We provide Fractional FSO support and help companies build NISPOM compliant programs. See positive results in 30 days.
We are easy to talk to. Just press the button.
We Make Heroes Out Of FSOs With FSO Support
- While others do everything for you, we provide FSO support and train you to do it yourself with AMAZING results.
- We will perform FSO support as Alternate FSO. Your FSO will be equipped to meet NISPOM requirements.
- We will train your FSO and security teams. While we perform FSO tasks, we train your FSO to comprehend and prepare for DCSA reviews.
- We write your tools, processes and procedures that make FSO tasks run smoothly.
DCSA Reviews Are Awesome with Our FSO Support
We train our clients to not only pass reviews, but meet Gold Standard Criteria and earn:
- Commendable Ratings
- Superior Ratings
We Provide FSO Support and Understand NISPOM Compliance
Defense contractors entrusted with classified information must meet stringent requirements under the National Industrial Security Program Operating Manual (NISPOM), now codified in 32 CFR Part 117. Thrive Analysis offers expert, end-to-end support to help your organization achieve, maintain, and demonstrate full NISPOM compliance—reducing risk, strengthening readiness for DCSA assessments, and enabling continued eligibility for classified contracts.
Our approach blends deep regulatory expertise with practical, operational experience. We build programs that not only pass audits but also function smoothly within your organization’s daily operations.
Objectives – Our NISPOM compliance consulting engagement is designed to:
- Achieve and maintain full compliance with 32 CFR Part 117
- Prepare your program for successful DCSA Security Vulnerability Assessments (SVAs)
- Establish a complete, documented security program aligned with NISPOM requirements
- Strengthen insider threat, reporting, and continuous monitoring capabilities
- Support Facility Clearance (FCL) and Personnel Clearance (PCL) processes
- Ensure your leadership and workforce fully understand their responsibilities
We understand the challenges and have worked in all situations and face new ones daily. Those with whom we have worked benefit from experienced FSO to guide them. They’ve reduced the risk of doing everything themselves and potentially falling behind in security clearance requests, and not doing well during DCSA reviews. We solve these problems and concerns.
We provide outsourced FSO, Foreign Ownership Control and Influence, Outside Director and CUI program consulting and services. I manage your clearances and prepare you for the DCSA review and you get the peace of mind knowing all is taken care of as you manage your company.
Scope of Services
Ongoing Outsourced FSO & Security Program Support
-
Fractional or outsourced FSO services
-
Monthly monitoring, reporting, and incident support
-
Updates to policies as NISPOM requirements evolve
-
Support for security investigations, violations, and adverse information reporting
- Includes all services listed below
Deliverable: Continuous compliance and expert on-call support
1. Comprehensive NISPOM Gap Analysis
-
Full review of your current security program, processes, and posture
-
Assessment of personnel, facility, cyber, and classified material protections
-
Evaluation of reporting workflows, training, and insider threat program
- Deliverable: Gap analysis review and recommendations
2. FCL & PCL Support
-
Guidance through FCL sponsorship and DCSA onboarding
-
Development of required documentation (KMP lists, exclusions, e-FCL data)
-
Support for clearance initiation, maintenance, and NISS/DISS/NBIS maintenance
-
Deliverable: Complete clearance documentation package
3. Customized NISPOM Security Program Development
We develop or refine all core components of a compliant security program:
-
Standard Practice Procedures (SPP)
-
Insider Threat Program (ITP) & annual working group documentation
-
Self-inspection plan and reporting workflows
-
Security training and annual refresher programs
-
Classified information protection procedures (storage, marking, transmission, destruction)
Deliverable: Turnkey NISPOM-compliant security program
4. DCSA Assessment Preparation
-
Mock assessments aligned with current DCSA methodology
-
Documentation cleanup and alignment to DCSA expectations
-
Pre-assessment training for FSO, ITP Working Group representatives, and leadership
-
Support drafting corrective actions and post-assessment reporting
-
Deliverable: Assessment readiness kit & leadership briefing
Approach
Collaborative
We work directly with your leadership, FSO, and staff to ensure compliance is smooth, practical, and minimally disruptive to operations.
Risk-Based
Rather than treating NISPOM compliance as a box-checking exercise, we emphasize genuine risk reduction, insider threat awareness, and proactive reporting.
