National Industrial Security Systems (NISS)

The National Industrial Security System (NISS) is a core program element within the Defense Counterintelligence and Security Agency (DCSA) budget, designed to support the oversight and protection of classified information and critical technologies across the Defense Industrial Base (DIB). NISS is integral to DCSA's mission, which includes overseeing thousands of cleared companies, contractor facilities, and classified systems under the National Industrial Security Program (NISP). The system aims to ensure that classified U.S. government information and technologies are safeguarded from unauthorized access and foreign influence, leveraging advanced technologies and innovation to maintain America's strategic edge.

A primary objective of NISS is to serve as the system of record for facility clearance (FCL) information and to manage oversight documentation for contractor facilities participating in the NISP. The system enables DCSA to assess and mitigate risks related to Foreign Ownership, Control, or Influence (FOCI), providing a centralized repository for DD-254 forms and supporting compliance with acquisition security reforms as outlined in Public Law 116-92, Section 847 of the FY 2020 National Defense Authorization Act (NDAA). By consolidating these functions, NISS enhances the transparency and efficiency of security oversight for both cleared and uncleared industry entities.

NISS is being developed as a multi-level classification system, with the goal of providing DoD-wide visibility of relevant intelligence, threats, and communications across the Non-classified Internet Protocol Router Network (NIPRNet), Secure Internet Protocol Router Network (SIPRNet), and Joint Worldwide Intelligence Communication System (JWICS). This capability will enable near-real time threat awareness and identification of non-compliance vulnerabilities. It also improves communication and coordination between field and headquarters personnel responsible for security oversight, counterintelligence, and cyber threat mitigation.

The program's research, development, test, and evaluation (RDT&E) efforts in FY 2025 and FY 2026 focus on cloud modernization, integration of artificial intelligence and machine learning (AI/ML) capabilities, and enhanced data management for risk assessment. Planned improvements include the deployment of a Minimum Viable Product (MVP) for NISS cloud modernization, integration into the COS cloud environment, and development of AI/ML-enabled analytic tools to support risk identification and mitigation. These enhancements are designed to provide enterprise-wide views and links to critical supply chain data, supporting oversight, compliance, and counterintelligence reporting for ongoing classified program protection efforts.

Additionally, NISS will incorporate workflows and tools to support continuous entity vetting, utilizing a mix of open and classified sources to assess risks to NISP companies and government data stored in IT systems under DCSA's cognizance. The system will also expand data sources to include feeds from the DoD Advancing Analytics (ADVANA) platform, eMASS, SAM.gov, and the Procurement Integrated Enterprise Environment (PIEE), enabling interoperability with other government systems and reducing operational complexity. These capabilities will support the Under Secretary of Defense for Research and Engineering and the Under Secretary of Defense for Acquisition & Sustainment in making more secure decisions about unclassified acquisition, research, and grants.

The NISS Increment 2 (NI2) initiative, scheduled for FY 2025 and FY 2026, will deliver the initial FOCI capabilities required by the NDAA and Defense Federal Acquisition Regulation Supplement (DFARS), hosted in a cloud operational environment. This release will demonstrate enhanced risk-related analytic capabilities and improved user interfaces for DCSA and Defense Security personnel. It will also provide a common operating picture of risk, vulnerability, and threat reporting across the NISP. The program's end state is the merger of all relevant applications into a single, integrated NISS platform, supporting the continuous delivery of secure, automated IT capabilities for the DCSA Industrial Security Directorate.