 Welcome, and thank you for joining today's National Industrial Security Program Policy Advisory Committee Meeting, also known as the NISPAC. To receive all pertinent information about upcoming NISPAC meetings, please subscribe to the Information Security Oversight Office's overview blog at iso-overview.blogs.archives.gov or go to the Federal Register. All available meeting materials, including today's agenda, slides, and biographies for NISPAC members and speakers, have been posted to the ISOO website at www.archives.gov. slash iso-oversite-groups slash NISPAC slash committee.html and have also been emailed to all registrants. Please note not all NISPAC members and speakers have biographies or slides. For those joining us online, while connecting by phone is necessary to attend today's meeting, there is no requirement to log on to WebEx. However, you're welcome to join with the link provided with your registration, as all available materials will be shared during the meeting on that platform. If you have connected through WebEx, please ensure you have opened the participant and chat panels by using the associated icons located at the bottom of your screen. If you require technical assistance, please send a private chat message to the event producer. Please note all audio connections will be muted for the duration of the meeting, with the exception of NISPAC members, speakers, and ISOO. We are expecting a fairly large audience today, both in person and virtually. Because of this, we will not be taking questions from the public. Please email your questions and comments to nispacatnara.gov and someone will answer your questions there. Only ISOO and NISPAC members will be authorized to ask questions throughout the meeting. This is a public meeting. Like previous NISPAC meetings, this will be recorded. This recording, along with the transcript and minutes, will be available within 90 days on the NISPAC reports on Committee Activities webpage mentioned earlier. At the conclusion, a survey will be provided for feedback. If you would like to be contacted regarding your survey responses, please include your email in the comments block so the NISPAC team can get back to you personally. Let me now turn things over to Mr. Mark Bradley, the Director of ISOO, as well as the Chairman of the NISPAC. Thank you so much, Madam Producer. Welcome, everybody. I hope you're having a nice time in New Orleans. I had hoped to be retired this time around, when the date came around again for the NISPAC. I was told by HR you can retire either at the beginning of the month or the end of the month. Our annual report just came out today, so it will be the end of the month. June 30th will be my last day in the government. So anyway, I decided it was best to stay here and work on that and get that out. But you're in very capable hands with Harris, Heather Pagone, and my staff. I'm going to turn it over to you, Heather, and have you run today's meeting. We had some technical challenges last time. We did this when you all were down at your conference, so I thought it was best just to try to keep this as smooth and as clean as possible. So without further ado, Heather, if you would please take over. I would appreciate it. Thank you. Thank you, sir. Good afternoon, everybody. We've been scheduled for three hours, but I expect it to be finished. And you can have them over your time back. In the future of ICIP, and Chairman of the NISPAC, Bradley, will retire before this meeting. However, he has put his retirement to the end of this month. As he stated, he does not expect to have too much during public meetings, but will be on the call if needed. I am now going to turn it over to Mr. Robert Trangalli, the ultimate designated federal officer for the NISPAC person administrative action. Robert? Thank you, Heather. I will now begin attendance for the government members. I will state the name of the agency, then the agency member will reply by identifying themselves. Once I've gone through the government members, I will then move over to the industry members. After the industry members, I will then proceed to the speakers. Odeon, I? Hello, Robert. It's Valerie Curbin, primary, and Lisa Perez is alternate. Thank you. DOD? Good afternoon, Robert. This is Jeff Spinninger. Hi, Jeff. DOD? Good afternoon, Robert. Mark Hanofsky is on his primary. Tracy Kindle is secondary. Very good. Thank you. NRC? Good afternoon, Robert. Dennis Brady is primary. Chris Highlick is alternate. Thank you. DHS? Good afternoon. This is Robert McRae here. Perfect. Thank you. DCSA? Good afternoon. Keith Minard? Thank you. Good afternoon, Mike. Great. CIA? Great. Great. Great. Great. Great. Great. Great. Great. Great. Great. Great. CIA? Good afternoon. This is Kelly Patrick. Thank you. Commerce? Good afternoon. This is Steve Barbieri. Hi, Steve. DOJ? Good afternoon. This is Tanya Fields. And my ultimate is Kathleen Berry. Thank you. NASA? Did you call in earlier? Good afternoon. Jennifer Aquinas here along with Annie Bacchus. Thank you. Navy? Good afternoon, Robert. Christopher Crystal. The primary Robin Nicholson. Great. Thank you. Army? Army is not here, Robert. Thank you. Okay. Now I'm going to turn to the industry members. Heather Sims? April Abbott? April Abbott present. Great. Thank you. Derek Jones? Derek Jones present. Great. Tracy Durkin? Tracy Durkin present. Thank you. Greg Stabler? Greg Stabler present. Thank you. Dave Tender? Ike Rivers? Rivers present. Thank you. Jane Dinkle? Jane Dinkle present. Thank you. Now we'll do a roll call for the speakers. Mark Bradley? Here, Robert. Thank you, Mark. Jen? Thank you. Mike Gray? Mike Gray present. Thank you. Tracy Kindle? Thank you. Chris Highleague? Present. Perry Russell Hunter? Perry Russell Hunter present. Thank you. If anyone else is speaking during the NISPAC that we've not heard from or we don't know about, please speak now. Okay, thank you. Robert Mark Gnowski will be speaking also for DOE. Okay, very good. Okay, we request that everyone identify themselves by name and agency if applicable before speaking each time for the record. I want to provide everyone with our agency's COVID update. Most of the ISIS staff is still teleworking. Hopefully the next NISPAC will be in person at the National Archives in Washington, D.C. I want to remind the government membership of the requirement to annually file a financial disclosure report with the National Archives and Record Administration, the Office of General Counsel. Before a government member may serve on the NISPAC and annually thereafter, this must be done. The same form for financial disclosure that is used throughout the federal government, OGE form 450 satisfies the reporting document. Additionally, we have had several changes to the NISPAC membership. As a reminder in accordance with the NISPAC bylaws, a letter signed by the agency head of the senior agency official for the NISP is required for participation. As mentioned earlier, Mark Bradley will be retiring later this month. CIMA alternates John and Michelle have been replaced by Jennifer and Kelly. The Department of Justice primary member Christine Gunning has been replaced by Tonya Fields. Brad Weatherby, the National Security Agency primary member has been replaced by Matthew Armstrong. Kyla Powell has been replaced as the alternate for OD&I by Lisa Perez. Steve James, the primary with the Navy has been replaced by Mr. Christopher Chrislip. Emily Helstaske, who is the alternate for the Army, has departed. State Department members Kim Bauer and Matthew Hawke have both retired, but a new member for state has not yet been designated in writing. Valerie Curbin is on her last NISPAC public meeting as well and is due to retire at the end of July. Heather Sims and April Abbott are representing NISPAC industry for their last public meeting before being replaced at the next meeting. For those departed members, thank you all for your contribution over the years. We look forward to continuing the work you have done with the new representatives. I will now turn it over to Heather Harris for going to address the items of interest from the November 2, 2022 NISPAC public meeting. Thank you, sir. The NISPAC minutes from the last meeting were certified to be true and correct, and were finalized by me on January 30, 2023, and were posted to IASU website next day. Since the last NISPAC, we need to need to work IASU's notice discussing the Small Business Administration Regulations, timing their mentor pro-J programs during the fall of 2020. The SVA rule appears to limit the requirement for a joint venture to have an entity eligibility determination, or EED, all known as a facility clearance, or FCL. In all cases, if entities making up a joint venture already have the EEDs themselves. However, the interpretation of the regulations in this language is not what the regulation tends, it would contradict NISP requirements. In coordination with SVA, we will be issuing an IASU notice to clarify the joint venture EED requirements. Additionally, we continue to have discussions for NISPAC collection, but the government's security agencies and offices, also known as CSAs and FIAOs. The collection is required by executive order. The costs that will be collected will include information on its implementation costs incurred by entities under security cognizance. Once finalized, we will advise the NISPAC chair on the way to the board, collected in the status for history's implementation of the NISP. The final item of interest we'll ask the NISPAC meeting is that industry was going to start meeting with DCSA about concerns for how long it takes for the community to get cleared. DCSA did a 90-day internal study and makes some process improvement, however, for industries still concerned with process transparency and return rates. I also have some other updates to provide. IASU has been going through many changes with leadership. We've just got a new archivist on board a few weeks ago. We also recently got new program analysts that have been hired. As you know, our director is retiring at the end of this month. IASU is planning on hiring a deputy director, and once they are hired, they will be kind of acting director. Any NISPAC members have any questions? All right, fantastic. Heather Sims, the NISPAC industry spokesperson will provide industry update. Thanks, everybody, and as you've heard, this is the last public NISP meeting. It's a pleasure to serve the cleared industry population for the past four years. I am ready for the vacation. And I'd like to thank April, who's also coming off the missionary, all the other industry NISPAC members, past and present, and all the industry members that support us through your input and then also issues, campaigns, what's going well, where it's only open to any and all of your suggestions. I do want to give a personal thank to IASU. IASU Director Mark Bradley, thank you for your support over the past four years. Good luck with your retirement. And to Heather Harris for all your support for industry, as well as all of the entire NISPAC. So we thank you for that. We are in the middle of our election process, where we'll be elected two new members to get on for industry. I encourage you, if you would like to present all of the industry, that's not just those represented by the D&E under the D Congress. It's all five debates. So I encourage you to get on, expand aperture of understanding of the NISP, but also expand knowledge of how it works within the government to make good positive change on behalf of National Security. I will say that the election is two people out of the over a million cleared canals. It's very tight rates. So if you don't get on at the time, don't discourage and keep on to work through that. You get with one of the elected industry NISPAC members if you're interested in participating or would like to be nominated through that process. So I came up with a few strategic topics up there. I'm strategic because while we would love to tackle every single industry issue, we can only do that at strategic level. There's only so much time. We're volunteers. So we did put it in buckets. We put and we're having the elections, but also the next was partnership, because it all started partnership. And we tend to think of partnership