Network Encryption from CipherOptics
 
 
 Company Overview
 Executive Team
 Board of Directors
 Executive Advisory Board
 Newsroom
 In the News
 Tradeshows & Events
 Industry News
 Trophy Room
 Press Releases
 Careers
 Solutions Overview
 Network Encryption
 MPLS Network Security
 Metro Ethernet Security
 International Data Protection
 Network Security & Data Protection
 Disaster Recovery
 Ethernet Encryption
 Point-to-Point Encryption
 Real-time & High-volume Applications
 Secure Information Sharing
 Products Overview
 CipherEngine™
 Security Gateways
 Service Offerings
 Resource Center
 Compliance Overview
 HIPAA Compliance
 Sarbanes-Oxley Compliance
 GLBA Compliance
 CA SB 1386 Compliance
 PCI DSS Compliance
 Basel II Compliance
 FERPA Compliance
 FFIEC Compliance
 ISO 17799 Compliance
 NERC Cyber Security
 Government Overview
 Government Regulations
 FISMA Compliance
 DoD 8100.2 Compliance
 NISPOM Compliance
 DCID 6/3 Compliance
 Government Security News
 10Gig Network Encryption
 Partner Overview
 Strategic Partners
 Resellers
 Technology Partners
 Become a Partner
 Partner Portal Login
 Contact Information
 Web Contact Form
 Support
 
   

Government Solutions

Government Sales
Jim Drain
1-877-258-3034
fedsales@cipheroptics.com
Ask a Quick Question

Our Customers
A few of our government customers
Accreditations
FIPS 140-2 Validated
Environmental Compliance
White Papers
Browse our collection of
white papers and learn how CipherOptics' innovative approach resolves the traditional difficulties of network encryption.
Home > Government Solutions > NISPOM Compliance

NISPOM Compliance

The National Industrial Security Program Operating Manual (NISPOM) provides baseline standards for the protection of classified information released or disclosed to industry in connection with classified contracts under the National Industrial Security Program (NISP). Chapter 8 addresses the information system security that must be in place. NISPOM was reissued February 28, 2006.

How does CipherOptics help?
CipherOptics CipherEngine enables Secure Information Sharing, which assures the confidentiality, authenticity, and integrity of data in motion on any network. Our approach to protecting both your network and your data is to deny access to everyone, permit by exception. With that as our driving force, our solutions provide you with both encryption and authentication of all your critical information.

Using powerful 256-bit AES encryption that is approved by the NSA for "sensitive" information, our security solutions authenticate networks and packets and protect data. Using the robust secure hash algorithm (SHA-1), the security gateways verify the integrity of the data, rejecting any packets that have been manipulated or altered. Secure hash can also be used to thwart unauthorized intrusion at the network level. CipherEngine's deterministic firewall feature can reject any packets that lack the proper encryption-based authentication of a trusted endpoint. This effectively turns the local network dark to all unauthenticated traffic from the outside network.

Best practice for NISPOM data security compliance requires a layered approach to network and data security. By protecting all confidential data on your network, CipherOptics is an important component of this comprehensive security strategy.

CipherOptics data protection gateways are FIPS-140-2-validated and available on government buying vehicles. They are field-proven in some of the most security-conscious networks in the world and are the preferred solution for securing high-speed IP networks by many agencies. Customers include the Social Security Administration, Department of Energy, Department of Agriculture, the U.S. Coast Guard, NASA, U.S. Army and the National Security Agency.

What does CipherOptics do?
CipherOptics is the leader in network-wide encryption. Offering an innovative policy and key management solution, coupled with high speed, low latency encryption technology, CipherOptics helps their customers mitigate the risk of data leakage, loss and theft over any network.

Who is affected by NISPOM?
The Defense Security Service administers the NISP for 23 federal agencies by providing oversight, advice, and assistance to over 11,000 contractor facilities that are cleared for access to classified information. Cleared contractors and any other company or organization that has access to classified information must comply with NISPOM.

What are the requirements of NISPOM?
NISPOM Chapter 8 ("Information System Security") outlines protection requirements for classified data (Sec. 6). Some of the relevant provisions follow:
Data Transmission (Trans). Information protection is required whenever classified information is to be transmitted through areas or components where individuals not authorized to have access to the information may have unescorted physical or uncontrolled electronic access to the information or communications media (e.g., outside the system perimeter). (8-605)
Changes to Data (Integrity). The control of changes to data includes deterring, detecting, and reporting of successful and unsuccessful attempts to change data. Control of changes to data may range from simply detecting a change attempt to the ability to ensure that only authorized changes are allowed. (8-604)
Access Controls (Access). The IS shall store and preserve the integrity of the sensitivity of all information internal to the IS. (8-606)
For data transmission, NISPOM specifies one of the protection methods to be used: "National Security Agency (NSA)-approved encryption mechanisms appropriate for the encryption of classified information."

What are the penalties for NISPOM non-compliance?
NISPOM requires contractors to report events that impact their facility clearance (FCL), an employee's personnel clearance (PCL), the ability to properly safeguard classified information, or an indication that classified information has been lost or compromised. Failure to comply with NISPOM's data security provisions could result in loss of facility clearance and jeopardize government contracts.

How do companies comply with NISPOM?
The NISPOM requirements around the handling and protection of classified information are broad. As they pertain to electronic data, NISPOM requires contractors to implement robust data security measures that protect the confidentiality of classified information on the network or over shared outside networks (data transmission). Companies must also ensure data integrity through technologies that guaranteed the information is unaltered.

Helpful Resources
Full National Industrial Security Program Operating Manual
 
Copyright 2002-2008 CipherOptics, Inc. | All rights reserved | 1-877-878-6655
Trademark and Legal Notices | Privacy Policy | Site Map