Overview
This section establishes the regulatory framework for the National Industrial Security Program (NISP), which is designed to safeguard classified information released to government contractors, licensees, and grantees. It identifies the National Industrial Security Program Operating Manual (NISPOM) and the DD Form 254 as the primary mechanisms for communicating and implementing security requirements.
Key Rules
- Regulatory Foundation: The NISP is governed by Executive Order 12829 and implemented primarily through the NISPOM (32 CFR part 117).
- DD Form 254 Requirement: Agencies must use the DD Form 254, Contract Security Classification Specification, to provide specific security guidance to contractors for any work involving "Confidential," "Secret," or "Top Secret" information.
- Electronic Filing: Unless an agency has its own specialized system, the DD Form 254 must be completed electronically via the NISP Contract Classification System (NCCS).
- CAGE Code Mandatory: Every contractor and subcontractor performance location listed on a DD Form 254 must have a unique Commercial and Government Entity (CAGE) code.
- Subcontractor Flow-down: Security classification guidance must be extended to subcontractors requiring access to classified information, and each subcontractor location must be documented.
- SAM Registration Exception: While CAGE codes are required for each performance location listed on the DD Form 254, those specific locations do not need to be separately registered in the System for Award Management (SAM) solely for security purposes.
Practical Implications
- Operational Compliance: Contractors must ensure that every facility involved in classified performance is properly identified with a CAGE code and correctly documented in the NCCS to avoid delays in contract execution.
- Contract Administration: The DD Form 254 serves as the authoritative security roadmap for a contract; contractors must treat it as a binding compliance document that dictates how information is handled, stored, and transmitted.