only, you know, with DCSA, DOD, but in partnership with all of the federal government with your contracting officers and of course, but also with an industry itself, partnering with other companies for the benefits of protecting national security. But auto mentoring and CMS does a five-advance job with the maturity program of getting that next generation of security professionals to understand the importance of the national security program. But with partnership, you know, I can't ever miss if I didn't say and at least acknowledge the great partnership we have, you know, done over the past couple years and to my right, Ms. Keith Menard is also going to be coming off the NISAC after I believe he told me 16 years of attendance, 16 sessions of attending the public meeting. Without his partnership, we wouldn't be where we are today, so it's been a pleasure to work with you, Keith, on the NISAC. He rose, he was also DCSA, he's been a true partner with CSA and actually not just listening, but hearing industry's concerns are. I'm working with him to help get that half forward. We might not always like the answer because we are the government, but at least we can understand the place that we have here in the industry. I'd also like to thank CDSC for all the great products, trainings, and educational rotors that they provide to industry. They go above and beyond each year providing valuable information insight into what can do with the NIS. And then also, Michael Ray, who's up here with me, tremendous job, he and Heather Green have really taken a personal security investigation, adjudication mission, and now continuing his vetting to next level. And they didn't do that within a period when they worked with industry to actively see where we are today. And I'm going to leave it open to my other NISAC members if you'd like to acknowledge somebody publicly for great partnership. Heather, I just want to extend a thank you and a continued partnership with Scott and his team. Not only me, but the regional layovers have modeled that partnership for years. We've moved beyond, you know, issues about issues with EMAS and to allow us to tackle cloud and other complex projects and efforts within the government to returning investments. So thank you. Oh, sorry about that. Also, I grew up in the industry and I also wanted to give a big special thanks to Booker Bland from the DCSA, from the DCSA CUI perspective. The transparency there had a phenomenal on Booker so as far as reaching out and going face-to-face to the different industry companies to ensure that the transparency is there when it comes to the DCSA CUI. So I just want to say thank you, Booker Bland. I'd like to say thank you to Matt and he's recently started the industry tour if he's working with the other organizations, his week, NISAC, PEPC and many other good examples. We had a meeting last week and I mentioned training reciprocity because I talked about it before and I said I have the best white paper that I owe. And after the call, he immediately gave Cassie Pearson a tasking of a paper on it. So I appreciate his collaboration thinking outside the box. From the NISAC working group, we've been working hard with the DCSA onboarding teams. It's an honorable part with the industry team and the industry team itself who worked hard three more times a week to get in where it is now today. Thank you. Thank you all for the industry NISAC. I'd also like to just really acknowledge the demonstration of the partnership of DCSA with the NISAC. I know recently that DCSA has commutated to industry transition from the DSS 1.7 to DCSA 1.47 which is really quite an undertaking. And speaking with the PSA they have agreed to take needs on that transition and to work with the NISAC to develop a plan to move forward with that. So I think that's a great example of listening to the NISAC to develop a plan. Thank you. And I know many of you in the audience and on the phone it's not all suns and rainbows and we're not trying to portray that. We do want to acknowledge that with the partnerships it does drive good behavior. We want to become more proactive partners in the national security and not an afterthought. But my next topic is really goes to the root of where it's in a new requirement. It often results unsundained but we do have to understand that the costs of doing business we sign up for the contract and so once they drive the behavior I say let's hold ourselves accountable with industry members to make sure security professionals were involved in the contracting process and we're looking at actually in the contract before a company is signed up that sometimes that's an afterthought and so that happens when you're on week 2 so there is a cost of doing business but we should be able to be foundational in those security processes the first part. The other thing with the audience here for industry members is driving the new invite model and ratings so we understand that's a big issue with industry at the moment. We are hearing lots of concerns coming in from those medium or industry companies but it is an impact to all the companies that are out there. We are capturing that information passing it over to DCA and I'll take a look at how we more proactively work with DCSA on that. The rating structure and the assessment process is aligned in 32 CFR so it is policy. So considering that this is the NISPAC and we are fundamentally there to view policy we would like to put a motion out to potentially look at the 32 CFR to make potential changes to that oversight and rating process or the CCSA. Now the part of that is keeping entry informed we have a due diligence with an industry to make sure we're keeping ourselves informed changes happening every day not only with an emerging threat but also with things that are happening in policy and how we implement that policy so making sure that we're keeping each other informed. Taking the DCSA website on a rearing basis I'm surprised often how many people don't even know that inpatient is out there's been out there for years but just staying informed with legislation making sure you're reading the 32 CFR part 117 but also for our government understanding that we know that you are hindered sometimes because of policy that you can't share all the information hopefully we can get to a point where we are sharing information from government to government to industry industry industry so I'm putting that and I do know that we have in one of the MOU groups worked on some papers to increase the information sharing that is so important but for industry listening make sure that you're doing part of keeping yourself informed and also understanding policy and if something doesn't make sense or if you're getting good interpretation please don't be afraid to reach out to one of the Injured NISPAC members so we can collect it to see if it's a trend or if it's a one-off maybe we need some additional guidance to the policy or if we need to work on changing that policy if you already mentioned med-ins and such a workforce 2.0 this has definitely been a reform many many years of making and something that we need to do and so we are very happy that med-ins work proactively with history and our involvement and understanding what those impacts are in the industry that we may have when the trustable workforce 2.0 is rolled out completely so thank you Madine for that and look forward to many many more years and we can improve to that later for years to come more than likely I will be entirely completed before we see how the benefits of that but we look forward to it when it comes to safeguarding there's been a lot of changes and we have gifts additional requirements you've noticed that there's a couple of changes some letters that came out we are working with a little bit more within this past working group when it comes to safeguarding the same big mention and there's a great partnership working with DCSA taking it until we can figure out what is the best way to move forward and that's an example of driving behaviors some companies have up for some areas that have to reaccomplish the paperwork so there is a requirement when it comes to the time commitments changing those we do thank DCSA for working with the industry understanding that impact there but we're also looking for OD&I on the tennis front understanding what that threat is that's driving this change we look forward to the contact with OD&I and the patient sharing from the industry this past you want to say something more? No Heather, this is Greg Stavard the push for improved infrastructure facilities is a great direction but understanding the cost structure and how the industry is able to adapt to that is something we need to improve on and work forward Thank you for that I have a pair of CUICMMC I think it's a favorite for everybody but at this point now where we understand that we are losing sensitive information to our adversaries and we do have to protect information what we ask for from our government partners and thank you for your partnership there on hearing issues concerned because the industry is unique in that they have many many contracts some up to 10 to 20,000 contracts and companies and when you have 10 to 20,000 varying degrees of UI guidance so understanding what are the requirements how industry is rolling that on and what is the true intent of the policy so we look forward to working with all 5 ESA in the future to better understand why but I would also like to graduate with the industry because actually we have them with UI programs far exceeding our government partners that are out there in your programs in place so we do commend you for putting those processes and teachers in place and lastly I have up to GSA topics and just to be mindful especially since this is our first public person meeting in many years to remind industry that there are 5 CSAs on DOD being one of the DCSA works on behalf of DOD and to remember that when you're dealing with your industrial security rep we always ask that you work with your rep for New York with your Frodoff Chief your Reno director and I was up the chain but there are other avenues when you have issues that you can resolve there and as we collect trends from across the country we're looking for trends not just one off but we're looking for trends that we can work at the level that we can effect the change at the national level strategically and so why I like to say we have lots of debates we do we are working many many issues into vetting and that includes both guy vetting as well as SL timeline DCSA in a 90 day study we saw some of the results but there are still some improvements that need to be done along the way so through the clear working groups on this we are working with DCSA when someone's improvements and I know my colleague to my right on the talk a little bit about entity vetting but as one area if it has affected you yet it may affect you in the very future when it comes to your supply getting companies carried not as quickly as possible but understanding that we have to get them clear and making sure they understand the current process and so I'll look to my other colleagues in the back if there's any other DCSA topics I agree with the industry is that not a DCSA topic but a thank you to you for the last four years because you have been a phenomenal spokesperson for the industry not only from the side on from the government but you're very well respected we just want to say thank you for your leadership your dedication, your loyalty your integrity and your honesty and we know although you won't be harder for this you will still be hard on this so thank you very much for all it has done for the industry and the government so thank you it's been a pleasure treating the industry I just want to deal with what he said because and I we sit up here and we thank everybody Heather has been totally committed for the last four years and she has spoken the voice of the industry and you've done it at home so thank you Thank you Heather as you know you will be missed beyond measure by probably everyone at the table so thank you for everything Mr. Speninger the director for critical technology protection for the office of the Under Secretary of Defense for Intelligence and