Institutionalizing Compliance

Security Compliance

We provide tailored solutions to help defense contractors meet compliance requirements under:

• FOCI Mitigation
• ITAR / EAR
• NISPOM
• National Security Presidential Memorandum (NSPM-33)

Foreign Ownership Control and Influence (FOCI) Mitigation

Under FOCI, DCSA provides requirements contractors must adhere to demonstrate FOCI mitication. These include committees, directors, agreements and more. We have experience with acting on your behalf to implement FOCI Mitigation.

ITAR/EAR/NISPOM

It’s not enough to be NIST or CMMC compliant or certify information systems for processing CUI and classified information. Contractors are still required to identify, mark, document and protect the information that resides on the controlled systems. That’s our expertise. We have years of experience writing and executing tailored programs for our clients to implement.

• Conduct risk based required self-inspections
• Develop and conduct required training
• Develop and implement required plans / programs:
  • Personnel Security
  • Public Trust
  • Classified
  • Controlled Unclassified
  • Insider Threat
  • Export Controlled
  • Technology Controls
• Identify, mark and document sensitive information
• Define basic / applied research

NSPM-33

There is an increasing need to protect U.S-funded scientific research from undue foreign influence, including exploitation of the open university research environment and intellectual property theft.

We could assist in a few ways:

• Develop a program
  
• Execute the program
  
• Provide training for those who work the program
  
• Write policies and procedures

The benefit is that universities would confidently perform government research and do so in a way that foreign students can participate and government information will be protected.

Proposal Specific Protection Plan (PSPP)

SBIRs, BAAs and other efforts require a Proposal Specific Protection Plan (PSPP) as part of a response; no plan, no award. We are experienced in writing protection plans accross the DoD and their defense contractors. Choose us to work with and get your PSPP prepared for submission and fine tuned once awarded.

From the PSPP requirement:

The following five sections are required to address these requirements, and provide an iterative record of risk management over the program’s lifecycle:

• Introduction, Updates, and Responsible Points of Contact (POCs)
• Technology Element Identification and Impact Assessment
• Identified Threats and Vulnerabilities
• Countermeasures and Risk Mitigation Plan
• Response, Recovery, and Support

Visit our sister company for FSO books and training products.