 Welcome, and thank you for joining today's National Industrial Security Program Policy Advisory Committee meeting, also known as NISPAC. To receive all pertinent information about upcoming NISPAC meetings, please subscribe to the Information Security Oversight Offices overview blog at isu-overview.blogs.archives.gov or by going to the Federal Register. All available meeting materials, including today's agenda, slides, and biographies for NISPAC members and speakers, have been posted to the ISOO website at www.archives.gov slash isoo slash oversight hyphen groups slash NISPAC slash committee.html and have also been emailed to all registrants. Please note not all NISPAC members and speakers have biographies or slides. While this is primarily an audio conference, you're welcome to join WebEx with the link provided with your registration, as all available materials will be shared during the meeting on that platform. If you have connected through WebEx, please ensure you have opened the participant and chat panels by using the associated icons located at the bottom of your screen. If you require technical assistance, please send a private chat message to the event producer. Please note all audio connections are currently muted with the exception of NISPAC members, speakers, and ISOO who ask to please mute their own lines when not speaking. If you are not a member of the NISPAC and would like to ask a question or make a comment, please hit pound two on your phone to raise your hand. If your audio is through WebEx today, you may click the hand icon at the bottom of your screen or send your question to all panelists through chat. Another option is to email your questions and comments to nispacatnara.gov and someone will answer your questions there. This is a public meeting and like previous NISPAC meetings, it is being recorded. This recording, along with the transcript and minutes, will be available within 90 days on the NISPAC reports on Committee Activities Web page mentioned earlier. At the conclusion, a survey will be provided for feedback. If you would like to be contacted regarding your survey responses, please include your email in the comments block so the NISPAC team can get back to you personally. Let me now turn things over to Mr. Bill Fisher, the Acting Director of ISOO as well as the Acting Chairman of the NISPAC. Good morning everyone. Welcome to the 71st meeting of the National Industrial Security Program Policy Advisory Committee. I'm Bill Fisher, the Acting Director of ISOO. I'm also the Director of the National Declassification Center at the National Archives in my permanent position. I will now turn it over to my designated Federal Officer, Heather Harris Pagon. Thank you, Mr. Chairman. I will now be in attendance with the government members. I will state the name of the agency, then the agency members will reply by identifying themselves. Once I've gone through the government members, I will then move over to the industry members. After the industry members, I will then proceed to the speakers. O, D, and I? Please support us present. Thank you, DOD. Jeff Speniger, good morning. Good morning, DOE. Natasha Sumter is present. Thank you. Thank you, NRC. Good morning, everybody. Demonstrated present. Thank you, DHS. Rich DeJouseran, present. Thank you, DCSA. Matthew Roche. Thank you, CIA. This is Don, I'm present. Thank you, Commerce, DOJ. Everybody just pause time for NASA. Thank you, NSA. Heather. Heather, can you hear me? Yes. Matt Armstrong will not be at this meeting. Thank you, Air Force. Annie Bacchus, Department of the Air Force. Thank you, Navy. Dr. Andrew Jones, primary. Robin Nicol, alternate. Good morning, Laura Acton. Thank you. Now I'm going to turn to the industry members. Ike Rivers. Present. Derek Jones. Tracy Durkin. Present. Greg Sadler. Present. Thank you, Dave Tender. Present. June Winkl. Present. Jim Doug Edwards, roll call for the speakers. Mike Fowler. Present. Two calls. Present. Thank you, Mike Ray. The path that we have not heard from or we don't know about. Please speak now. Heather, this is Don from CIA. Also, as our alternate, Kelly is on the line as well. Thank you. Identify themselves by name and agency of applicable before speaking each time for the record. Work status updates starting in December. I see staff will be limited to teleworking no more than six days of pay period. I want to remind the government membership of the requirement to annually file a financial disclosure report with the National Archives and Wiccans Administration Office of General Counsel. Before a government member may serve on the NISPAC and annually thereafter, this must be done. The same form for financial disclosure that is used throughout the federal government, OGE Form 450, satisfies the reporting requirement. If there are questions, please reach out to me. Additionally, we have had a few changes to the NISPAC membership. As we spoke during the last meeting, our prior chairman and director of ICE, Mark Bradley, was retiring this summer. The Department of the Navy's primary member, Christopher Chrislip, has been replaced by Dr. Andy Jones. Laura Ogden is the new Army Alternate Member. State Department's primary member, Kim Bogger, and her alternate, Mike Hawk, were retired and have been replaced by Kim Cologne and Janice Custard-Lazarczyk. Our new industry members are Doug Edwards and Kathy Andrews, replacing Heather Sims and April Abbott. Heather Sims was also the industry spokesperson to the NISPAC and has been replaced by the Clint Eastpac member, Ike Rivers. For those departed members, thank you for your contributions over the years. We look forward to continuing the work you have done with the new representatives. I will now address the items of interest from the June 5, 2023 NISPAC public meeting. The NISPAC minutes from the last meeting were certified to be true and correct, and were finalized by me on September 1, 2023, and were posted to the ISOO website on September 6, 2023. On October 5, 2023, the ISOO joint notice with the Small Business Administration discussing their regulation, combining their mentor partage programs, was issued. It relates to joint ventures. Please see ISOO joint notice, 2024, tax 01. Do any NISPAC members have any questions? Raise your hand on the phone line or send a question via chat. We did get a message that DOJ was present, Matthew Croson and John Skinner. But other than that, there are no questions. Again, you may press pound two on the phone or click the raise hand icon in WebEx. Okay, thank you. At this time, we will now introduce our speakers for their updates. Mr. Ike Rivers, the NISPAC industry spokesperson, will provide the industry updates. Ike? First and foremost, thank you, Mr. Fisher, for hosting this meeting. Industry NISPAC looks forward to the collaboration that will come from this meeting. Before we get started, I want to say something that's very near and dear and sincere to me. Most of you know that the last month, right after I was elected to be the spokesperson, I lost my mother. I want to thank this group of folks, because many of you that are on this call reached out and sent flowers, prayers and thoughts to my family. I'm doing the passing of my mother. I want you to know that it has really helped us during this difficult time. It also showed me that our security community is not only passionate about what we do in the community, but passionate about each other. So thank you very much for uplifting me and my family. We will never forget this. Secondly, as Heather said, I want to thank our outgoing NISPAC members, Heather Sims and April Abbott, for their tremendous job they did during their tenure. And speaking of Heather Sims as a spokesperson, everybody will agree that she was definitely a pillar for the industry and helped open doors that were closed. Industry NISPAC will continue to lean on both of them for their guidance and the expertise that they've provided over the years. Also wanted to pass on a welcome to our newest members, Captain Andrew North of Grumman and Doug Edwards from Raytheon. They both bring the wealth of knowledge to this already awesome industry NISPAC team. Before I jump in to talk about a few items, I just want to say that the partnership between industry and government on all levels is steadily, and when I say steadily, steadily moving in an upward motion. We are constantly climbing this ladder when it comes to this partnership, which is tremendous and great for our great nation and national security. The collaboration has been awesome. Now although sometimes we agree to disagree, the outcome has been all about what is best to protect this great country. So thank you all for your continued partnership, and we look forward to our continued growth to this strong partnership. One of the things that industry NISPAC would love to see moving forward is going back to the face-to-face meeting between ISOO, the CSAs and industry NISPAC. If there is anything the industry NISPAC can do to help facilitate this request, please just let us know. I think we think that this would be great for everybody. Industry NISPAC just has a few items that we want to address today. I'll address these items, and then I will open it up for any of the other industry NISPAC members for additional comments. First item is the 847 full-cod mitigation. Industry NISPAC is cautiously optimistic about the 847 full-cod mitigation obligations, and we're looking forward to seeing and hearing a government plan. Industry NISPAC is also willing to review and circulate their plans to give the industry side of the changes to the acquisition process. Guided such as open ISLs continue to be an issue for industry. There's still a few that are out there that is two-and-a-half years old. Industry is looking to see if there will be a better vehicle to get policies and implementations information out. Getting a more accurate timeline will definitely be helpful to us. We all know that MBS is a four-letter that has been on our minds here for several years, but just came true to surface here recently as of 1 October. We are moving forward with the MBS transition, but we do have a few challenges with the report process for large companies. Now, Industry NISPAC and DCSA are working hand-in-hand. DCSA Vero and MBS team on this resolution understand without reports it makes validating records extremely difficult, i.e. personnel reports. You have to understand without that report it will be extremely hard to know who is who and what is what in the company. This poses a problem for not only Vero, but for industry and the different services. Mind you, these large companies that have five to ten K folks, that's really, really hard for those companies to see what is what. The smaller companies won't have as much problem as the large companies, although those problems still exist with the small companies. With the continued communication, we have been struggling with getting clear detailed information from sites such as the DCSA website on implementation procedures, system changes in a timely manner. Now, we have been working and we continue to work with DCSA with expanding on more communication avenues. We do need to ensure that all communications are filtered down, not only for the large company, but for the small mom and pop companies as well. That information is critical to those small companies. Yes, the large companies as well, but I think a lot of times we forget that we have those small companies out there. We have to, whatever we do as far as this communication piece, we need to make sure that it's easy and really available for everybody to make things easier. What I'd like to do now is just to say that