Security will give the update on behalf of the Department of Defense as the NISP Executive Agent Jeff Thank you very much good afternoon from the window list basically with the Pentagon first I'd like to start off by it seems like we're having to do this with some routine but it's kind of the nature of things and maybe the nature of the NISPAC but to Mark Bradley and on your last NISPAC regardless of the reasons why that you have been extended for this one I'm glad for it I think it's an important opportunity to thank you for your many years of service to the NISPAC I think if you had a picture dictionary definition of what a thankless job might be yours might be a leading candidate not a lot of folks think about ISOO unless there's a calamity of one type or another and you've always been a gentleman you weather those things effortlessly and we're all the better for it so I thank you very very much on behalf of the department along the same lines as we start to line up and see all the folks that are leaving Heather was mentioned in April and many others Keith is getting roll off after 937 NISPACs we're book ending here a lot of this kind of began with the departure of Valerie Heil almost two years ago two plus years ago as this was announced Valerie Kerbin's I can't help but think of the amount of experience that is reflected there in the NISPAC and it reminds me though that if we were to go back into the history a little bit we will have seen periods where similar things have occurred I can think of some of the folks that I think of as mentors when I was coming up in this world a little bit and the reliance that they had then on NISPAC and that we all need to have now because future experts and collaborators both within government across government and then certainly out in industry the folk room that we all can pivot on and operate through is this body I don't know that we say that enough I think we've in this quasi virtual setup that we're at our understanding is about 150 or so folks in person that's fantastic I'm sad that I'm not there and honestly not just because it's in New Orleans which is a wonderful city but just because it's the formal aspects of these things and it's what happens in the lead up during the break and subsequent those are important discussions they're important opportunities for folks who don't get to spend a lot of time together to talk about weighty issues that Heather laid out and frankly I'll probably touch on a little bit when I get into my formal remarks but that is the importance of this forum that is the importance of ISOO as the great facilitator of it but it's also incumbent on all of us those who are rolling off as you start to look and identify people who are going to fill your shoes and carry this forward because those processes the deliberate nature of this this body that puts accountability into what we do Heather again said it right this isn't a mutual admiration society and it's not a place where we can achieve Nirvana where we all agree about everything all the time I think we agree about the big things as it relates to the safeguarding of classified information all of the time the details and the timing of things across the complexities of the government any one agency or certainly the sum of all of them and then of course the same is equally true and in some ways even more complicated across the vastness of the industrial base that we rely so heavily on to both build capability and also to protect that information that you all sign up to safeguard so anyway with that again that to me is a two for I hope that the folks that are out there in the audience who are vying for those slots that are coming open within industry and then as the transitions begin some for whom they've been identified as replacements across government but I hope we can continue to measure up to the outstanding example and again Mark that will really frankly begins with you so thank you very much moving into the meat of some of the topics that we wanted to discuss right we've tried to continue to be a bit of a steady drum as it relates to a number of topics you know of what we think of importance relevance to the NIST and relevance to where the department as it continues its implementation of the national defense strategy will and will does and will continue to rely very heavily one of those as it relates to is cloud right so to the folks at DCSA and others who participated a recent pilot effort that concluded that we there is a pathway to cloud authorization where the NIST is concerned you know regulatory policy is not not easy we try to write it at a simple level but we may all not have the same working definition of simple but nonetheless through a lot of a joint cooperation we have a sense of what it looks like you know as DCSA and DISA on the government side and certainly across kind of the complicated landscape of what government requirements need to look like we are identifying other challenge areas but we are moving forward and I'm really pleased with that we would not have been able to do that if not for some willing participants within industry who took on some risk in all the ways in which you all define it to patiently work with us to get to this point so again kind of with a nod to the NIST PAC being able to talk about these things from where everything is on the record you know put some accountability to help us move forward you know we also gives us the opportunity to reflect a little bit once we get to a place where we have some achievement understand how we got here how long it took what can we do to continue to iterate the process make refinements and improvements including when necessary you know revisions the policy more about you know consideration how we apply that and so with that right now that's where we find ourselves today much of what we are our aim points right now really to help with our acquisition partners to understand some of the implementing DFAR clauses that really enable but also maybe create some I'm going to use the word confusion even though that might not be that might be too strong a word but it is a Monday so why not you know examine the extent to which clauses that were written several years ago you know some of the vagaries which are intended to allow for flexibility you know across the complex landscape of contracts you know might actually be one of the impediments to allowing us to move forward more quickly and so that's a little bit of work with our acquisition partners position partners but while we continue to work with them we have you know proposed some guidance and of course testament to DCSA and especially to keep minor we kind of dream up a problem and he comes up with 13 different solutions to it which he's already done and I'm sure when he speaks he'll be the last person to take all the credit but I'm going to pass it his way because it's Monday and I've got the mic but you know in the near term we can see issuing some guidance that would allow for some specificity on 254s that would help to overcome some of those vagaries that exist on the DFAR clauses that put this together that is a bit of a complex word salad to say so we're trying to simplify that when it comes to actual writing things on a 254 it does become a bit of a nod to another of a DCSA initiative that's been several years in play I want to continue to give credit for and that's the work that they've done to automate to bring technology to bear where 254s are concerned and in this contract classification system I think Keith's going to speak to that a little bit more but bringing these two things together will help us and help us to be more observant in the oversight layer as those who said about to execute system requirements look to turn the crank with greater frequency where cloud is concerned so we're excited about what that looks like we're keen to see it go into practice but mostly I want to say hang in there with us we are making a lot of progress I know the appetites will continue to grow we want to manage that where we can and continue to see progress so I'll continue to beat this drum and as far in the future as we can until we think that we're kind of running in more of a deliberate and normal order of business for cloud so along the same lines and so a nice thing about following Heather is that she lays out most of the topics that I intended to discuss anyway which is super helpful and so one on the DIVS cybersecurity front which there's four letters that I'm not going to say that she did say where DIVS cybersecurity is concerned but I will say those three magic letters and that's C-Y and essentially what you may be tracking I hope you're aware but the DIVS cybersecurity federal rule that requires DOD contractors to report cyber incidents involving cover defense information is up for some revision the rule was recently updated in May and expanded to include contractors who handle C-Y to participate in the voluntary program to share cyber threat information and best practices with DIVS participants it's also traditionally the DIVS C-S program has been oriented exclusively around and focused on clear defense contractors one of the major proposed changes is to expand that to the broader defense industrial base many of whom in their support to the department that support comes as part of supply chains for clear contractors it's one of those things where writing that down isn't all that difficult but as we start to think about what it might look like in implementation it's definitely something we look forward to hearing from industry on and that will help to anticipate what the sense of scale that the government may anticipate both as a function of supporting the program receiving from it and feeding to it so if you haven't done so already I think the comment period I think it's in its nascent stages I live to provide homework assignments for Stacey Bostanik many of whom you know so we can figure out ways for you to be in contact with she and her team and she's been out there kind of beating the drum on this for a while so please by all means take a moment to take a look at it and we'll welcome your perspective along that same lines that implementing the driving premium on the DibCS program looking at non-federal systems unclassified systems systems that process unclassified information of course one of the driving you know aim points that we have are as it relates to those three little letters controlled unclassified information and so again just a little light reading for those of you who are sitting down on you know listening to jazz music and eating delicious food listening to you to the DOD IG website who last Friday published their findings related to an evaluation of the DOD controlled unclassified information program both where we are and where we're headed I would have mentioned it regardless because that's kind of the nature of this accountability isn't just about good news it's about all news but in this particular case the findings are generally complementary of the department's program where we are today and what we call our limited implementation of the federal rule those of you who have not read the federal rule you should prove this quite complex and quite sweeping in its aim points and objectives again with a nod to Mark Bradley back when the department put its program into issuance and ultimately got it signed out a little over three years ago now we would not have been able to do so without the support of Mark Bradley to accept the way in which the department moved into its present implementation and that's no small thing and we're pretty pleased with it the work goes a little like this the department's policy is established and up and running it should be running a bit more efficiently so there's some homework that's assigned to at a department level that my office is responsible for we accepted all of those comments and have provided a poem for how we continue to move forward mindful of the fact that of course we're anticipating some direction to come out of the NSE initiative that is still ongoing on the subject but also a little bit of a line up to as we get a little deeper into the department where we need additional guidance from individual components at a component