Assessment-Ready
Everything we deliver is designed to withstand DCSA scrutiny and ensure you are fully prepared for your next security review.
Deliverables Summary
Your engagement will include:
-
NISPOM gap analysis report
-
Prioritized remediation plan
-
Updated or newly created SPP and policy documents
-
Complete insider threat program documentation
-
Training materials & employee briefings
-
Mock assessment findings & corrective action guidance
-
Continuous or on-demand support options
Investment
Pricing depends on organization size, clearance level, scope, and support needs. Options include:
-
Fixed-price compliance engagement
-
Monthly retainer for outsourced FSO services
-
Hourly or project-based consulting
A tailored pricing sheet can be provided upon request.
Why Thriveanalysis
-
Deep expertise in industrial security and NISPOM compliance
-
Experience supporting defense contractors, universities, and R&D organizations
-
Clear, practical communication with leadership and staff
-
Proven track record preparing clients for successful DCSA assessments
-
Commitment to building sustainable, audit-ready security programs
Conclusion
Thrive Analysis is committed to helping your organization build a secure, resilient, and fully compliant NISPOM security program. With our guidance, you will be prepared to meet all requirements under 32 CFR Part 117 and succeed in your mission supporting national security.
We welcome the opportunity to partner with you.
Variable Monthly Rate Packages for NISPOM Compliance Consulting
Thriveanalysis offers flexible monthly packages designed to match the evolving needs of organizations operating under the National Industrial Security Program (NISP). Each tier provides scalable support—ranging from essential compliance oversight to fully outsourced FSO services—ensuring you only pay for the level of assistance you actually need.
1. Essential Compliance Support (Tier 1)
Best for: Organizations with a mature program that only need periodic oversight.
Includes:
-
Provides day to day support for DYI FSOs – Up to 10 hours/month of compliance consulting and FSO support
- PCL initiation/maintenance, NBIS/DISS/SEAD-3 tasks
- Construct FSO Workbook
- Prepare for DCSA Security Review
- DISS and NBIS input
-
Support handling adverse information, change conditions, and incident reporting
-
Development and maintenance of annual training
-
Manage FCL and PCL actions
-
Write and review of SPP, ITP and SEAD-3 Policies and Procedures
-
Email and phone support for day-to-day questions
-
Conduct self-inspections
-
Alerts on NISPOM/32 CFR 117 updates and required policy adjustments
Outcome: Maintains baseline NISPOM compliance and ensures you remain assessment-ready with minimal cost.
2. Enhanced FSO Advisory Services (Tier 2)
Best for: Organizations with an active FCL requiring regular reporting and DCSA engagement.
Includes:
-
All the above plus:
-
Up to 25 hours/month of dedicated support
-
Monthly security program health check
-
Insider Threat Working Group preparation and documentation
- Complete annual training, briefings, and self-inspection execution
-
Pre-assessment preparation and post-assessment corrective action support
-
Drafting and maintaining all required NISPOM documentation
- Build security team and provide NISPOM and FSO training
Outcome: Strengthens your program’s reliability, reduces administrative burden, and ensures continuous compliance.
3. Fractional FSO Services (Tier 3)
Best for: Organizations without a full-time FSO or those wanting to outsource or add part time support.
Includes:
-
Up to 40–60 hours/month of senior-level FSO support
-
Acting FSO support, including KMP updates and DCSA communication management
-
Full oversight of insider threat program and reporti
Outcome: A turnkey, outsourced FSO capability—ideal for small to mid-sized cleared organizations.
4. Full-Service Security Program Management (Tier 4)
Best for: High-volume or high-risk cleared organizations with heavy compliance requirements.
Includes:
-
Unlimited support of the above and the following within reasonable operational limits (or a custom high-hour cap)
-
Full management of all NISPOM functions, including:
-
Insider Threat Program
-
Classified processing oversight
-
Training program development & delivery
-
-
Monthly executive briefings
-
Priority-response support for urgent issues or rapid policy changes
Outcome: A fully managed, audit-ready, continuously improved security program with enterprise-level support.
Let me train your FSO and security Team
It’s simple to get started with my three step plan:
1. Consultation to learn about your company and ask questions about your clearance issues and see if there are any FOCI mitigation requirements
2. Discuss solutions and send a proposal
3. Get started on the recommended solution
Did You Know You Can Delegate?