we, industry in this pack, we're here to help, we're here to facilitate, we're here to do whatever it is possible within our means to collaborate to make things better. So if there's ideas out there from ISIS, the CSA, anything that we can do to collaborate together, please let us know. The doors are open, we want them to stay open. We cannot do this alone. Our adversaries are getting strong and strong and every day and we collectively have to stick together. We are team together to send them off on a daily basis. What I'd like to do now is open it up to the rest of the industry in this pack members to see if there any additional comment. Do you mind if I go first? Yes. Good morning, everyone. I would love to be in person doing this and I think we all feel the same way. Question I have this morning is the whole inside of threat process with industry and government. I wish we were in person, but this is a question not a finger point. I hate not being in person. The question is this, and I know this drum beats and drums before, is information sharing incidences with people, contractors, back and forth, stuff that DCSA is aware of or other government agencies are aware of that don't share with us. You know, it's reference to the briefing that we had with the man tech situation with the shooting at one of their facilities with information that was not received or communicated. And again, this is not a finger point. This is just, you know, request. Did you know in handcuffs industry a lot of everyone's concerned about something like this happened again. So my question to you all is, you know, to help us better our. Our companies protect ourselves and protect you are the government contractors. Going to government. Is there any progress been made or any attempt that's going forward. There's a lot going on in reference to information sharing between industry and government responding their line may be muted. Good morning. This is Jeff Spenninger. I'm sorry. And I think the hesitation and going on is more a function of, of, of, like I said, virtual virtual challenges and not trying to step on anybody. So I wanted to wait a moment there. Just to clear the comms. So that's my way of saying I absolutely agree and hope that this is the last of the virtuals. Although I, although my, I do like the shoes I'm wearing better than the ones I would have to wear in person. So, but hey, yeah, amen. So one, two things I have to say the first being I love the fact that there's a question, you know, frequently. And I think, again, as a byproduct of this being virtual, these, these meetings tend to be transmit only. And not a discussion. So, so happy for any question, even if it's a hard one, which this one certainly is. And so, with that in mind though, and I'll get into this a little bit more in when, when I provide my remarks, but information sharing, you know, sharing, you know, is, is, is definitely been a byproduct of a number of the challenges that we've experienced over the last. Six months. The problem is, of course, been much longer than that. There are some plans and work right now to, to attempt to reprise what had been done several years ago, which is to tabletop this to understand what, what information elements are required to be shared and then addressing the hurdles. In sharing, you know, you know, a piecemeal that is very much in the nascent stage. If I could put ourselves on notice here, I'm happy to be phoning a friend here later today to my battle buddy Jill Baker. Who leads this up for for us and find out where we are in the planning and then and maybe kick this over to a working group 1 to give you all an update on what we are proposing in terms of trying tabletop this. At a policy layer and not continue to kind of grind on it at the at the execution layer, right? So, which is maybe something that we've been attempting with, with not a lot of success over the last. Yeah, well, for quite some time over. Hey, hey, Jeff. Hey, Jeff, this is like, I really, really, we really, really appreciate that, right? Because it's, it's something that the industry acts all the time, you know, from the different agencies, you know, because we all know that each agency does their, you know, has a small portion of, you know, the things that they do that are different. And it'd be helpful because most of us have companies, right? That that are involved in most of those agencies, right? And that information sharing will help us get our folks through lines and processes and a lot faster. And in this particular case, it could help and save lives for that particular matter. So that information sharing is extremely important in your and you coming on helping us try to navigate that and pass on that open communication to the industry will really, really help. So thank you very much for coming on and saying and presenting that. Is there anybody else from the industry in this pack members that would like to add an additional comment? Yes, I this is Jane Dinkle. Thank you for the floor and hello everyone. I really wanted to mention reciprocity. And in general, I want to acknowledge the success that we've had in the area of personnel security clearance reciprocity. There are a few challenges they continue, but in general, we do consider this an overall success story. And we'd also like to see similar progress in the area of 705 standards and physical security requirements implementation for special program areas from agency to agency. So maybe we can add that to our work plan going forward to try to achieve the same level of success. Thanks, Jane. Anybody else from industry in this pack? Well, Heather, I think that is it for the team. I do want to leave with just thanking everybody on all avenues. The services, the government and everybody that has been involved with this partnership. It is getting stronger and stronger and the more that we collaborate and get together. We just strengthen this great nation to be in a position to do great things and to be able to shield ourselves from anything that the adversary throws at us. Again, whatever industry in this pack can do to continue to foster this great relationship, please just let us know with there. That is all from the industry side. Thank you. I can't, do we have anything in the queue? We have one person who's raised their hand. Greg Pinoni, please go ahead. Hold on one minute, Mr. Pinoni. Now, can you restart, please? Sure. Greg Pinoni, Johns Hopkins University Applied Physics Lab. And I hope I'm not out of line, but can you hear me? Yes, we can. Okay. And I think, like Rivers really said it, but the overarching concept of partnership and collaboration really appreciate what Jeff said about, you know, in the area of information sharing, looking at a tabletop exercise. But what I wanted to really say in the context of all that with the collaboration and addressing critical challenges for to put a plug in, if my industry colleagues agree, to invite industry in as early as possible in the process. So the example of the tabletop, I think inviting industry into a tabletop exercise to provide input on what the critical information that from the industry perspective would be most necessary and useful would be an example of that what I'm trying to convey and perhaps not in a very articulate way. So that was all I wanted to mention. Thank you. Thank you. There's no further people. Thank you. Okay. Thank you. Mr. Jeff, the director for critical technology protection for the office of the under secretary of defense for intelligence and security. We'll give the update on behalf of the as in this executive agent. Jeff. Good morning. Thank you very much, Heather. Good morning, everyone. Thank you very much for the opportunity to participate in this. Before I begin my formal remarks, I just want to start by, by, by offering some echoes to some of what I shared earlier, both in wishing well and congratulating Keith, Heather and April on their six completing their successful tenure. What's interesting is, I think in the beginning, Mr. Fisher, you mentioned that there have been 71 this packs. Public meetings. I'm pretty sure that Keith has been at all of them and has spoken at all of them. So we're going to try to figure out a way to entice him to chime in from the chief seats today. But, but his stewardship and the strong partnership that, you know, that, you know, that, that, that he had and maintained along with, you know, that Heather and April and frankly, so many others. You know, has is something that that we're all challenged. Those of us who remain. You know, on the committee, you know, our challenges to capitalize on their great work and continue to expand it. So, so with that, I would say, then welcome Mike, Kathy and, and Dr. Edwards. I want to make sure I get that right. Very happy to have you joining us. Our phones are always open and we are better for the collaboration always. So, so I want to say thank you on that on that front. I definitely want to offer an echo to something else that I said with with advocacy of the face to face. Right. So the, the awkwardness of the exchange from earlier today. I just kind of highlights it, but, but also give some promise. It was, it was great to have a couple, you know, questions and some, some, some level of conversation, such as we're able to muster when we're all distributed all over the place. And so I think that's great. But I also think there's an opportunity before before I dive in here to highlight again something else that that I mentioned, and it does speak to formality. Right. So that that flow of information, you know, particularly, you know, while we tend to spend a lot of time is, you know, with the, you know, and are greatly connected both through, you know, in this pack, the various associations that are out there. Great connections, great partnerships that are absolutely invaluable with with those larger companies. You know, I do take the heart of what, what, what I mentioned, you know, about ensuring that we are, you know, we're able to cast and as wide as we can possibly make it, you know, to be able to reach, you know, there's the kind of what are the meat of the, the industrial security program, which are companies that are small in size. You know, those are the engine that everyone relies on. I hear that all the time, not always, frankly, as a, as a function of conversations on industrial security, but on things like supply chain resilience. You know, and yes, and national descent strategy imperatives, you know, that, that, that, that absolutely underscore that the, the, the essential nature of a vibrant supply chain for the department and national security mission spaces. So all that a little soliloquy is it's a bit of an endorsement of the face to face, but it's also of the formality that comes with this pack. Right. You know, I'm reminded anytime we do the prep here that everything we say is on the record and on the record is, is absolutely essential because that's where accountability comes from. So there's no shortage of collaboration as, as has already been mentioned and I'm sure we'll continue to be mentioned and highlighted in some of the great work that I think is going to be reflected across the balance of the agenda. But it's that on the record piece of this thing that I, you know, as I kind of play my own tenure that I think allows us to move forward and take very challenging, contentious issues where sometimes we're not all fully aligned. But when we're able to, we're expected to, to bring them, bring them to light, put them to discussion and then follow up on them, you know, through the stewardship of, of ICU and then this pack. Then we get that we make forward progress and we get things done. And so with that, you know, and considering, you know, an in person, you know, for future in this packs, I hope we will revisit. And I can't miss the opportunity to mention as I have over the last several public meetings, the need for probably increasing this possibly increasing the frequency also for the on the record. No disrespect to the working groups, but it's the on the record stuff that that holds us all the task and we're all able to measure our progress and know our challenges and then work through them. So with that, I'm happy for the opportunity to provide some updates on, you know, a number of, you know, of those same kinds of areas where we have some, some kind of weighty issues that we're working on. And I'd like to provide some updates on that. The 1st 1. 