level again one of those places where it's not hard to write it's a little bit challenging to think about again with a nod to something that Heather said where there are many, many programs out there in industry that can maybe point to themselves as having best practices I think that's true one thing that we can definitely anticipate needing from industry as additional guidance comes out from stakeholders large stakeholders the military departments getting down into smaller stakeholders all of those roads or at least many of those roads lead to industry and so we will look for to hear from you all to make sure that we have as much consistency as we can muster as those programs continue to mature that is again another nod to this forum not just an industrial security program but I think it becomes a good venue for input to ISU in its broader responsibilities let's see since the last time we met we went through and have gotten out and now issued the Department of Defense Instruction for the national industrial security program so high degree of redundancy between what's in the DOD instruction now and of course what's in the NISPOM which alignment right so this was an update that we wanted to make sure there was alignment that's not that easy to do but the policy contains a couple of very important provisions that I think are worth your time this afternoon the first of which is a nod back to what I mentioned earlier which is the requirement for government contracting activities to use the NISP contract classification system NCCS that DCSA has worked so diligently one to advocate for it to become a rule and then two to build and actually now field what folks who are a little bit closer to the practitioner layers say is a very functioning system it's looking forward to having some data put into it so we're happy to see that in the instruction creates again that uniform requirement that will continue to be observant of here as the components and defense agencies begin the implementation process and then the second again with particular nod to industry was a pretty important delegation of authority so for the issuances of industrial security letters for those who may be familiar the longstanding practice up until a month ago was that when an ISL needed to be published the process was a pretty long arduous one that kind of makes its way up here into OSB bounces around informally within the NISPAC and then eventually lands on the desk of the under secretary to sign and we're usually able to get that done in about a six year time period thank you for the laughing in the background it's actually a little bit faster than that but definitely not as fast as it needs to be and so now that we stick here with a federal rule where the NISPAC is concerned we have the opportunity to kind of nod to that formality meaning that when we want to issue guidance related to a federal rule of course there's a touch and go that has to be done with the folks who oversee that on behalf of the government at OMB if we were going to do that at the same time that we do the process that I just previously described and that six year thing would become a whole lot more accurate than the joke that I intended a moment ago and so we're happy for a measure of agility there'll still be the need to have some review DCSA is an awfully transparent organization as the way it addresses its responsibility for the NISP so I think we can all you know have some confidence that industrial secure letters which are important that they'll flow with a little bit more efficiency than they had in the past and so that's really a nod to Allison and Laura here on my team either to shepherd that through if any of you have ever been to the dentist and they ran out of Novacaine then you'll know a little bit about what policy issuance is like in the Department of Defense and so to get something like that out was no small feat so I got to keep good on them so let's see that's the last yeah well so I basically combined the last of my two together there with the dodie and the ISL process and so other than that again thank you very much for the time and the opportunity and to those in the attendance today I hope you'll ask a lot of tough questions at Keith Minard that concludes my remarks thank you Jeff we'll now hear from Keith Minard the Senior Policy Advisor with the Industrial Security Directorate of the Defense Counterintelligence and Security Agency if you prepare the copy Jeff Spinach your email address phone number and cell so thanks Keith Minard DCSA so I'll be providing the date we do have a speaker coming in fact just walk in the door for him so sometimes travel arrangements a little bit of time but it looks like we have that on the spot also I'd like to open a few things as it's NCMS make sure there's a lot of DCSA staff here providing sessions they're providing NOAA reviews they're supporting the help desk please get advantage of them are here they're here to help you and support questions that you have things you need to do this week also the Congress will start a little bit as late Mark Bradley for time as the Chair of the NISPAC it's a very important role and it's a very hard role to bring this to the Federal Executive Branch and to address key policy issues related to NISP and I really got to thank Heather Sims for the partnership along the way as the spokesperson as well as the rest of the NISPAC members that are leaving I will go back to in 2015 at NCMS we had a NISPAC and that was the month after NISPAM just came to not for insect threats Heather and myself we had a session one day in a small room they moved us to the all room and I think we couldn't CMS out for the insect threat session so we go back a ways and we've been through a lot of these bringing things together than this and we appreciate your time and your service to the NISPAC there is a lot of differences we usually talk about key industry issues and things like that but Heather and I have talked about this a little while and I thought it might be a point to talk about this today if the NISPAC is this pump and your requirements they're not DCSA requirements they're contract requirements established by a FAR clause now one thing that normally the NISPAC will do is really recognize DCSA and what they do I really wanted to do that today because it's a wide range of tools, resources and capabilities to help industry meet their contract requirements when it comes to NISP so I just want to say it's a partnership out there it builds upon that and I think it's an important thing to acknowledge between the oversight of the tools, resources CDSE really because NISPAC is really a technical specification it's part of your statement of work and I think that the agency as a whole provides a lot of things for industry to be successful in implementing these programs I'm going to start with facility clearance guidelines I've done a few various here and I'll talk several topics you heard about the NISPAC study I've met Matt Kitzman here he holds some sessions on sponsorship in Fugai the good news though is DCSA has transitioned two sets of indicators to evaluate the effectiveness and efficiency of the SEO process the first is the inventory number for active initial additional and upgraded cases that is being considered a leading indicator as of May 24, 2023 active initial FCL inventory was at a 10 year low of 451 cases so as the inventory goes down we'll find some more efficiencies in fact you can probably find some parallels in how over the years the personal security clearance products are talked about in inventory it's all that indicator to get to where a miserable state is this is a 58% reduction in the 10 year average which is 775 so we're making definitely make improvements turn those timelines down and get those companies cleared faster 451 cases that are currently active upgrade to the inventory 159 cases are open for 180 days but this is also a 42% reduction over the 10 year average so I think this is it's a good news story we want to take our entity vetting element and start bringing this together when it's down to partnership it brings it together and makes it more efficient and it gets coming to work faster and then the blackness we talked about between models we use those with no risk those with indicators and some plasticity and those that have risk indicators that require a new risk mitigation these are tier 1, tier 2 and 3 but overall the good news is it's going down that inventory is becoming more manageable and it goes back out to the entity vetting staff and industry working together to get to where we need to be real quick public announcement NCCS is out there please use it there's an informational website and the NCCSF needs to work and we'll continue to work closely with the NISTS PAC membership to go ahead and keep moving forward on these NCCS with the repository of the 254s it brings that information together in the right place business tools and things allow consistency in application and development of the 254s which is really important a bad 254 is bad during classification you put the wrong marking on something and it's just going it doesn't stop it's really important that the 254 is done really well to make sure we have consistent real quick in the last NISTS PAC and over the past couple of custody boards you've heard about our field structuring those who don't know DCSA this past December stood up a new operations organization the assistant director for the field operations headquarters and regional directors are personally in place about 975 percent we're moving forward what this is is taking field and integrating the function of the field whereas in the case of industrial security Matt Redding still provides the general mission guides from an industrial security perspective and the field executes in an immediate fashion with the ISSPs the ISRs, the DCS and background investigators Heather mentioned a couple of things and this is a couple of follow-ups to the LAPNIS PAC and a couple key areas was mentioned about the DCS-4147 so there is this collaboration and these are things that work well when we engage we'll continue to use it for new facilities but we'll look at the industry on the bigger plan of implementing the 147 I will say that I first got to do that day and I saw this light car looking thing how we could improve state parking I was really confused coming from the department's security side how do you even know what it looks like so in the big picture the 147 does give a solid perspective of your safe garden requirements it helps when a new FS-7 is on board or a new ISR to better understand what security measures are in place from a tool perspective a really great opportunity to move forward we understand the complexity of modifying these across four or four-and-a-half thousand safe garden areas we have security review improvement you heard about this the last couple of probably customer advisory boards we understand the concerns in the requirement industry we talk about how the rating itself derives we'll be working with industry as we move through this year to make sure that we look at that and get to a state that meets the needs of us of DCSA and oversight role and compliance and also better lining the tool to better capture the actual rating itself thanks industry for all the tenants at this year's industry security conference we went from Monday to the two-day we tried to expand the sessions a little broader to give a bit more of a takeaway in that it's important that we use the learning event and we want to make sure that the people walk away after the time they spent that there's things to learn that there's information gained for any government in the room on August 60th and 17th we'll have a two-day government security conference registration open on June 15th so the last thing I have to turn it over to Mr. Mark Pepperell for a data embassies is that I've got some time with DCSA between the seven people but we want to make sure we have a turnover of NISPAC membership to make sure that we align things we have consistent application and representation over the next so I think the next NISPAC is start tomorrow we'll get done the session we start tomorrow for November so we will announce and we