About the Author

Whether you’re a new or experienced FSO/SMO, NISPOM compliance can be complex.  Jeffrey W. Bennett, ISOC, ISP, SAPPC SFPC provides clear, practical guidance to help you achieve and maintain compliance with confidence.

Stay organized, audit-ready, and in control – Jeff and his team delivers tailored NISPOM consulting, backed by industry best practices and his proprietary FSO Workbook, Gold Standard Criteria Assessment and Self-Inspection Program.

Why it matters:

Non-compliance can lead to penalties, lost contracts, and unnecessary stress. We help clients see measurable improvements within the first 30 days—strengthening audits, educating teams, and protecting contracts and reputations.

Our Core Services


Popular posts from this blog

How Contractors Get Facility Security Clearances

Having a Facility Clearance (FCL) makes a business attractive, but that desire does not provide the needed justification for obtaining a security clearance. The FCL is strictly contract based and demonstrates an enterprise’s trustworthiness. A company is eligible for a facility security clearance after the award of a classified contract. The FCL is a result of a lengthy investigation and the subsequent government’s determination that a company is eligible to have access to classified information. A company can bid on a classified contract without possessing a facility clearance, but is sponsored for a clearance after the contract is awarded. The interested company cannot simply request its own FCL, but must be sponsored by the Government Contracting Activity (GCA) or a prime contractor. Once the need to conduct classified work is determined, the next requirements are administrative. The company has to submit proof that they are structured and a legal entity under the laws of th...
Read more

Appointing the Threat Program Senior Official (ITPSO)

Image
This article continues the series covering the Self-Inspection Handbook For NISP Contractors and guidance found in the National Industrial Security Program Operating Manual (NISPOM) Incorporating Change 2 .   Since the NISPOM update adds to requirements, there is now a sixth element to the “Elements of Inspection” that are common to ALL cleared companies participating in the National Industrial Security Program (NISP).   As mentioned in the first article in the series, all should be incorporated into your customized self-inspection check list: (A) Facility Security Clearance (FCL), (B) Access Authorizations, (C) Security Education, (D) FOCI, (E) Classification, and (Y) Insider Threat . Question: Has the company appointed a U.S. citizen employee, who is a senior official, as a key management personnel (KMP) who will serve as the Insider Threat Program Senior Official (ITPSO)? NISPOM Reference: 1-202b, 1-202c, 2-104   1-202b. The contractor ...
Read more

Protecting CUI on work Computers

Image
It’s a common practice to allow employees to use enterprise computers outside of the enterprise. This has become more common where employees are increasingly working at home. Though a common practice, these occurrences are not always best practices. Anytime an employee leaves work with a company computer, the expectation is that all information is vulnerable. Malware, ransom ware “supply chain attacks”, hacking and other threats are prevalent. In many cases this can be controlled through applying NIST standards and strong cybersecurity measures. This article will focus on limiting use of loaned laptops and not on technical cybersecurity application. The organization should assign a strong risk assessment based on use prior to assigning company computers for at home use. This risk assessment should limit the information to be provided and for specific purposes. For example, if a user works on a specific project, then the laptop might only contain information for that specific use. The l...
Read more