1st and foremost, and is with respect to the ability to use cloud services in support of this requirements. As many of you are aware, we have worked through several instances of direct contract or use of commercial cloud services to support the contracts that require access and utilization of classified information. As cloud becomes more prolific in the NISP and that that is a bit optimistic at this time, but, but we are the gear is actually beginning to rotate, which is, I think, absolutely essential. We are aware that there are continuing questions regarding requirements for how to go about noting the permissibility for for the use of commercial cloud services on the contracts. To that end, and with the tip of the hat to to some some strong industry advocacy from from from several companies. You know, who have many, many classified systems that that are used to support, you know, the department customers across the across the defense enterprise. We have engaged with with our counterparts on the acquisition side of things in the office, the under secretary defense for acquisition and sustainment to obtain some clarity on a couple of legacy default clauses that relate to cloud. And I'm not going to rattle off the numbers here. Most of you are familiar with them. We are, we are looking to codify. We originally and aspirationally, you know, tempted to see if we could rescind them said, or maybe overcome by events that that is proved to be maybe a bridge too far. And there's there's some some reasonable contracting reasons for that that I I'm not going to embarrass myself and try to explain in a public forum. But suffice to say, I understand. On the other hand, they, we have gotten a greater guidance from our acquisition partners that the they don't actually present an impediment at all. There's, there's some clarifying there's some clarification that's necessary. And that's something that we're working through right now. The first and foremost, you know, a way that this will be observable to this members will be through the issuance of an industrial security letter is almost done. I don't I'm not a big forecast person, but we'll put ourselves out there. I'm optimistic that I'd like to see that I'd like to say that we will we will see it before it turns to 2024 on the calendar. That's certainly within the realm of the possibility, but it'll be the first one out of the shoot for us issue and in this real security letter under the the the the what is it for us a new process mindful of the NISPOM as a federal rule. But we think it's the right one to move forward with because it's a it's a pretty present issue. And so we will get that done here. Here and in relatively short order. I think that will make some headway. That's not going to get us done though, not not not by a long shot. We're also working. You know, very closely with with our counterparts at DCSA and across the components recording to come up with common acceptable documentation. We think the 254 is the right place for this for all the reasons that the dv254 exists. And we're looking to kind of streamline that so to to anticipate some consistency as as requirements for commercial cloud services will continue to grow. And I'm this last point and with the tip of the hat to to frankly, to Keith minor, you know, we were chatting earlier in the week and he proposed a simple, but in my estimation brilliant, you know, additional step that we can take that that one creates some affirmation of the of the authorization to use commercial cloud services. But also something we can get done pretty fast and that is without modifying the form itself, but much, but rather aiming and modifying the instructions that that attend to the form. All the fine print that that sits in those in those back pages and noting the the permissibility of commercial cloud services within the instructions will be an important step. And so again, you know, noting the dangers of forecasting. I think it's a useful exercise to do this in this forum and say that we will we'll endeavor to move pretty fast on that front, not quite ready to put a specific timeline to that, but I think it can be quite quite aggressive. And so all of those are, you know, to me represent a lot of forward progress and and and this particular issue is, I think, a pretty good example of the value of this pack because it has we have been on the record as we take in this journey has been an absolute partnership. We would not be where we are, but for some some active participation from a number of companies, you know, who are willing to take on some risk and uncertainty to work with the government and get us to where we are today. So we're not done yet, but but we are we are definitely closer than we have been. So the next one and I can touch on this one. I'm glad you did. Now was the discussions related to 847. Just level set a little bit. Oh, sorry. Hello. We can hear you. Okay. So 847. If there was one part of my remarks where maybe it would be great if you didn't hear me, it would be this one. I'm kidding, of course, but the just just a level set. Not sure who who who in the audience is completely aware, but 847, you know, comes to us from public law. 116 next 92 and expanded extends requirements for folk I modeled after what what what all the companies and that's just true program are familiar with it applies to companies who seek to perform on the VOD contracts or subcontracts with a value in excess of $5 million, including those contracts for which all the requirements required work is unclassified. Requires DCSA specifically to conduct a folk I assessment and possibly mitigate risks of folk I have covered contracts for inclusion in the acquisition decision process. The policy. We're mindful of timelines on to this point right that is that is a major change and although modeled after, you know, in this requirements for folk I. It's that pre award aim point versus the post award process that we're all familiar with that that has caused us to be quite deliberate as we as we move forward. At the same time in saying that this is a major and important shift in assessing the department supply chain and a pre award versus post award matter. And again, it's, it's, you know, echoing some of what I said earlier. It's representative of the, you know, evolving nature of the threats we face. You know, to deliver war fighting capabilities that we can rely on. So with that, mindful of that, that pre versus post that we have been quite deliberate in this. I've reported this out before we continue to do that. The policy work that we're doing today is in its final stages right to be quite candid. We're literally down to one unresolved issue within the policy document. Which is a tremendous accomplishment that that tip of the hat to Alison and Ella from my team for her dog in this. Laura act down was working with her up until the summer and then this just for the army and now Glenn. Clay who's just recently joined us from the Navy, but there we're, we're in, we're in the home stretch here. Having to write some words to, to, to pass some legal muster, but we're feeling reasonably optimistic about where that leaves us. This gets to the meat of the matter and I think the request that was perfectly reasonable and I think will be very helpful. You know, that came in, you know, I that you mentioned. Which is the, the opportunity for, for being able to understand. You know, what the rule making that will come that accompanies, you know. A shift of this type and that's that's pending. So we'll take an action out of this call today. You know, in addition to what I mentioned earlier with with respect to entire threat information sharing, but we'll take an action to go back and work with our NS counterparts. Because the rulemaking should begin to move forward here and in earnest we have aimed for what, what in policy parlance is referred to as legal sufficiency review. We are, we are possibly 1 email away from that process beginning. And this is where then we begin to parallel, parallel track into the rulemaking phase of this, which is, you know, which will necessitate, you know, certainly awareness by industry. Our industry partners, but also and more importantly understanding. So we can all move forward and achieve what was expected in the, you know, by the purpose of the law in the 1st place. So, so with that, we think that that's probably against something that now we'll bring to the clearance working group. If that would be the right one. Alson just told me and I can't remember what she said. So if I got that wrong, I apologize. But, but nonetheless, we'll be bringing that here. We're just about at that point. Switching gears, another topic of some, some contentiousness that continues to play out and that's with respect to the joint ventures, small business, joint ventures. And so with the tip of the hat and a thank you to ICU for publishing a notice on small business, you know, the and guidance on the small business federal rule. We're happy to have that. It represents some, some, some progress on the issue. It's pretty complex. Again, with it with a measure of candor. I've read the guidance several times and it's helpful in subsequent readings. We think we understand the intent ultimately for the department. We think it helps to complement and reinforce what we intend to push over the line here in the coming month or so. And that is a what we call a directive type memorandum that will help to further clarify and provide guidance to, to address the issue. We got this. I think when, when we're done here, the DTM will provide guidance, Google DC essay and the components on the process for joint ventures that meet criteria within the, within the, within the statute that established, you know, we're some of the the conflict exists. It will provide some guidance there to be able to kind of meander through that without having to go and take the extraordinary step to request exceptions to policies related to the industrial security program. Something which is an arduous and time consuming process. It's sand in the gears and flows things down and and we're slowing things down. We're we're contract awards are that doesn't serve anybody's purpose. It certainly doesn't serve the departments and nor that of the of the small businesses that that frankly we rely on for the award and who rely on those awards in order to be able to frankly operate. So, we'll continue to keep you posted on that when we think that that will move relatively quickly once it clears the lawyers. Everyone knows it's it's important. I was I briefed my leadership on on it most recently on Monday. And so that's that's where we stand at this time. To two other brief topics here to touch on. It doesn't feel like you can go a week without saying the word's trusted workforce in the next one another in a sentence. I made it several