will be following the documentation that Mr. Matt Roche and Mr. Jim Terry will be taking over as the primary and alternate NISPAC member for DCSA and that'll allow me to close out I think my sicking public meetings I can, you know but we really want to make sure there's a weak seat ride and make sure we have a really good turnover on this because we don't want to have a break in that engagement strategy we want to make sure that the continuity and everything with industry continues that's what I'm sorry Heather brought my attention before I turn it over for NVSS we continue to go through some questions on multi-facility organizations in 2-5-4 stay tuned for the information we know that the instructions for the 2-5-4 not only for the other areas need to be 5 but we're going to take an effort this year and look at the F-1-2-4 look at 2-5-4 and its instructions for the industry and government partners to make sure we look at getting these right down there and we'll get some guides out to our field personnel in between so that's what I have I'll take questions after the end of this but Mr. Mark Peck will hear if you can provide an end to this update Thank you, Keith so hello everybody as you can tell I'm just getting here flights were a little bit late out of BWI's morning but I am here to talk about edits and this is going to be an extremely non-technical update the aspects of whatever interests or concerns or questions you have are going to be the best managed throughout the green days of the NCMS conference with the technical folks that brought down with us for any of you who are at the NCMS last year in Minneapolis you'll know that we started doing those helps that have been greatly expanded they end up to be very popular very welcome so we're expanding on that and we're going to have no end of our community for you to get the technical information that you want and need so just at a very high level everybody is aware that we're moving to end this and one thing that I want to make plain is what's going on now the first step in this journey because this sometimes gets confused is I say humility is that advisedly moving from equal to EM by which you initiate individuals into the vet process there's a lot of concern and some inflation maybe due to poor communication or miscearing things that we're actually talking about the psych management portions at this point with the equity transition we're not this is just getting you to where today you have to initiate an individual if you go to Egypt it's simply tomorrow it's another site so that's really what we're talking about at this point in time for them to move to end this I've spoken about this our federal customer agencies numerous times I'll repeat the message here with them all we are committed to doing this providing whatever resources we need and being able to bear getting this accomplished this year but before the day it has been said I hope we're first from industry as we requested a federal we've lost the audio in the room we've lost the audio in the room yes no longer receiving audio on this end I'm going to text Heather hopefully she's got her cell phone with her yeah I just texted her too everyone online I don't think they can hear us either please stand by I'm sure we'll get the audio set up again in just a moment this is a very formal meeting I will be doing a session tomorrow from 1 to do that talks about the life cycle how do we get here for those old enough to remember River School House Rock how a bill comes along we're going to put it in that format so a little bit more informal to talk about how we have different mechanisms within industry to find out what are the true issues narrow it down with those issues so a lot of the things that we're talking about here we've already been talking about them for many many years in different working groups so it's intuitive Keith knows what I'm going to say I know what's finished because we already know what the issues are so this right here is where the public meetings and we don't always get down to the nitty gritty of the actual details of what the issues are so please hopefully I'll see you tomorrow from 1 to do it's only a one hour session and I'm also looking for what the issues that you're experiencing that we can actually bring into the umbrella and hopefully you'll get to the right people while you're here bring in as an issue we can work in a working group or just to the right of the person is DCSA is that enough time? Yes we can Alright fantastic Mr. Pat girl if you want to go ahead Sure okay links to training, links to user account creation things like that will be made available as we go through these several plays hierarchy establishment that is something that has been done already by DCSA for you so you don't unlike your fellow partners you don't need to worry about doing that what we need you to do is understand the approach that we're taking we're doing this in three phases we've taken the entire industry base from a Venn perspective and divided it in Daniel's submission amounts of the classifying groups small, medium and large and each has a large number of companies in there and we'll be tackling each in turn and three certain involved that get to each group requesting accounts, completing the training receiving accounts, verifying hierarchies and then finally actually beginning submissions we are obviously motivated to try and do this as quickly as possible we understand we understand we still have gaps that we are trying to and repair as you're going along two examples have been encountered by the by the federal community presently if you've got an individual who does not have a social security number there's no way to initiate that person that is scheduled for a fix in a release in September so it's been identified and we're working on providing a solution to that similarly just the same two examples I pulled the lack of availability to download XML files with tabs that is also planned for a September release that will be our last release of the fiscal year so confident our experience with the federal community has alerted us to those and whatever any other issue that we need to take look at and resolve in order to take the system as effective as we all want to be but as you go through this you identify or highlight anything else that's run into please let us know there's going to be a number of people wandering around these next few days I'll refer to them generally as our customers support experts many of them are names that you know people like Mr. Chuck Tenge Mr. Don Lewis, Mr. Mike Fowler and Mr. Sheldon Siltas from my own team Scott Glastick Josh Thabon and Eric Kreitz seek them out these are the people that are going to help you move them wherever you are now to a potential successful using of the system I've said we're going to have even more resources here for you this year than the last year we're going to have the start guides for you so that you then may take care of some things in a little time but we really want to make this a partnership as we go along we've learned a lot from our experience of how to do it with the federal customer base that we're hopefully now going to apply to our industry partners and again our goal is that by October 1st all case emissions are going to be coming in via EAP as opposed to the metal of DCSA first real ability to to sunset first to the Lexi systems and then this is doing us a towards so we're very much looking forward to the end of the fiscal year and we'll be able to do that more information is going to be made available to you also I think how many just a quick share of hand how many folks in this room are aware of the quarter we need is that DCS today's industrial liaison group has established that the first one was in March 8 the next one is June 29 we send out to basically the entire FSO the entire FSO population we've upped our technical ability to handle thousand attendees so I encourage you to know a little about those to come to those if for some reason don't seek out and the gentlemen that I just heard find out about them because of the sheer scope and the size of them it's possible to do a real time question so it's basically a transit but coming as it will at the end of June after another month gone by we'll be updating all the end disinformation that we're able to push out for you at point as well so that pretty much takes me to the end of what I came here to say so I will turn it back unless there's anything that's for me. Hey Mark this is from the industry known as I want to say something this one in Quentin Wilkes from L3Harris and Jeremy Wendell from Northrop Grumman they held a fabulous in this workshop that was about 300 plus individuals that workshop was phenomenal because they pointed out a lot of FSOs that just don't get that information from a lot settings there was a lot of hands up that had not actually created the account and they took the three out lots just to build individuals walking through that process this morning so that workshop was phenomenal so I just wanted to give a big shout to Endis on boarding team and Jeremy put the network out together so thanks I know that happened Mark I have one more question Heather in the industry still a lot of anxiety with industry about going to Endis because just two years ago we went from JPEG to DIS so I would be remiss if I didn't at least mention here and the attendees here are going to get one on one training they attended this morning which I popped in definitely you could have used a bigger room and a lot more hands on but thank you for industry helping industry that's where it is and that's the people who actually went to that course this morning to help your other partners in your area as well so we still have to help us bring the accounts and all of that so be patient we're going to this is going to be for the betterment of all the national security program once we get to one system but it is going to be a struggle we know it we understand it but we have to be supportive because we have to get there but there are some impediments and challenges that are you to industry maybe not just industry but access to service now through PKI certificates I know many of us still having challenges including being out there what is being done to help understand the issue that industry is having to get to the accounts on board and get us to the next level that's something like a technical question if you're referring to the actual PKI issues so I'm going to time phone a friend here because he said that I could I needed to Donny do you have something to say or show thanks okay I'm Don Lewis from the industry on the team yes Heather for your question we have definitely been working with the involved team and we have also been trying to put some the need for that know Quentin and others have brought up and we've been working with them as well one trying to get kind of a temporary work around that's not really a permanent one when it will get you anything credential but there really is more long term fix on the way right now it's just important to get that to approve the whitelisting of the actual it's called my access of that process to be allowed to use it but yeah certainly we know that that is a high priority on our end and certainly have been working trying to get that going don't go under one of the other major concerns from the industry and I know I'm speaking for people in the room as well on the lawn and CMS as well the concern about the data is for having the data that we trust in the system being transferred over and we're not relying on resources from the industry to put our own information to the system how confident are we at releasing you that the information will be the force when we get to this I can say specifically on the dates exactly you know what they're not you know the data of that data exactly what you want and I can say that that is a continuity process that is being worked on by the data migration team and then make sure that that is accurate and that it will be as little of a lift as you guys can have so certainly we've learned lessons from that from J-PASS a different position and are trying to use those lessons to make the job a lot easier on this time around Thank you