Introduction to Industrial Security IS011 v4 Student Guide
DOD Delegation of Security Cognizance
As you just learned, the DOD is the largest of the CSAs, and it delegates security
cognizance to DCSA as its CSO.
As the CSO, DCSA administers the NISP; provides security guidance, oversight, and policy
clarifications; and conducts periodic security reviews to ensure adherence to the NISPOM
and contract guidelines.
DCSA is responsible for the oversight of all NISPOM requirements. Some of the more
common security elements that DCSA oversees as CSO include: storage of classified
information; visit procedures; security awareness and training; procedures for protecting
classified on Information Systems, or ISs; Personnel Security Clearances, or PCLs, for
employees working on classified contracts; any changes in ownership, management, or
foreign involvement; and compliance with reporting requirements.
Security Cognizance Considerations
DCSA oversees U.S. cleared contractor facilities participating in the NISP. Some of these
companies access classified information at their own facilities and some access classified
information at another cleared contractor or government or agency site. Regardless of
where their access takes place, all cleared contractors must follow the applicable security
procedures, as documented in the NISPOM.
DCSA might not have security oversight for classified contract work being performed on a
government installation. Those contracts may have different requirements from classified
contract work performed at the contractor’s own cleared facility or at another cleared
contractor site, and contractors working on government installations or agency sites must
follow all standard operating procedures for the installation or agency. These procedures
may be more restrictive but should never be less restrictive than what the NISPOM requires,
must be clearly outlined in the contract, and are typically established and overseen by the
installation commander, who has security cognizance in accordance with DOD 5220.32,
Volume 1. The installation commander or head of the User Agency, or UA, can request in
writing that DCSA assume cognizance.
Note that if the contractor is performing entirely unclassified work on a military installation,
DCSA is not involved, although in some cases, additional security requirements may appear
in the contract.
Finally, note that when cleared contractors work on a Special Access Program, or SAP, the
Program Manager may retain some of the CSO’s responsibilities.
Information Systems Security
Classified Information Systems, or ISs, can be important assets with significant implications
for national security. Many store large amounts of valuable information and need continuous
July 2022 Center for Development of Security Excellence Page 5