months without having to do that and now we seem to do it all the time. But brief update on on on the department's efforts with respect to 2.0. You know, the recent 45 day review that that that we undertook earlier in the summer and the subsequent follow on actions that the secretary of defense has discussed it for us regarding security and depth. You know, really became a highlighted the importance of the ways in which we identify mitigate a risk just brings us right to trust the workforce. The review provided, you know, with some data and result in the form that we were able to use to form recommendations for policy procedural and and candidly some cultural changes within the department. Much of these focus much of the focus areas center around personal security and and line up pretty well and a bit of clarion calls with respect to trust the workforce efforts and a point. The department's trust the workforce 2.0 implementation efforts, like policy improvements, continuous vetting enrollment, elimination of PRs. I've already led to significant measurable improvements in the personnel vetting processes and. Remaining initiatives like CV for non sensitive public trust population shared services through DCSA and continue focus on end this deployment. Aim to increase efficiencies, reduce birds on the vetting process, increase overall workforce mobility. Cross personal vetting domains. You know, our our personal vetting counterparts are working to evolve the department's methods for information sharing along these this same access right so and not to. To our earlier discussion and some of the homework that we'll take out at today's meeting under trust the workforce agency specific information is forecast for incorporation from partner mission areas into continuous vetting, which will enable. You know, more robust personal vetting and risk management. And finally, along the same access trust the workforce. You know, you know, the bumper sticker for us is it will better position the department to develop and maintain personnel ready. You know, to protect our national security and that's across the borough. So, you know, contractors, military personnel and of course, as well. And finally, the last topic I wanted to raise today was, was just to highlight the, the, the second NISCOM amendment. It's, it's progressing is with our, it's pending approval now from from our senior leadership to be published to the federal register. So we're within the workflow. It's all pencils are down now subject to any questions from our leadership. We, we anticipate it to be signed. You know, whenever we're able to kind of cycle it into the, to all the other things that that our senior leaders have to kind of play right now in a, in a pretty topsy turvy world stage. The amendment includes updated language on safeguarding offers some clarity with respect to open storage requirements, including procedures for leaving an open storage area unattended during business hours. And allows for delegation of open storage area approval authority for episodes, if agreed to by the Cognizant Security Agency. All of these changes are reflective of recommendations that came in through the public comments. You know, which is a good and open and transparent dialogue. Ironically, once published, there's an opportunity to comment on the, the amendments. So the process continues and I know I can speak for Allison and, and now Glenn that they're super excited because rulemaking is. Well, it's a, it's a process. And so, so, but it is also reflective of the need for, you know, continuing dialogue. Those, those rules become that common script that we all operate. You know, in terms of, and so, making sure that we're getting the language correct in a way that will hold up over time is, is important and we need, we need your help and assistance for that. With that, that concludes my remarks. Happy to answer any questions or thank you very much for the opportunity to participate today. Any members having questions. This is Greg Sadler. Jeff, can you elaborate on the last item you touched on regarding the open storage approvals? I just want to make sure I capture that. So, other than the people, not with a great deal of depth to be very frank with you, Greg, I just know we had comments that came in that looked for us to offer clarifying language. That would showcase it is absolutely permissible for the, for, for open storage area approval authority to be delegated to an FSO, right? So, pending the, you know, based on Cognizant Security Agency, you know, direction. So if, you know, so that some level of documentation of that. Mindful of I'm thinking of DCSA coming in when they want to conduct an assessment, right? Understanding what was permitted to be left in open storage or left out, excuse me, you know, would be subject only to documentation. I'm happy to take a note back and we can either update my remarks when we, when we, when we go through this, just to be able to offer some more clarifying language. And, and of course, we're always available to, to provide, you know, more detail offline, although that won't serve everyone else in attendance today. Appreciate it. Thank you. You bet. Any other members have any questions for Jeff? Hey, Heather, this is Ike. Yes. Hey, hey, Jeff. We, I haven't seen or I don't think any of us have seen the NISPOM amendment. Is that a possibility for it to see that? So, if it is absolutely, we will, we'll get it out straight away. My normal answer would be to say just an unqualified yes. I just want to make sure that I hope you can appreciate, I want to preserve some decision space for my leadership since we've made it through all the coordination steps at this point. You know, we're literally at the phase where we're just asking for signature. I don't want to do anything that would up in that because it's taken kind of a long time to get here. On the other hand, if we're allowed to send it out as a draft, we'll do so today. And gosh, if we were in person, I would just sort of be looking kind of over my glasses at Allison and she would probably be able to give us an answer right now. Right. But, but yeah, you bet. Okay. Thank you. Jeff, this is Jane Dinkle with the NISPAC and I had a question about the cloud services and how we document those. You mentioned earlier or the ability to use the cloud services and you mentioned that you'd engaged with acquisition and they were updating or working on the DeFar clauses and that the, the isl is almost done and we'll see that by January 1. That's where the calendar hits 2024. And then you mentioned about Keith Minard updating the instructions to the DD254. So all of that will come out at the same time. So probably not. So let me, let me kind of reverse the order there. One, you know, so this modification instructions. You can't, it was Keith's idea, but someone else has to do the work and he specializes in that a little bit, but it's a great idea and it's actually a pretty straightforward, you know, think thing to undertake. So I, I'm hesitant to put a clock on that now, though, I think, you know, we'll be able to do so even, you know, when the, when the working groups next convene here, if they meet in the month of December. So we should be able to have a clock on that with respect to the isl. Yeah, I'd like to hammer down on that one. You know, I didn't, maybe I didn't touch on it with enough depth, but the process for issuing isl now requires us in a good way. But we need to, to, to make sure that we, we get OPA or OMB coordination before we move to, to putting an industrial security letter out. And so that is a wrinkle in the way in which that, that, that isn't the same way that we've done it in the past. And we're, we're stepping through that right now, both so that we, the Royal, we, the department, you know, certainly, you know, coordination through this pack. But also in this engagement with, with OMB, we can get, we can identify a repeatable process. And so we're, because isl is an important tool as I think has been alluded to. So we have a number of them in the pipeline. We went forward with all of them back earlier in the fall. And I think maybe overwhelm the system a little bit, the same time that we were also pressing with OMB on the NISCOM amendment. And so what we needed to do was to kind of sequence that out a little bit. Certainly with, with deference to DCSA, if they felt differently, but for, for, for my office, this first one, the cloud isl is at the top of the stack for us for the reasons that I've already outlined. And I'd like to see that go forward and and see it up for signature this calendar year. Absolutely. With respect to the DeFar, I want to make sure that there wasn't any confusion. There are no changes proposed for the two. There are two DeFar clauses that that relate to to cloud services. And that's neither one of which is proposed for change because neither one of which impedes the use of commercial cloud services in the NIS. What is necessary is for us to come up with some consistent language and the mechanisms to note, you know, and annotate the permissibility for the use of cloud as a, you know, on on contracts requiring access. And that's what we have focused on at this point. Much appreciated. Thank you for that clarification. Of course. Thank you. All right. Any other members have any questions for draft? We will hear from the policy officer for the policy and collaboration group with the special security directorate national counterintelligence and security center with the office of the national with the office of the director of national intelligence. Good morning, everyone. Thank you, Heather. So this is Lisa Perez of OD and I to keep April and Heather. Thank you for your great work on the NIS pack and for your collaboration during your tenure. I wish you all equivalent success in your new roles. Also, thank you to Ike for sharing industry perspectives. Much appreciated and to Jeff. Thank you for the detailed remarks and answers to all these questions and support for the trust of workforce 2.0 initiative. And speaking of trusted workforce 2.0 under the initiative, OD and I and OPM issued guidance to agencies for how they should collect and report metrics in alignment with the previously issued federal personnel vetting performance management standards. So the guidance will help improve data consistency and reliability across the executive branch. So 2 key changes include setting substantially more aggressive and aspirational timeliness targets for the end to end personnel vetting process and establishing a metric measuring the average time needed for agencies to reach an onboarding decision. So the new metrics will be iterative. Excuse me. I cannot say that word iterative iteratively rolled out based on agency ready and readiness moving toward the full implementation in fiscal year 25. And then on to the next thing I was asked today to speak about the SF 312. So the SF 312 is currently undergoing some updates and is currently going through the DNA approval process. We do not have projected release date right now, but I just wanted to make sure that was on your radar. After issuance, I'll provide an overview of changes to the NISPAC and the updated version will be made accessible through our website. So meanwhile, the current version of the form may be digitally signed in accordance with 32 CFR 2001.80. And through coordination with U.S. General Services Administration, the link from the DNI.gov website takes you to the current version of the SF 312, classified information nondisclosure agreement that is configured for digital signatures. So when clicking on the link on the GSA webpage, the