for that and thanks for being available so just before I hand them over one final time the point made about being anxious the industry is just about about this and looking out for how to repeat a J-PASS obviously so is DCSA but this for everybody's benefit here this has clearly been communicated to all level internally and externally that successful rollout successful transition from the EQUIP-T app that everyone's while I'll say EAP-EQUIP it's not working but the transition is the number one priority DCSA for the any of this and it's going to be the executive attendants getting the leisure potential and the resource financial and all the other necessary attention to make that happen to your point specifically so you don't have another incident or another experience like that Just getting dink over next back history I have a question about DCSA it's not about it industry comments DCSA for being willing to take a look at their security review rating process and circumstances that they have for large contractors who have access to dozens of security review processes and results across the country and they had the opportunity to see how that yards get applied from region to region field office to field office I saw a couple of years ago in conjunction with the lease of the new security review process DCSA all stood up quality control office and the quality control office was identified in order to be able to focus on any inconsistency resolve those inconsistencies and make sure the process was by fairly and evenly across industry from region to region and field office so I'm just wondering if you could comment on the quality control office the staffing on it and what the results are that they've identified in terms of any inconsistency or inconsistency across the country well if he looks over here Mr. Matt Roach on quality assurance this is a step up for him now on the other side we do have a friend we've got 27 people on teams right now in the background that helps us something but I'll defer to Matt Roach or maybe even more actually here in the room thank you Keith so this is Matt Roach again and thank you for the question James we do a quality management program it's actually led by Lauren and Fiery over here she'll be here all week as well as our help desk we have a whole team here on the help desk it's about security security reviews the program and thank you and anything else that's in your mind but in terms of sharing some data so we're just getting into a period in time where we have enough data to look at to enable us to start making decisions with one of those things that we're going to use that data for is the Academy that Mr. Redding is to stand up to get that to see that we're looking for as well as the the security reading score where our aspirational goal is that we can both on the industry and on the government side get the same conclusion by following very simple planning math and depending upon the magnitude of the risk embedded in that certain area and that really we're working together with the NISPAC is going to be helpful so that we can see and agree so I'd love to talk a little bit more about the data when we start to get to that point where we share it with industry but thank you for this question and just to one little add-on is one of the things we had this year and previously involved this is we do have a lean stick to my green bell project it's going to be take a couple of minutes to review so we need to take consideration on how we can use it for best practices and move that process. Thank you Steve, I appreciate it and I appreciate everyone's patience we work through the technical issues as a matter of fact I now have two phones instead of just one and I did get a bunch of messages and emails so yes, the sound was out. Next we will hear from Valerie Curbin the Chief of Policy and Collaboration with the Social Security Directive with the National Counterintelligence Security Center with the Office of Director of National Intelligence for her last public meeting Valerie. Hello Heather, hello everybody and thank you very much Heather and thank you so much Mark Bradley we want to thank you for your support and guidance along the way from ODNI and much much good luck in your retirement. So I'm going to provide you an update from the SECEA perspective you know I like to brief you all on where we are and where we're going on trusted workforce so most of you know the framework of the high level policies have been issued we had a really good banner year in 2022 right now we're working on implementation of all those policies so as of March 31st we did issue our first tranche of implementation and the operational level guidance this went out to our department and agencies and the investigative service providers there was two memoranda which were helping agencies get ready for their implementation of the transition to the three tiered investigative model and in the memorandums was a business were the business rules and a crosswalk and also an FAQ even though it was distributed from us to the department and agencies ISO always helps us to also distributed to our NISPAC members next we also this past spring we work with the PAC and OPM to issue this third update to trust a workforce implementation strategy and we include all the progress we have made each quarter this last version included three strategic adjustments to maintain the velocity of reform and ensure agency and ISP success so we will continue our iterative approach to updating implementation strategy and of course we ask our departments and agencies and their senior implementation officials to continue to modify your internal implementation plan this implementation strategy was also sent through ISO to the NISPAC members let's see our next area to talk about is we did issue the federal personnel vetting performance management guidelines last February and then the standards this past September and these two documents describe the overarching strategic direction of personnel vetting performance management and where we are now is we are working on the specific metrics that were found in the standards and these metrics will help drive and show process improvements of what we've done to improve the enterprise and to help agencies make that risk-based approach so we did an extensive review with the community we are dedicating the comments and we really hope to issue this additional implementation guidance on the performance measures later this summer and that will be a joint issuance of ODNI and OPM as the executive agent also coming soon are the national training standards to the background investigators this will be issued as well jointly and this is where we got after the gaps of what was in the prior training standards to what investigators will need to know now for trusted workforce so you will see that a lot of the information has remained similar we didn't do a wholesale change we just made updates and have a revised comparison of what investigators needed to know is the minimum standards and what they are going to have to learn now and also the training standards we ensure that there is a refresher to ensure equal fair treatment in the entire investigative process then we've also completed national security adjudicator training standards we did a gap analysis we revised the learning objectives and right now it's in for review through the DNI internal process so both of those training standards with a lot of hope everything will be issued by the end of the summer these will be really good for the community to see and to start enhancing their training programs for the changes there will be a few other iterations of implementation we're thinking about two or three more tranches will come out so they will come out in the next couple of months and through the end of the year as Heather mentioned we were part of the listening tours the PAC PMO initiated these tours we're speaking with the particular industry groups like NISPAC Group, INSA, ISWIG they'll be one for state local and tribal and this is a wonderful opportunity for the executive agents and the PAC principals to hear industries concerns what are their pain points and also to provide us some ideas for improvement and what we need to maybe do better in our communications and of course as we all work through that sharing of information an update NDA, that non-disclosure agreement the SF312 I'm sure you all recall archives issued the final regulation change last spring and we are in the final stages of getting this signed by the ODNI so the form that needs to be signed can be signed in wet signature with a witness or it could be signed digitally so the information for that approval is found in the regulation however agencies can use the old form to accept the digital signature now but there will be a new form that will come out in agencies once it's issued should be using that new version I think that's it for updates from Secchia I just also want to thank you all for being partners with ODNI and it's been a long time I think I've served NISPAC when I was with NRC for a couple of years and here at ODNI so it's probably close to eight years I've been involved with NISPAC and it's been a wonderful experience and a great opportunity to learn what you all are doing in your agencies so we could work together to get after any of the concerns we all have and of course we're all working to have a better personnel vetting process and improve how to onboard the talent and retain the talent in the government and industry so thank you again for all the partnerships I do miss being in person and meeting you all and interacting but hopefully our paths will cross again soon so thank you to AISU Heather and Robert you've been great partners and hope you all enjoy the rest of your conference that's all I have Heather Thank you Valerie Are there any questions for ODNI? I know I personally get a lot about SF312 so now I redirect them All right, thank you Valerie Up next is Mr. Rob McRae the director of the national security service division with the office of the chief security officer Department of Homeland Security for their update Rob? Hello can you hear me okay? Yes Joe we can Great Now much to report here from DHS we continue to make implementing trusted workforce 2.0 priority making headway in the continuous vetting enrollment of our national security population we're just about about 100% also with the draft back and other critical elements of that as well but out of that not much other to report we just appreciate the partnership that we have with PCSA and they continue to support our industrial security program as well and we'd like to wish Mark Bradley all the best in his future endeavors Thank you very much Any questions for DHS? All right the next update we will hear from is Mr. Mark Kainowski Office of Security Policy with Department of Energy Mark? Good afternoon everyone I'm going to actually let Tracy go first to scrape our slides so he has to drop off for another commitment Okay thank you Mark This is Tracy Kimmel Department of Energy Personnel Security Policy Program Manager First of all before we get into the slides we just want to say on behalf of the department we want to congratulate Mr. Mark Bradley Valerie Curbin and Chief Miner on their retirement and service to the nation and we wish you well in retirement Additionally the Department of Energy wants to also thank Heather Stan for her service as the NISPAC Industry Spokesperson so thank you all So if you're following along with me on the slides I'm on slide 2 right now And so for this particular slide overall DOE continues to meet her goals on average over the last four quarters Now we did have some hiccups with our adjudication for top secret PRs over the last four quarters But again we're making our IRPA numbers Slide 3 This is one of our goodness slides here Over the last year we met or exceeded the initiation and adjudicated goals and expect that trend to continue for the fastest 90% for initiation top secrets Next slide The monthly timeliness for the fastest 90% of initial secrets We met and exceeded this one again over the last year so nothing more to report other than good news for that particular slide Next slide is T5Rs We continue to meet the