Did you know that many cleared defense contractors struggle with identifying, resourcing and equipping their Senior Management Officials (SMO), Facility Security Officers, (FSO), and Insider Threat Program Senior Officials (ITPSO)? There are myriad tasks and requirements that, while noted in the NISPOM Rule, are not intuitive.
- Training requirements are vague
- So many databases to maintain
- Lack of clarity on how to demonstrate compliance
- Fear of not meeting requirements and missing deadlines
- Losing billable hours to meet FSO and NISPOM tasks
- Lack of redundancy or delegation of tasks
Let me ask you a few questions:
1. If your FSO went on vacation, retired, or quit, who is the back up?
We are your backup
2. Is there an employee who has redundant access to DCSA databases?
We are your redundancy
3. What schedule is your cleared employee training occurring?
We will develop your training program and help you implement on a recurring basis
4. When is your self-inspection certification due for upload in NISS?
We perform your self inspection and train your employees to do so
There are so many responsibilities and we can bear them with you as we guide you through NISPOM compliance.
Non-compliance can result in many risks including:
- Facing penalties for non-compliance
- Losing contracts
- Experiencing unnecessary stress and confusion
Navigating the requirements of NISPOM compliance and FSO capabilities is daunting, but also our pleasure. So many places to go, so many people to speak with, so many DCSA databases to register with. NISPOM compliance requirements can leave you feeling overwhelmed. You shouldn’t have to struggle with compliance on your own. Don’t risk penalties due to non-compliance or struggle with continued confusion about NISPOM requirements.
After all, your newly appointed employee or senior manager may not be security professionals, but are continuously putting out NISPOM compliance fires such as training, policies, procedures, self inspections, audits, visits, foreign travel reporting and on and on.
If you team with me, you get the benefit of a security professional at less than 1/2 FTE.
We Set You Up For Success
Thrive Analysis Group knows NISPOM and FSO requirements. After teaming with us, you can see positive results in the first 30 days. Hiring us will allow you to thrive in the following ways:
- Feel secure and compliant with confidence in your audits!
- Elevate your employees’ understanding of compliance.
- Safeguard your contracts and reputation
We want to be your solution set. Our processes and procedures provide you with the confidence you need to demonstrate worry free compliance. If you’re facing compliance challenges, using our resources is the right step forward.
We understand the critical nature of your role as a Facility Security Officer (FSO), and we’re fully committed to providing the support you need across all areas.
We apply our proprietary process to perform the following:
o FSO Workbook – This is your survival tool and includes artifacts that demonstrate NISPOM compliance and inspectable during DCSA reviews
o Self-inspection process – This is your health check and crosswalks with the FSO Notebook. This is a DCSA requirement and we run this for you to provide a snapshot of your security program.
o Gold Standard Criteria – This makes up your war stories or bragging rights. Where the DCSA review asks yes and no questions, this tool allows you to provide a narrative and may raise your rating to commendable or superior.
Our team is prepared to perform key tasks:
o Establish an FSO Workbook: Addresses critical NISPOM areas, DCSA requirements and demonstrates your compliance. this notebook is a secret ingredient to confidently addressing requirements and demonstrating compliance.
o Security Clearance Processing: We process security clearance requests and tasks, ensuring the thorough collection, review, and verification.
o Personnel Security Records Maintenance: We maintain personnel security records and databases with an emphasis on quality assurance, and up-to-date recordkeeping.
o Self-Inspection Support: We begin with a self-inspection when you bring us on and annually thereafter, ensuring all security requirements are reviewed and met effectively.
o Security Education, Training, and Awareness Programs: We develop and provide required training and awareness initiatives that keep all personnel informed and compliant with security practices.
o DoD Contract Security Classification Specifications (DD Form 254) Management: We interpret and apply requirements found in DD Form 254s.
o Industrial Security Troubleshooting and Reporting: We are here to verify essential report preparation and provide troubleshooting support for industrial security issues, as well as assist in addressing inquiries from government agencies and company management.