document will open in web browser view and it will be form fillable. But we've had some questions. So we've learned from these questions and emails that some have experienced that they're unable to apply the digital signature in that particular view. If this is the case, just want to remind everyone, you can save the document from the web browser to your system and you can reopen it in Adobe Reader. In Adobe Reader, the digital signatures can be applied. Adobe Reader is downloadable from the same GSA webpage. And probably through ISOO, I'll provide a copy of this explanation with a screenshot displaying the GSA webpage. And then I'll also provide a link to the GSA webpage as well as a copy of the brochure we have prepared to provide an overview and answer frequently asked questions regarding the SF 312. And then as a follow on, once we've actually updated the SF 312, we plan to move on to our 4414 for those of you familiar with it. But no specifics about that one yet. And that is really all the updates for me today. Are there any questions for me? Thank you. Any questions for me? Up next is Mr. Rich DeJoceron, the Deputy Director for the Enterprise Security Programs and Policy of the National Security Services Division with the Office of the Chief Security Officer at the Department of Homeland Security who will provide their update. Rich? Thanks, Heather. Good morning, everyone. I do not have any official updates for the group. However, I do have some information for the group. The Office of the Chief Security Officer under the Department of Management, I'm sorry, Management Directorate, we have completed our move from Seventh and D. Washington, D.C. to the new TSA headquarters in Springfield, Virginia. Management Directorate now occupies the sixth floor and we are here until further notice and we will also continue in the telework posture for the foreseeable future. That's really all I have. If there are any questions, I'm happy to answer. Thanks, Rich. It looks like there's no questions in D.C. Any questions? All right. Mr. Mike Foller, Approving Management Specialist with DCSA's Envis Planning and Deployment is now going to provide an Envis update, Mike. Hey, good morning, everybody. Yes, this is Mike Foller here with the DCSA Envis Planning and Deployment Office here to provide a briefing on Envis this morning. So I appreciate the ability to join here today. I just want to reiterate a couple of things that I mentioned earlier as far as the partnership goes between our team and our organization and industry, especially than this PACT team. We've had a tremendous relationship with those folks over the last year as we've moved forward with Envis. We meet with the group multiple times a week to do meetings and updates, and we're also communicating back and forth on a daily basis. So getting some great responses back, getting a lot of good information from the industry folks on some of the challenges that they're seeing with the system. We've made a number of strides to get folks onboarded here for the first of October. And just like I said, great partnership. Several weeks ago, we actually hosted nine folks from the Ms. PACT team in Boyers, Pennsylvania at our processing facility. We had a two-day session with them, covered a lot of great information about FY24 and how Envis is going to be rolled out over the next fiscal year, talked about a number of issues and concerns from both ends. And then we also talked a lot about training and communication. So I'm going to cover some of that stuff here today. I did provide a slide deck. If folks want to take a look at that, if you're following along on the slides, we can go ahead and move to slide number three, which is our past, present, and future slide. So just in general, we wanted to cover where we've been, where we are, and where we're going with the Envis program. So just real quick, where we've been last year, we started scaling industry companies in March 2023. The memo from Director Litzow came out on May 5th to the Ms. PACT Informing Industry to Complete Transition to E-Appricates Initiation by October 1st. Like I said, extensive communication with the Ms. PACT team, with our industry partners, get the word out, and work with industry to get onboarded. So we do have everybody, we do have the majority of industry onboarded into Envis. We removed the case initiation function in DIS on October 1st. E-App has officially replaced EQUIP as the standard form collection platform. With that, it improves the security, data validation, and user experience. And also we're working closely with the V-ROW team who has been processing background investigations and CV requests in both Envis and DIS for the time being. We are continuing to see cases come through on DIS. We are clearing out that inventory at this point in time. While there's no new initiations there being initiated in DIS, we do still have some of those cases that were in progress prior to the 1st. But we're continuing to see those progress. Right now we're looking at 99% of case initiations coming through to us via Envis. So good success story there. And as far as the onboarding piece goes, we do still have a few companies that we're working with to make sure that they do get transitioned over to Envis. I think a few of them held off over the last couple of months because they were not planning on initiating any investigation requests or CV requests. But we are continuing to track and monitor those folks. We're working closely with our industrial security team who is working with the FSOs at those companies to push out the guidance needed for them to onboard into the system. So we're continuing to progress there. Over right now there is still some swivel chair activities, common term that we use here, common term that will be used for quite some time here as far as, you know, functions that are available in both DIS and Envis. One of the things that that recently did come up. We have provided guidance for onboarding personnel and for bringing new folks into the system. As far as, you know, actions that need to take place in this versus actions that need to take place in Envis and in some cases both systems. We've very much focused on the initial piece where we're bringing subjects onboard, but we also need to focus on, you know, what happens whenever subjects leave a company. One of the things that came out of the most recent mis-packed group that we had on Monday was to provide some guidance for that. So we're continuing to do that. Working on that, as always, we work closely with our PSEs on the industry side to make sure that we're providing the right information and an understandable and, you know, an effective format. So that continues. I did see that I mentioned the reporting issues and we agree. The reporting issues that have occurred over the last couple of months here have been an issue for industry as well as our other customer agencies. The output on those reports currently capped at 10,000, which is not acceptable for, you know, several of our industry companies that have, you know, many more employees than that. Our customer agencies following the same situation. Some of our large submitters have the same, same issues. So one thing we do want to mention is we are working closely with our solutions team to do two things. Number one, we're working to expand the output from 10,000 to 100,000. And we are also working on expanding the timeouts to 15 minutes. The legacy and lag, I'm sorry, the lag time issues that are coming back from industry, you know, again, unacceptable need to be, need to be resolved. And we're also, you know, just overall that, that feature is expected to be tentatively rolled out in our December release, which is in this 4.6. So we're, again, working very closely with our solutions team to make that resolution and make sure that that information is available to industry and all of our customers. So future, a couple of things coming up. First thing, the big, big future item that we have for FY 24 is going to be subject management. All of that information and functionality that folks are seeing in this today on the industry side and some of our non DOD folks are seeing on the CVS side. We're going to end up transferring over into and this this year. This includes data migration and mapping as well as the transition to and this is the official system of record. So remember, whenever we move from J pass to this several years ago, there was an official notice that came out identifying this is the system of record. That same information will come out for for and this in the future. The data is just 100% TBD at this point in time, it's dependent on the functionality of the system, the capabilities involved. Also, internally, we're going to be working quite a few items on the internal side of DCSA. So we're going to be working the background investigation piece continuous vetting and adjudications at the DOD at the DCSA cast. So a lot of information to carry forward there over the next year. 4.4 million data points need to be carried forward from our legacy systems. There's 32 system legacy systems that we need to account for and pull forward. One of those, you know, pretty close to me here is a prior background investigation. Employee is PIPs. We have 200 terabytes of data that needs to get carried forward from PIPs into and best. So big heavy lift there, a lot of information coming forward, a lot of functionality. You know, some of these systems, for example, PIPs has been around for over 50 years. It's been, you know, patched over many times, a lot of functionality that needs to come forward. So heavy lift there as well. So we're working, you know, both internally and externally to move forward on our systems. If you're following along, let's move on to slide number 4, all about the data. So data that, you know, as we move forward, data migration is a key component to all of our, to the success of NBIS. So a couple of things that we have migrated so far. Subject pre-filled data has been pulled forward from EQUIP to EAP. So if a subject had a previous investigation request initiated or completed in EQUIP, that pre-fill information is going to carry forward. So same as EQUIP, if you have a re-investigation or a new request, you log in to the next request. Your typewritten information is carried forward and available for you to update the standard form. You do have to answer the yes-no questions as you did before and make sure that you make any updates as needed. Also, subject affiliation has been pulled forward from this to NBIS in September. We mapped subject data, I'm sorry, we mapped subjects from the system SMOS to the corresponding NBIS orgs in September. This is completed using a flat file at this point. There was a major push in September that pulled all of the information over actually around 98%, which is actually pretty successful for us. When it comes to moving data, the remaining 2% has also been resolved at this point in time. And subject affiliation is now present on the subject management tab in NBIS. So folks are able to go in and see that information at this point. We're continuing to update this information two ways. Those information coming back and forth between this and NBIS on weekly files. This is expected to continue until real-time update is in place. That's targeted later in calendar year 24, probably the first quarter of the new year. So, data to be migrated, a lot of information that's listed on the slides here. No need to really go through it. It just kind of covers everything basically in short. Anything that's on this at this point in time is going to have to carry forward into NBIS. So working very