initiation goal and since last August some of the months have been kind of hit and miss but again overall we're meeting that per goal on average and over the last 12 months our adjudication timeliness was at 19 days And for the last slide for the secret T3 re-investigation no major changes and our average timeliness for adjudication for this particular slide was 18 days Now that concludes my briefing for the slide and as we always say if our industry partner is having a concern for DOE from an industrial security perspective please don't hesitate to reach out to us if we're ready to assist where necessary This concludes our briefing Heather's subject to any questions Alright, thanks Tracy Next we will hear from Mr. Dennis Brady the Chief of Security Management Branch The New Year Regulatory Commission Update Yes, hello Good afternoon everybody A couple of comments from the NRC I just want to give a quick update on our NIST program It continues to oversee the clear contractors We're ramping up to our pre-COVID operational tempo Under CUI the NRC continues to meet with other agencies and our stakeholders to share the NRC's CUI program and our plan for implementation The NRC has made great strides in developing our CUI program but the program is yet to be fully stood up due to implementation challenges raised by federal departments and agencies along with our stakeholders I want to talk a little bit about C3 which is one of the big accomplishments for the agency We've launched a C3 foreign travel reporting portal It's been operational since January 23 for our cleared employees and contractors to use to report to foreign travel The portal provides the traveler a timely feedback for approval for foreign travel The portal guides the traveler through the reporting requirements and allows for the traveler to pre-travel edits and post-travel updates Very proud of this In addition to providing the means for cleared personnel to gain foreign travel approval the portal allowed the agency a venue to remind the staff of certain security policies for those going on foreign travel such as not traveling overseas with your PIV card and or not taking your agency laptop overseas Since we've implemented those reminders and made that a mandatory checkbox on the portal we haven't had any infractions of that nature since then So that concludes my remarks and I'll That's back to you Heather Thank you Thank you Dennis Any questions for the NRRC? Next we hear from Kelly and Jim giving the Central Intelligence Agency update This is Kelly Patrick We don't have much of an update Jen is not on the call We're just continuing to work at meeting 100% of the CE enrollment We're getting pretty, pretty close We're also working towards the trusted workforce 2.0 implementation So that's about it Thank you Kelly Any questions for the CIA? We're now moving to the portion of the meeting where we get reports from the NISPAC Queen Groups So we will not be discussing all the working groups at this time We have provided slides with the highlights of all of them We will only be hearing about the clearance winning group and the NISP information system authorization also known as the working groups at the time You have already heard from some CSAs and CSOs on the level points of what was discussed during the clearance working group on May 3rd, 2023 We will also hear from DCSA or their security clearance metrics, a loss metric from the NRC since we had already heard from DCLE We are now going to hear from Mr. Dasegot the NISP authorizing official for DCSA's information system update Dave? Yes, thank you Good afternoon Just a slide here on some high level national metrics on the national metrics slide next week What we have discovered is that our partnership with the NISPAC group provides monument success and transparency in our operational model for seven authorization of systems The traditional year and a half that we made changes in the workflow to the package workflow getting industry first in insight into where the packages are along the process has proved beneficial for both industry and us and now we have some national metrics giving for detailed analysis and timings So high level metrics here on the left hand side systems authorization status, that is the quality of our systems which is around 5500 systems Two years ago we were roughly around 64 systems We continue to stabilize at 5500 systems where we have to read the systems that have expired or there is no longer a contract requirement for process processing So we have discovered that our view is pretty much stabilized at 5500 What goes on the pie chart there is authorization status which is a fully authorized system typically set to be years and a condition authorization which is there in red I'm happy to report just from a trend perspective we're continuing to see more full three year authorizations that do in large part because our active participation is getting out outside of COVID conducting those risk reviews So we're going to continue to stress that Moving on to the bottom is really what's been beneficial as giving our industry and for us what's been DCSA is insighted into what is our timelines many DCSA days visiting for us to a 7 authorized system and we go right at the days of an active workforce standpoint So we reminisce having a fully completed package with 90 days and DCA time is 50. Now there is back and forth between history and government just a situation of awareness Extension, that is a regional authorization official tool when for whatever circumstance if there's unification we cannot get onto a site or if there is a high level vacancy in an office we do have the flexibility to send authorization along to the communications key from that local level ICS-M, the ICS-P team leads in regional authorization so it's appropriate. Next slide. The contractor, the audmetrics or SCARS is what we did a few years ago and continuing to prove beneficial across the board. You'll see their packages to date 5000. There's a lot of ingested packages coming in. Really the three decision made complete which is a fully complete package passed onto the ICS-P for the next steps of review. Next slide. There are some items on the left corner of the top three items for returns which typically lack or incomplete implant or could as simple as bring the requirement to process. The tree up metrics that I'm most proud to report is just the return for rework. We first started the tree up actually in FY20 but we did not have much at the time. I know it says 31% FY20-3 it's actually a little bit low in that. We made some enhancements with an EMAS for required fields that caused a little bit of a hiccup for more return that we've kind of worked through. That's a little bit high but it's not a true representation. It's actually a lot low in that. Industry doing a much better job on the following the job base better that we've posted in our system of record. Next slide. We had them discussed here at the NISC. We're very happy to record the NISC about pilot success. Probably a lot longer than much all of us have participated both government and industry. We learned a lot about that pilot. It's a working group in DCSA. We had a very extensive walkthrough of the pilot about six to eight weeks ago where we walked through the pilot from 16 months ago to where we are today and we had a lot of questions for history. What we determined are no policy pediments for industry to procure and process classified in the cloud. There was a provisional authorization for the secret region issued by DCSA in January and we were happy to report that in March of this year we did issue a conditional authorization for the defense contractor. We are networking on a few other projects in the same area. So we're continuing to learn. We're going to continue to get our best practices and communicate these transparent obstacles in this award group partnership. As was stated earlier, what we've discovered is some of the challenges, I think, is that we worked through was the acquisition piece. As Mr. Senator talked about earlier, we do have, through Keith, like CB2 working in partnerships there, so we've got that. We also know that the government sponsorship is key. It's just from the enabling of the capability, just the way that it's architected the cluster of offerings. The other thing that I want to stress on, and you'll hear probably in some of the session this week is set a zero of arm making sure that the right stakeholders are at the table, ISSM, program management, leadership. I think that's going to save a lot of time, energy to be in effort from start to finish if preparation is done well up front. So very happy with the success there. Moving on to Delham, 3.0, we are very close to handing it over to the minister working for an informal review. I'd say sometime this summer, I was hoping it was going to be done a little bit sooner, but we're final coordination here at the headquarters. The things that we're looking to do there is really kind of some of the gaps that we've heard over the couple of years both from industry also internally, making sure that clear, consistent guidance in this document. We're going to make sure they're trying to align to CPSS 1253 and associated instructions as well as upping the language for 32 CFR part one of seven. One of the key things in Delham that I'm most proud of and very excited about is we've been hearing a lot about requesting guidance to how to share a single system or multiple programs, multiple contracts. It can be done. Delham does not have clear guidance in her and we have some draft guidance that we actually worked and tested out a little bit on the club highlight, and it was extremely successful. So we're excited to get that out and share it with the community Heather, we seem to have lost the audio again. Please stand by everyone. Everyone, they're working to have us reconnected to the meeting. Please stand by. That's a launch point. No, I actually have one more. I'm pretty good under pressure for those that don't know me. ODI mentioned about the new form PRs as we know are changing and they're looking at this new form to do the supervisor recommendation on your clear to employees. We industry NISPAC members, MOU members, are collecting some concerns that we're going to have as we move forward with trigger force 2.0. We are at it as one of our items and as you're doing those things towards what the PMO ending out, so she can make sure that you're taking that aim. He is in attendance that I also believe. So maybe we'll get some people together and talk out what does the future look like for personnel security. It looks great, looks bright. We can get a person hired and work within that same week. That is the end state and immediately tossing people and getting that vetting done. You're welcome. Make them. Heather, have you gone? Sorry about that. If I could just have our event producer say that she can hear us and I acknowledge it so that we can both hear each other. We can hear you online now. Thank you. Appreciate it. Sorry about that everyone. You were in the middle, correct? Yes. Okay. Mike, back to you. All right. All right. Thank you. Good afternoon everybody. So, yeah, slides up there. Okay. Yeah, so for it's entirely for investigations for the T5 initials looking at FY23 Q2 we'll break down a bit. 20 days for initiation, 107 days for investigation, and 10 days for education. So that gives you an entirely total of 137 days. The T3 initials FY23 Q2 again we'll break that down. 20 days for initiation, 19 days for investigation, 19 days for adjudication, that gives you an entirely of 102 days. 90% the initial investigation had an internal determination on average to within 10 to 10 days. And then the, yeah, so the total investigation inventory would be at the T5 levels 13,600 and then T3 would be at 14,600. So I'll go ahead and move forward. We'll talk about the DOD CAS. So looking at DOD CAS inventory inventory trends since Q3 FY21 current open adjudication case inventory for industry contract personnel is about 29,000 cases. Now that inventory includes request, incident reports tier background investigation and continuous adding alerts. Because that inventory numbers include continuous adding alerts you can