A Few More Package Options
FOCI Mitigation
Let us manage your FOCI mitigation. We have experience solving tough Foreign Ownership Contrl and Influence. problems. Don’t let FOCI keep you from NISPOM compliance. Here’s what we can do:
- Interpret and implement DCSA requirements
- Manage your security council
- Write and inspect effectiveness of:
- Special Security Agreements or Security Control Agreement
- Technology Control Plan
- Affiliate Operation Plan
- Quality Management Plan
- Serve as Outside Director and Chair Government Security Council
CUI Program
Let us build your CUI skill set and operate it for you. This solution provides a new capability as well as meet CMMC requirements. We will manage or facilitate your CUI requirements that meet CMMC compliance. We provide the following:
- Tools, training and processes for CUI identification, marking, and protection
- Provide employee and leadership CUI training
- Lead CUI working groups
- Supervise CUI program construct
- CUI tools and training
- CUI Self-Inspection Program
- Public Release Review Process
- CUI training
- Run, analyze and document CUI tools and information
- Integrate CUI program into other program areas:
- Contracts
- QA and other audits
- Facilitate CUI table tops
So, how do you think you are doing? Take this 10 question assessment to evaluate your security program and see where you stand
Our Media and Industry Engagement
We are also engaged in with:
- Newsletters
- Podcast
- YouTube Videos
Rich History of FSO Professional Development
Our owner, Jeff Bennett, ISOC, ISP, SAPPC, SFPC has a rich history of authoring books, developing training and providing FSO professional development opportunities. You can see his books and more at https://www.NISPOMCentral.com
So, how did you do? Did you achieve NISPOM compliance, learn anything new about FSO competence or your program? If you do need additional help or you want to take advantage of having a knowledgeable NISPOM subject matter expert on your team, please reach out. Here are three easy steps to NISPOM compliance
- Contact us using the form below
- Set up a meeting time
- Hear us out
After that, you are on your way to compliance. We will help you reach for a commendable rating during your next DCSA review.
We want you to succeed, so we have developed a presention that explains the DCSA grading and the FSO Workbook and how they work together.
Contact us for a Quote
Thrive Analysis Group (TAG) is a Service Disabled Veteran Owned Small Business (SDVOSB). With Many Other Capabilities:
Company Overview:
Thrive Analysis Group Inc is uniquely positioned to equip DoD agencies and prime contractors with program protection, technology protection, cybersecurity, information security and NISP compliance.
Cybersecurity Services Include:
- Cyber Tabletops
- Analyze system for cyber vulnerabilities
- Define mission critical functions
- Determine impact to system
- Recommend courses of action to mitigate vulnerabilities
- Develop a Mission Based Cyber Risk Assessment that follows DoD instruction and policies.
Technology Protection Services include:
• Program Protection Plans
• Criticality Analyses and CPI Assessments
• Supply Chain Risk Management
• Technology Protection and Training
• Security Specialist Placement
Security and protection services include:
• Insider Threat Program
• CUI Program
• Self-Inspection
• NISPOM Required Training
• Security Program Risk Assessments
• Establishing Facility Security Clearances
• OPSEC Plans
Codes Etc:
CAGE: 9BBQ4
NAICS:
• 541990 All Other Professional, Scientific, and Technical Services
• 541614 Process, Physical Distribution, and Logistics Consulting Services
• 541690 Other Scientifi c and Technical Consulting Services
• 541611 Administrative Management and General Management Consulting Services
• 611430 Professional and Management Development Training
Differentiators:
• Army, civilian and contractor experience
• SCRM processes adopted by DoD
• Facilitating Technology Protection Working Groups
• Building technology protection framework
Past Performance
• Program Protection Planning, Guidance and Development
• Program Protection Training
• SCRM Process Development
• Critical Functions Analyses
• Security Clearance and NISPOM Consulting
• Cyber Table Top Facilitation
• Supply Chain Mapping and Illumination
Employee and Company Performance History:
• AMCOM
• Major PEOs
• DEVCOM AC
• ASA (ALT)
• MDA
• AMC
• TACOM
• AVMC
Thrive Analysis Group does not reveal client associations. However, we do have clients all over the United States, from sea to sea.
Partner with leaders in technology protection
Learn more about our services
Thrive Analysis Group Inc. Gives
Thrive Analysis Group Inc gives to local and international charities. By becoming a client, you are helping us give. Our giving is in gratitute to our customers and based on our income before expenses:
- 30% of monthly income
- 100% of first payment from montly customers