closely with our data team to make sure that we do have the one-to-one transition on that and that that information is carried forward into the correct location where our users can see and take action as needed. So a couple actions for today. As mentioned, the swivel chair is still in play working back and forth. Some of our customers are going to have to work several items in NBIS, some items in NBIS, some items in both. We do have a number of pieces of documentation and guidance that are out there that we've presented to the users. Primarily our training materials are available in step system as well as ServiceNow, also known as ESD. Knowledge articles that are out there for folks to use and gain access to. So also on the slide bottom right there is a hot link to step for the IR guide that is available to folks. Certainly we want to make sure that everybody gets a chance to take advantage of that and the other documents that are out there in our training site. So if we move on to the next slide. One other thing we heard from both Ike today and then also from our NISPAC members that joined us up in Boyer several weeks ago was communication. You know, big issue that we had, you know, at least a month ago as recently as a month ago was that our website, you know, didn't really have a lot of great information on there about NBIS. It's probably one of the biggest areas of concern for us over the past several years. And it was the information that was on the website was very minimal. So we were working with our Office of Communications and Congressional Affairs team, otherwise known as OCA, and we've been working on the website to add additional information on there. One of the latest things that came out, you know, several weeks ago was the addition of the NBIS tab. So if you go to dcsa.mil, go to the home page on the top, top page you can kind of see it on the slide here. There is an NBIS tab that's available to anywhere you are in the system. If you hover over that, you get a dropdown menu that has a lot of information and, you know, good information for, you know, all of our customers that are out there. We have a federal onboarding link and then we also have information for industry onboarding on there as well. A couple of things that we've added to that. First off, Vero has helped us tremendously with adding some additional industry specific documentation that's out there that will help folks with the initiate new function in the system. We also added a hot link in there to provide a redirect to the voice of the industry. Over the past several months, we've been putting a lot of great information out into the voice of industry about updates to NBIS, updates to processing. It's already available on our website, but sometimes, you know, you have to go through several locations to get it. So we added that link on there as well. We're really looking at this as a springboard to more output in the future. A couple of things that we're looking at in the future term. We're looking at adding releases and updates, versions and hotfixes. You know, we have a new version of NBIS that is expected to come out quarterly in the future. We're also working a number of hotfixes at this point in time. We're working through some weekly hotfixes to try to make certain updates to the system to improve functionality. Something else that will be added on to the overall dropdown is NBIS training. There's going to be a sub page on there. We've been working very closely with the NBIS training team to get that information updated and provide quick links to, you know, step, service now. Other locations on our website that have important information for all of our customers. So that information will be coming out. Something else we're working through is to add additional guides and resources. If you look through our website now, a lot of the guides that we have out there relate to EQUIP. How to fill out my form, how to complete the SF-86 is very EQUIP centric because that was the system we have been using over the last 20 years. So, you know, what we're working on is getting that updated to EAP. So that will continue to go forward. We're also working dates, updates on the NBIS news page. We do have some information out there already. So we do have that out there. One thing we do have available on the news and publications is a 27 promotional message from this pack. So that is also out there. So more information to come in 2024. I know we're getting close to the 10-minute mark, so I'll just kind of move it along so we can have some questions here at the end. If we go to the last page, one thing we do want to mention, we do have some new contact numbers for our health resources coming up. So the Boyer's phone number, Boyer's phone numbers have changed from a 724 area code to an 878 area code. This information is on our homepage on dcsa.nil. That covers, you know, specific health desks folks. Many industry folks have used the CET and the Applicant Knowledge Center over the past several years. We do have new contact numbers for them. It's listed on the slide here, and it's also listed on our homepage of dcsa.nil. So we certainly hope folks get a chance to use that going forward. And that is it. That is what we have as far as the slides today, and happy to answer any questions anybody has. Hey, Mike, this is Mike. Yes, sir. Hey, Mike, I just want to commend your team at DCSA for hearing industry. I know that several of us from industry in this pack was part of talking about the enhanced communication. And we really, really appreciate the fact that you heard us. You guys evaluated what needed to be done. And it's great to see that you're taking the steps to ensure that no one is left out in industry. So we appreciate the fact that you heard us and you're putting some of those things to some of those things to good use. So thank you for that. Yeah, thank you. I appreciate that very much. And honestly, you know, from our end as well, I mean, your input and communication is only helping us and helping the community. So, you know, it's definitely a two-way street here. So we certainly appreciate the partnership we've had with the team in this project. I've been in this space for quite some time. And this is probably the best partnership I've seen, you know, as far as going back and forth and, you know, the pace of communication between our two groups. So certainly appreciate it. And, you know, looking forward to continuing to keep improving. Thanks, Mike. This is Greg Souther. I got, I got two questions, brief ones, I believe. The first one is when you reference the system of record change that it's TBD from a DCSA perspective is that TBD notional 2024 or more confident TBD 2025 fiscal year. Yeah, I would not have a solid answer for you on that one, Greg. It is, at this point is just TBD. Okay, we're not cracking it in any sort of ballpark figure at this point. Okay, no, I appreciate that and completely understand. The second one is, is Envis is obviously a bright, shiny, hugely impacting object that DCSA has been chartered to roll out. And as I said, and you've reported it's moving and the communications improving and etc. Does the agency believe that that it's drawing resources or leave it resources away from the other systems that DCSA is chartered to not only administer and keep alive. But, you know, roll out, we've got this, which is is bumpy. We've all agreed on that in various forms. We've got NCCS, which is in a roll out state that's a little delayed. We've got requirements gathering for for what's the acronym and I to or miss 2.0, whichever vernacular art. Are there enough resources within the department to manage those priorities? And if so, just offer the opportunity to the comment. Sure. Thanks for the question, Greg. And yes, there we are working both legacy and and and this at this point. And we're going to continue to do so. But for the immediate future, not seeing a real end date on that. I mean, we do have, you know, decommission actions that are going to be coming out here. They've actually already been posted on, you know, internally on how we're going to, you know, officially transition from one system to another. But we are also keeping those systems in a warm state, you know, as we move forward. I mean, there is still some some data that we can pull from there and things like that that that need to be accounted for. You're absolutely correct that, you know, while we are going through this swivel chair process between systems, you know, we do need to have certain functions and fixes, you know, resolved. Going forward, we do have teams that are working both sides of that, and we're continuing to do that. And we will continue to do that into the future. Thank you, sir. Any other questions for Mr. Fowler from this pack members. I'll hear from Mr. Matt Roach, the division chief of operations, industrial security for the defense counterintelligence and security agency. Also known as DC. Good morning. Thank you, Heather. And I want to take a moment to just introduce myself and offer my thanks and recognition to a few folks. So, first, I'd like to thank Keith Minard for his nearly 40 meetings that he supported and attended. And his, his guidance and leadership as, as I transition into this new role right now on the NISPAC alternate, but he's been kind enough to offer me up as to the director as permanent. But thank you, Keith. As always, outstanding work. Also want to welcome Ike, Ike and I, as so is some of my call, so are some of my colleagues in constant contact. And we will continue to do so. And I believe we can make a lot of progress going forward to continue the momentum that Heather sends built. I also want to thank Mr. Bill Lietzow, who's retired from the director position here at DCSA and 40 years of public service. Remarkable three years to include the, the COVID period. And we thank Mr. Lietzow for that service for his service. And then lastly, just make comment that the deputy director, deputy director, who is now our acting director has not missed the beat. He's kept us focused on our strategic plan and our top priorities and those top priorities. In this culture values, essentially the people aspect of our mission and of course integration. But you can see our strategic plan and read it in its entirety online if you're interested in that. But the director has made clear that we're sticking to the plan. So again, my name is Matthew Roche and I work in the industrial security element here at DCSA. You're going to hear from my counterparts already heard from Mike Fowler. Great job, Mike. And I'll keep my comments brief because a lot of information being put out. I'm going to make sure Mike Gray has enough time as well. So I'm going to talk about, first, to say thank you to Mr. Spinager for talking about ISL. I don't have to repeat that. Those comments, but everyone knows where we are with that. In terms of security reviews, we finished up last year with 3638. And I want to thank industry specifically for accommodating those security reviews and overall it's been a good year. Looking forward to 24, our expectation is to complete 3400 security reviews. And in addition to that, working on integrating NAISOC into the oversight process as well. And you'll be hearing more about that later. We do have an ongoing working group with NISPAC. We would like to thank them for their service related to our efforts to build a security rating score. We believe that by working collaboratively on this effort, we will be able to get more consistent results and overall raise the security posture of the National Injustice Security Program Defense Industrial Base. Secondly, in terms of products and I want to make clear again that this was one of Keith Miner's efforts. And this was the DCSA Industrial Security began October 1 sending out what we call the annual industrial industry, excuse me, check up tool to about a thousand facilities a month. And so the idea being that those facilities that were issued a facility clearance in that month would get a friendly reminder on the what we call the check up tool. So just like as you get notices to, you know, for your annual check up at the dentist or the doctor or for your car. The intention here is to focus in on reminding folks of the standards requirements related to the National Injustice Security Program. So we're in our, we'll be starting our third month here and we're looking at some really good feedback from industry on that and getting some good data. Secondly, contract or self inspections. This is another focus area that we internally are focusing in on to increase the number of certifications that are uploaded into this that validates that the company has completed their self inspection. We also consider this a focus area to allow for increased compliance, higher security posture over time. As I mentioned with the, the check up tool that will obviously be highlighted in there as well. Lastly, they continue to turn out some really quality and timely courses. Just want to highlight a couple of those. One is the CS100.cu and that's the risk management framework curriculum you'll hear from Dave Scott in a minute, but essentially this course was focused in on the revision to of the NIST 800-37. And it prepares, it prepares you to focus in on the preparatory process that you go through before you enter in the risk management framework. So good stuff there. We also have a SAP course and offset awareness for military members, DOD employees and contractors. And there's also a series of shorts on CUI. So kudos to CDSE. I encourage everyone to check those courses out on their website. So pending your questions. That is all I have for now. Hey Heather, this is Ike. Hey, again, Matt, the cadence that Keith Meyer provided in Heather's timeframe and the cadence that you're providing to sit down with industry NIST PAC wants and loves to just collaborate and go over some of these items have been very, very valuable, not only to our team but to industry. So thank you for you and your team and Keith and his team for putting that together so we can sit down and add out some things. And thank you for listening to us when it comes to the security review process. Right industry. It's been one of those talks every year about the security review and finally together collectively we're working together as a group to try to figure out and sit and fix and make this best for both sides of the ballpark here. So thank you very much for that. I couldn't let this meeting go without saying that collaboration is very, very helpful and we will continue to let the industry know as well right. We know it because we see it and we work it every day but it's up to us as well to continue to pass this information down the industry so they can hear it as well and we'll continue to do that. So thank you Matt. Thank you. You're welcome Mike and thank you and just for everyone's identification. When we went into COVID we started a regular cadence monthly cadence to talk to this pack. Industry and we decided it was so valuable that we would just keep that going so. So the first Thursday of every month we get together and provide each other updates. And I think that we can help each other on so thank you like for that. Appreciate it. Members with comments or questions in the portion of the meeting where we get reports from the NISPAC working groups. However, we will be not discussing all of the working groups at this time. We have provided slides with highlights of all of them. You have already heard from some CSAs and CSOs on the high level points of what was discussed during the clearance working group on September 6, 2023. We will also hear from DCSA for their security clearance and information system metrics along with metrics from DOE and NRC. We are now going to hear from Mr. Dave Scott, the NISP authorizing official for DCSA's information systems update. Dave? Thank you for that. So I'm on page two of the metrics that were provided for the NISSA working group. This is a national metric, so I'm not going to go through each and every one of these, but just want to kind of call out a few things. Our registered systems in EMAS stays steady at around 5,500. I want to give kudos to industry for continuing to work through decommissioning or when as systems are no longer contracts are required or expired. Continuing that step seven of the risk management framework to decommission. And those systems as appropriate that really helps us keep our database cleaned up and our accurate number of responsibilities within our portfolio. So thank you for that. The other thing that I'll kind of call out here, these metrics are FY23 is the authorizations process in FY23 is around 2,200. Historically, we've been closer to 2,900, 3,000. And that's in large part because of the packages are much better with an industry and we're able to get onsite at a more aggressive pace in the last year. And doing more full three year authorizations and reducing our conditional authorizations, which has been a goal of ours. So I think that's a great effort on both industry and DCSA reaching the goal of those three year authorizations and reducing a lot of the administrative paperwork that are as a result from the conditional ATOs. And then at the bottom there DCSA days for authorization decision. We have been averaging as you see the 49 there we average between 50 and 55 throughout the year. But as the data this report it was 49 DCSA days. So we're getting really good battle rhythm moving forward with our with our systems and our goal of reaching a decision within within 90 days. Our extensions workflows that's a tool in the toolbox of the regional authorization officials in large part working with industry for whatever reasons we the the the right and the ability to create an extension when appropriate. So next slide. Working off of a slide three is the trios metrics. This is where the contractor staff that are following the job aids that are published. And some metrics on the first step is we get when we get the packages in through Emass. This year this is a FY 23 numbers process about 6700 triage about 6700 packages and you can kind of see the breakout there for complete return for rework and no triage conducted. The no triage conducted is when a package is already passed that that phase and working directly with the ISSP we don't want to waste time that's something that's already been done. So we passed that triage and go straight to the ISSP when we're already working on a package. And the bottom left hand corner is the top issues for sent back for rework those have been pretty steady. And those are typically incomplete or or or are missing information from from the implementation plan or artifacts such as a DD 254 etc. A workflow is not initiated so pretty standard there in the bottom right hand quarter from the triage metrics. One thing that I'll call out is the average completion time you'll see kind of the from FY 21 through FY 23. We've gotten the triage team is got a turnaround time of three days. And there's a couple of reasons for that one the triage team is really starting to understand the RMF process and the expectations and they're getting very familiar with the system and what they're looking at. Two in large part because industry is providing a lot better products over the years. And so that is I think outstanding timeline there for that first step which makes and this makes our time conducting our assessment and our risk assessments from a plan review and an onsite review much faster turnaround time so contributing to that. The other thing that I've called out is the return for rework you see that's a little bit high than probably normal. It's a 31% and that's due in large part to emas releases that we put out there and then sometimes we change some information that it's required. So sometimes we would through those changes there's a little bit of an increase in return to rework but but no alarm there that's just that's that's kind of normal. And then I'll move on to the final slide there it's really just two two topics that are we've been tracking at a national level and close collaboration with the NISA working group. And I got a I should have started with kudos to Mr Sadler and then this a working group team. The collaboration over the last couple of years has just been outstanding and tremendous and some of the accomplishments that we've made. And I'll highlight a couple of things here is as I'll start with the NIST assessment authorization process job aids and templates. This this is the new name for the DAPM we renamed it to more closely aligned to what it really is. It's a job aid and a template. And through this we've we've re-indexed or we re-formatted the document to make it easily to identify exactly what a stakeholder would need if they need to a template on a hardware baseline or a software baseline. They can easily identify that and pull that out. The NIST connection process guide is within as an index and this as well. That's a much anticipated document that was already been pre coordinated with the NISA working group. So we the document has been sent over to the NISA working group and we're currently awaiting comments before we start our formal coordination through the process. So I really want to thank Mr Sadler and the team for taking the time. I know it's a I know it's a big lift, but we really appreciate you taking the time to kind of take a look at that and let us know your feedback. So look forward to that. And then in this cloud capabilities this past year we've past fiscal year we've had some great success. We've navigated some challenges and as you all know we've made some success and we've authorized a system within the isolated secret region. We've documented our success through a job aid that we coordinated with DISA and that is now available as of about a month ago within EMAS. So it's a high level document about a two page document that they can help point for industry stakeholders and government stakeholders. How to request and kind of the requirements to request a clear contractor isolated secret region environment for assessment authorization through DCSA with the cloud vendor that's authorized. So if there's any interest there, please take a look and give us any feedback that you have as well. But that's all I've got pending any questions from the group. Appreciate that Dave. We'll be here for Mr Mike Ray, the Deputy Assistant Director of Operations of Vetting Risk Operations with DCSA for their vetting statistics. Mike. All right, so good morning everybody. First off just want to kick it off just by saying I always appreciate the collaboration and partnership within this pack team. So really appreciate that as we walk through different things with in this and that kind of thing. So looking at the slide here. So we'll start off in the end to end timeliness for T5 initials. This is for FY23 Q4. 20 days for initiation, 134 days for investigation and 16 days for adjudication. So that end to end time is 170 days for T3 initials FY23 Q4. It's going to be 18 days for initiation, 62 days for investigation, 20 days for adjudication. That end to end timeline is 100 days. 90% of all initial investigations had an end termination made within seven to 10 days. If you look at the chart on the top left that shows the current adjudications inventory at 2400. And then the chart on the right shows the total investigation inventory for T5 is at 18500, T3 is at 18300. And you can see the breakdown of the total adjudication inventory T5 is at 400, the T3 is at 1500. For reciprocity, certainly appreciate the comment earlier today by Jane. The CAS continues to deliver the reciprocity decisions at an average of one calendar day. For industry conditionals, we coordinated between VROs and NISPAC and the DOD CAS and identified the process to issue conditional national security eligibility determinations. These conditional support mission readiness by removing a case from due process and using continuous vetting to monitor compliance and support risk mitigation. DOD CAS plans on beginning to issue the conditionals in Q1 FY24. The industry specific communication materials are currently being finalized. We did share that within this PAC team received some comments and just finalizing that. And as soon as that's completed, we'll distribute that out to industry and across the department once available. For the DOD CAS call center, so as part of identifying synergies between VRO and DOD CAS, the DOD CAS call center started answering inquiries from industry on PCL VRO statuses on October 1. The DOD CAS call center phone number is 301-833-3850. And then transition over to CV Alert Management. So post-CV enrollment alerts are generated on based on the savage thresholds which align with the federal investigative standards and adjudicated guidelines. CV is impactful as we average the 6% alert rate. Criminal and financial are the most common valid actionable alerts. Thus far in FY23, VRO received 28,000 industry alerts of which 13,500 or 48% were not previously known. And that's from 22,000 unique industry subjects. Just know that this information should have been self-reported. And as we know, our goal moving forward is to have individual self-report information as it occurs. And that's all I have for the group. And I'll pause here for questions. Can I get any questions for the VRO with DCSA from NISPAC members? I'm going to hear from Ms. Natasha Sumter, the Program Planning and Management Lead with the Office of Security Policy, Department of Energy. Please provide your attention. Thank you. Thank you, Heather. Good morning, NISPAC members and participants. As always, it's a pleasure to have this opportunity to provide the Department of Energy's policy updates and updates on our personnel security investigations process metrics and timelines. On behalf of Mr. Mark Honowski and Mr. Tracy Kendall, thank you for giving the Department of Energy the floor. The Office of Insider Threat Program just broke ground on rewriting DOE Order 470.5 entitled Insider Threat Program. Just two weeks ago, the Insider Threat Program formed an integrated project team working group that is reviewing the current order to identify focus areas and priorities. If all goes well, with this aggressive timeline, they anticipate publishing the new order before next fall. The Department continues making progress with rewriting DOE Order 470.4B entitled Safe Cards and Security Program. The directive is being superseded by two new orders, Safe Cards and Security Program Planning and Safe Cards and Security Program Management Operations. The matter of the two impacts industry most of all, that's where we have our facility clearance, FOCI, excuse me, and other NISP related activities outlined. Excuse me, I'm so sorry guys, I'm recovering from a sinus infection, so I had so a bit nasally. Continuing on, the two drafts are being developed via the integrated project team process as well, and both teams have developed and are reviewing their drafts and preparing to coordinate the drafts for departmental review. We will continue to provide updates via this forum as we meet milestones that impact the greater community. Now on to the slides. So, I'm providing this update on behalf of Tracy Kendall from the Office of Departmental Personnel Security. A special thanks goes out to DCSA for providing the metrics that I will discuss. Now on to slide 2. Overall DOE continues to meet the IRPA goals and average over the past four quarters with an average of 10 days for initiation and 17 days for adjudicating the investigations. On slide 3, DOE continues to exceed the average initiation and adjudicated goals for the year. And as you can see on slide 4, we met and exceeded the initiation and adjudication goals over the past year. On slide 5, over the past four quarters, DOE continues to meet average initiation and adjudication goals, but did have a few bumps in the road during the past winter. We expect the trends over the past, over the last five months of this year to continue. On slide 6, overall DOE continues to meet the IRPA goals on average over the last four quarters with an average of seven days for initiation and 10 days for adjudication. And as always, if our industry partners have any questions, please do not hesitate to reach out and we are ready to assist. Thank you for this opportunity and I can see the floor back to Heather. All right. Thank you. Are there any questions for Department of Energy? All right, Mr. Chris Highlead, Chief Personnel Security Branch with NRC. Please provide your update. Good morning everybody. This is Chris Highlead from the NRC. I really don't have any or the NRC doesn't have any updates this time around. I wasn't going to go slide by slide, but if you take a look overall, we're meeting our adjudication timeliness numbers. And I'm happy to report that our personal security office is now fully back filled with FTEs. So we fully anticipate to continue hitting those targets, if not improving on those numbers. We are fully compliant with the Trusted Workforce Initiative and ramping up enrollment of the non-sensitive population. That's really all I have for you this time around, but I'm happy to entertain any questions. Chris, any questions from the NRC? Now we will hear from Mr. Perry Russell-Hunter, the Director of the Defense Office of Hearing and Appeals, also known as DOHA. Thank you, Heather. This is Perry Russell-Hunter. And I can promise that my update will be brief because it is all good news. The established administrative process for industry clearance eligibility continues to perform as designed. And this is for not just DOD industry contractors, but for the industry contractors for 32 other federal departments and agencies. Currently in legal review, we have 322 statements of reasons. That is a normal workload. And so what that means is that we are current in terms of the legal reviews of the statement of reasons, which is the notice documented is how the DOD CAS and DOHA inform the individual of the security concerns. And so it's very important that those get out timely and we are timely on all of those. We completed 2,164 legal reviews of statements of reasons in fiscal year 2023. Again, that is a normal amount. What this tells us is that while CECV is allowing us in the government to get to the adverse cases faster. In the past, I've used the analogy of finding the needles in the haystack faster. We may have made the haystack slightly bigger with CECV, but we're also finding the needles faster. And that at least based on the numbers we're seeing, that isn't creating a significantly larger number of denials or revocations. We're just getting to them faster. As Mike noted on behalf of the CAS, the commencing the use of conditionals, conditional grants of eligibility by the CAS is something that we at DOHA fully support. And we've spoken about this at past NISPACs because this will not only reduce risk and improve enhanced national security. It will also enhance readiness by enabling people to get to work or stay at work where the issue bears monitoring and CECV allow for that. But we can we can let the person continue to work. So the move to conditional eligibility for industry is a great improvement by the CAS. And we applaud the CAS for stepping into that realm. It's one of the reasons why I continue to predict that the number of denials or revocations we see should remain fairly constant. But speaking of getting to adverse cases faster, DOHA is leveraging MS teams to conduct more hearings by remote video. In fact, for the first time ever, DOHA is now holding more hearings over teams than in person. But DOHA's independent administrative judges are still able to convene in person hearings whenever and wherever we need to in fairness to the individual or where the case calls for it. Generally, that is with multiple or more complex witness testimony or more complex issues or where credibility is a central issue. To the extent that DOHA's independent AJ's are in the spotlight, probably the biggest news for them is that all of DOHA's administrative judges and field board members have now been appointed as constitutional officers by Secretary of Defense Lloyd Austin. This is the result of a series of Supreme Court cases in which the Supreme Court determined that making these kinds of independent decisions, particularly after fact finding hearings require constitutional appointment. And so DOHA has done that. Secretary Austin has appointed each of our administrative judges and the field board members. And again, this is to enhance their independence and accountability. With that said, I now yield the rest of my time back for any questions. All right. Thanks, Perry. It sounds like we don't have any questions. We are now at the point of the meeting where we ask for NISPAC members to present any new business they have. Anybody? Heather, this is Greg Sather. It's not new business. I just wanted to loop back to the NISSA working group content from Dave Scott. I was fighting the mute button and failed. All the points that Dave mentioned regarding the cloud capability and the engagement with industry are spot on and we appreciate that some of the bumps that the team experienced during a pilot are being worked through and to smooth out that process and take the continued feedback on how to make the replication of the cloud solutions easier for both industry and the government. The DAPM replacement, we expect to have content or comments back to Dave and his team by the end of the month. That's our goal to provide that feedback. We do one item that's already on the surface has come up with a better name. The DAPM flow very easily. This one is a bit of a full mouth to get out. And then the one item that Dave's team is already working on and we hope that the DAPM replacement and updates will further contribute to is consistency across the field. Both at the AO level is greatly improving but down at the individual ISSP level, Dave and his team have taken initiative to try to drive more consistency there. It's definitely needed as the field deals with multiple locations within a single company and conflicting guidance. But again, Dave's team has demonstrated ownership in that and they're working with us and we're providing that feedback in where possible. Thanks guys. Any other next. Sorry, go ahead. No, thank you. Thanks. Do any other numbers have any questions or remarks before we close out the meeting? All right. In the interest of time, we're not going to take any more participant questions, but please ensure that questions and comments were sent via WebEx's chat feature or e-mail to mispack at nara.gov so that they can be answered. As a reminder, all mispack meeting announcements are posted in the federal register approximately 30 days before the meeting, along with it being posted to the ISOO overview blog. Our next mispack is scheduled for May 1st, 2024. Meeting adjourned. Thank you everybody for your time. Bye-bye.