see as the number of people enrolled to continue studying has increased and the number of data sources has increased, there's an increase in inventory. Those most serious alerts are prioritized to mitigate risk. And then for reciprocity, the CAS continues to process the decisions that average of the calendar day. Also from the CAS perspective for industry conditionals, in creation of partnership with Vero and the NISAC, DOD CAS began to define the process to issue conditional national security eligibility determinations. The conditional support vision readiness by removing aids from due process and using continuous embedding to monitor compliance and support risk negation. Once that process is defined, additional communication materials are going to be provided on industry conditionals and will be distributed to industry and across the department once available. And moving on to embedding operation updates. On March 27, 2023 this release 13.17 included dates to continue embedding and reusing codes on the user interface and reports within the disc. Records had other and deferred will now be reflected as enrolled. In the disc JVS user interface the users will see CV enrollment status as enrolled, unenrolled and no records found. Corresponding dates associated with enrolled or unenrolled will also be visible. Records found in the case that the individual is not enrolled in CV and reporting CAS and GDS and CAS will play CV status of enrolled unenrolled or never enrolled in the date. And reports never enrolled is a status no records found. The most recent date of enrollment status populated in the disc and not to sort the identification of the timeline for this update. For CV management, post-EV enrollment alerts are generated based on the first thresholds which align federal investigative standards and adjudicated guidelines. CV information by 6% alert rate. Criminals of financial are the most common valid actionable alerts. As far as FY23D row have CV 13,000 industry alert with 6,300 or 47%, not previously known from 5,600 unique industry subjects. So note this information should itself reported and as our goal moving forward to have individual self-report information as it occurs. Any questions? Update. All right. Thank you, Mike. Any questions for Daro? Okay. For those of you on the phone, it's my understanding that the audio actually announced with Dave Scott. So I apologize but the minutes will reflect what you should have heard for those on the phone. So now we are at the podium. Hi, Heather. I'm here. So thank you, everybody. First, let me just say congratulations to anyone who's on the verge of retirement. I'm incredibly jealous. In terms of the slides, I'm not going to go one by one. The gist of it is that for the most part we're hitting our IRFTA adjudication timeliness numbers. We had a few hiccups with some PRs. We're not running nearly as many PRs, thankfully, now due to continuous vetting. But those that we did run, we ran into some issues that needed a lot of additional work on our end to clear those out. But as I said, I'm happy to report that for the most part our IRFTA numbers are being hit or exceeded and we're not seeing any real issues there. In terms of the equip to eApp transition, I'm happy to report that the NRC has fully transitioned to eApp, both on the Fed side and the contractor side. And we're actually finding that the system works quite well and hearing positive feedback from the applicants who are entering information. With continuous vetting, our cleared population is enrolled as it should be. And we're internally gearing up for the enrollment for the public trust population. We're making some updates to our systems and getting ready for that large population that will need to be enrolled and potentially require some reinvestigations to get them new forms or maybe not reinvestigations but at least reaching out to get new forms. That will be a large undertaking but we're getting ready for it. In terms of rat back, we're about 85% there as a whole population. Some issues getting folks to get fingerprinted again, but that's getting easier and easier as we kind of emerge from the COVID rock. I really don't have any more information but I'm happy to take any questions if there are any. Any questions for NRC? As requested, we are going to go back to DDCSA with Dave Scott to discuss the MSCPG and CCRI. Yeah, no problem. The new section of the process is developed in partnership internally and also coordinated last year with the working group. It's been coordinated formally and we're going to in parallel with the DAPM when we're ready that we're going to coordinate both those for final release in the new process. We're looking to do that here in the very near future. The CRI is standing up. It's our own dedicated CCRI teams. We're so you're going to see an increased presence probably up to double next year. Our residents intentionally more. Definitely more over the coming years where we'll be conducting CCRIs on those industry connections with improved access to the SIPRANET in the very near future. And then last topic if I got to cut something that we need to we're looking to prove upon is our MOU coordination process. We're looking to find efficiencies in working with other government agencies and obviously on your path for contractual clients to connect to other government networks. It's a lead out of our headquarters operation and we're looking to find ways of automation in any way possible. So we've got some ideas. We really help you guys out as it relates to MOUs. Any questions? Any questions? I'm sure there aren't for those in the room. All right. We're now going to hear from Mr. Perry, the Director of the Defense Office of Hearing and Appeals also known as DOHA. I know that he was being to be in person but unfortunately was needed back in D.C. Yes, thank you so much, Heather. I want to start out by thanking Mr. Mark Bradley for his distinguished and really exceptional federal service. I did this back in November when I thought I was saying goodbye but I'm going to do it again because in addition to being a distinguished and revered public servant, Mark Bradley is also an accomplished author. I want to say that I hope that Mark will write some more books. I'm looking forward to reading them if and when I ever get to retire. In the meantime, before we let him retire, I just wanted to echo Jeff Spininger's words about Mark Bradley's leadership because Mark represented exactly what we in government strive for, clarity of guidance, transparency of process and ultimately the ability to balance competing interests in a way that serves the taxpayer and the public very well. I also want to thank Heather Harris-Pagan and Robert Tringali for all of the hard work and planning that went into taking this first post-pandemic in person this back on the road to New Orleans and while I am not there to enjoy it, I wanted to make sure that we thank them for all of the work that went into this. There are multiple pieces of good information as far as what Doha is seeing. First of all, I want to say that Doha is timely with its legal reviews of industrial contractor statements of reasons. We currently have just 241 statements of reasons reviews pending with us. That's well within the norm of the working inventory of SORs we review in a month which is about 300. That means that on average SORs are getting their Doha days. This is the first piece of good news because it means that timely notices getting out to industry, cleared employees and applicants for clearances about whom issues have been revealed by either continuous vetting or were found in their investigations. Second, as Mike Ray just noted, DCSA consolidated adjudication services or CAS is working on an initiative whereby they're going to start issuing conditional clearances in industry. This is also a great innovation because it's going to be leveraging CV which means that we're not going to be putting emphasis on the FSOs having to do something. It also means that the CAS is getting the issue of information sooner which means that they should be able to produce robust resolution of issues sooner as well. This is all good news and finally if and when a case does need to go to administrative due process Doha is continuing to steadily increase the number of hearings that we're holding using secure remote video technology over the DoD version of teams and in addition we've got Doha administrative judges and department counsel traveling more than they have in the past two years. Obviously that was constrained during the pandemic. There are some cases that lend themselves to more in-person for example if we have expert witnesses for mental health cases would just be one example. I also want to pause here to thank Valerie Kerbin for her exemplary federal service and I remember when she used to give the NRC brief and I just want to thank her for all the work she's done at ODNI as a security executive agent. Among the many initiatives she discussed was one emphasizing fair, equal, and unbiased treatment. Those are obviously essential aspects of what Doha does. Doha also ensures our transparency by showing our work. Every industrial contractor clearance eligibility decision made by Doha since November 1st of 1996 by either a Doha administrative judge or by the Doha appeal board is published in redacted form means we take the personal identifiers out on the Doha website. That's HCTPS Doha.ogc.osd.mil and then a little slash. So again Doha is part of the Office of General Counsel within DoD that allows us to review conduct hearings and provide due process in a way that is independent from the investigation and the adjudication. So with that said I will stop and take any questions. Thanks Perry. If I have any say you're never going to retire. Any questions for Doha? All right. We're now going to move on for an update on the classified information program and I will give that as the executive agent is ISU. As a reminder it is still a requirement to safeguard name of the CUI in accordance with executive order 13556 and 32 CFR heart 2002 the implementation directive for CUI. One of the highest priorities of ISU as a CUI executive agent is getting a CUI thorough acquisition deletion case also known as a FAR clause issued. It will create a common mechanism to communicate which generation contractors created for and receive from the federal agreement must protected how to protect it and who it can be shared with. Currently law federal regulations and government policies already mandate the protections. Once the FAR clause is issued it will be a standard vehicle for conveying whether CUI is involved in contract and what the existing process is. The CUI enter agency policy committee or IPC process had an initiated ongoing. CUI notes 2022 tax 01 provides executive agents regarding the White House National Security Council Moranism initiating a process to review information management classification policies of June 2nd 2022. And what waivers made in place for them please do not hesitate to reach out to CUI at nara.gov. We are now at the point of the meeting where we ask for NISPAC members present any business that they may have. Anyone? Do any other members have questions or remarks in the room? Please make sure you sign in for the attendance. It does have your email address for everyone that is in person called in. A survey will be sent to everyone. You will have out two weeks to complete it. I am aware that we had technical issues. Other than that, please feel free to put anything else in there that would be beneficial for the next time. Our next NISPAC is scheduled for Wednesday, November 15th, 2023. We hope to have the meeting in person at the National Archives in Washington, and as a reminder, all NISPAC meeting announcements are posted in the Federal Register approximately 30 days before the meeting along with being posted to the ILO of the V-Blog. A huge thank you for those with NCMF that made the reality and helped us throughout the meeting. And thank you for those that stuck it out, both the people, the NISPAC members, the speakers, and the attendees in the audience that really reached out to you being patient with us. And with that meeting is adjourned. Thank you for your time.