.

Managing contracts based on your personnel is an integral component of your NISPOM compliance. ThreatSwitch's tools just got a bit more powerful by enabling security managers to link individual employees to contracts. You can filter down your personnel lists by contract, and assign training based on different contracts as well.

Suffering from information overload? We've introduced smart filtering in our table views to help.  Narrow down your results by a specific CAGE code, status, role, risk score, and more.

Big news from NCMS . . . user provisioning for DISS will begin this week with users who are KMPs and FSOs. Look for the notice coming your way. It's critical that you get your account cleaned up and ready to go. For more information click here.

Another busy week from down here in the ThreatSwitch boiler room: We've added several new features, streamlined old ones, and addressed a few tricky bugs.

As it turns out, we do need badges.  Fortunately, we're here to help:  The latest version of ThreatSwitch includes Badge Management (as well as a whole lot of enhancements and bug fixes)!

An ongoing challenge for organizations with multiple security managers running their industrial security program is keeping each person informed with their latest tasks and accountable items. ThreatSwitch now helps organize these tasks better by giving you the ability to assign items to individual security managers. Items that can be assigned include reportable information, foreign travel, and outgoing visit requests.

In my career, I have had the privilege of working for and with some of the world's biggest organizations. My employers have included CIA, the US Navy, Deloitte, KPMG, and what is now General Dynamics IT. My current and former clients and customers include a great number of the Fortune 500 and most of the Defense and Intelligence Community. As an Executive in -- and vendor to -- those companies, I have learned a bit about how they deal with security and why it's so tough.

With our latest release, ThreatSwitch has improved the process of gathering information from employees regarding Foreign Travel. These updates allow for employees to easily submit all important pre & post-travel information to their Security Managers. Meanwhile, Security Managers can easily process these reports and take the appropriate actions and next steps.

Visitor Access Requests are a regular headache for security managers. It is a cumbersome process to collect all the required information from employees (often over email 😭) then file that to JPAS or to a recipient directly.

As always, ThreatSwitch is here to help.

I was saddened to read about yet another case of an employee at a defense contractor spying for a foreign power. This time it was Monica Elfriede Witt, who wasn’t just some low level clearance-holder like Manning; she had access to some of our most sensitive national security information in her counterintelligence and Special Access Program roles. This is truly a devastating setback.

When employee users log into ThreatSwitch it is critical that they are able to quickly identify action items such as incomplete trainings and form requests. With the new Employee Inbox, users automatically see their most pressing tasks, in a simple inbox-style to-do list.

"New Filters" may not sound like the most exciting thing to be added to ThreatSwitch lately (you're right, that honor belongs to eSignatures), but ThreatSwitch's additional search parameters give security managers surprising new flexibility when creating reports.

Few things are as frustrating to security managers as administrating the back-and-forth of requesting signatures for important forms. Forms, commonly sent over email with sensitive data, are often returned incomplete, launching another round of tedious requests.

It’s a tough time to be a compliance executive at a federal contractor. Whether you’re a Chief Compliance Officer, Chief Legal Officer, Chief Security Officer, or VP or Director accountable for compliance, you are faced with a rapidly changing landscape dominated by privacy and security rules.

When our team thinks about the goals of ThreatSwitch, it is to make the tough job of a security manager a little bit easier. That goal starts even before a security manager logs in, when the question arises "What do I need to get done today?" In order to help answer that question, we're releasing the first version of the ThreatSwitch Inbox.

In my career, I have had the privilege of working for and with some of the world's biggest organizations. My employers have included CIA, the US Navy, Deloitte, KPMG, and what is now General Dynamics IT. My current and former clients and customers include a great number of the Fortune 500 and most of the Defense and Intelligence Community. As an Executive in -- and vendor to -- those companies, I have learned a bit about how they deal with security and why it's so tough.

I was saddened to read about yet another case of an employee at a defense contractor spying for a foreign power. This time it was Monica Elfriede Witt, who wasn’t just some low level clearance-holder like Manning; she had access to some of our most sensitive national security information in her counterintelligence and Special Access Program roles. This is truly a devastating setback.

It’s a tough time to be a compliance executive at a federal contractor. Whether you’re a Chief Compliance Officer, Chief Legal Officer, Chief Security Officer, or VP or Director accountable for compliance, you are faced with a rapidly changing landscape dominated by privacy and security rules.

If you're a federal contractor, your reporting requirements just changed -- dramatically.  The days of perhaps one report to security per employee every year is over. 

Security Agent Executive Directive 3 (SEAD 3) just dropped from our friends at the Office of the Director of National Intelligence (DNI). SEAD 3 became effective June 12, 2017 and requires contractors holding sensitive positions or who have access to any type of classified information to report a variety of life events, including all non-work related foreign travel and substantive foreign contacts to their local security office. 

This is well beyond the NISPOM or security clearance reporting we're used to and the time to get smart on it is now. Keep reading to learn more. 

SUMMARY:

The Defense Security Service (DSS) is planning a completely new way of thinking about industrial security and the NISPOM. Are you ready? The infographic below highlights a few things cleared federal contractors need to do to begin adapting to "DSS in Transition" (DiT).

What's New

• Added an Insider Threat Program Plan (ITTP) template located under the profile menu
• Added username (user display name) and dropdown arrow to the profile menu
• Changed the subject field title to "Who are you reporting on?"on the create new incident screen
• Changed "Watchers" field title to "Reporter" on the create new incident screen
• Replaced dropdown from "Watchers" (reporter) field to current user as default reporter
• Users are now instantly redirected to the login screen upon logout
• Removed all the "Import CSV" buttons from screens which cannot use a CSV to import
• Various other UX/UI Fixes
• Various other bug fixes

John Dillard and ThreatSwitch were featured in a recent interview by StartCharlotte:

If you're in the market for an inspiring article - look no further. You have got to check out John Dillard's interview with Bussiness Collective (YEC). It will open your eyes and motivate you to make yourself and your company the best it can be!

The following information was retrieved via Amazon Press Releases: