Institutionalizing Compliance

Security Compliance

We provide tailored solutions to help defense contractors meet compliance requirements under:

  • FOCI Mitigation
  • ITAR / EAR
  • NISPOM
  • National Security Presidential Memorandum (NSPM-33)

Foreign Ownership Control and Influence (FOCI) Mitigation

Under FOCI, DCSA provides requirements contractors must adhere to demonstrate FOCI mitication. These include committees, directors, agreements and more. We have experience with acting on your behalf to implement FOCI Mitigation.

ITAR/EAR/NISPOM

It’s not enough to be NIST or CMMC compliant or certify information systems for processing CUI and classified information. Contractors are still required to identify, mark, document and protect the information that resides on the controlled systems. That’s our expertise. We have years of experience writing and executing tailored programs for our clients to implement.

  • Conduct risk based required self-inspections
  • Develop and conduct required training
  • Develop and implement required plans / programs:
    • Personnel Security
    • Public Trust
    • Classified
    • Controlled Unclassified
    • Insider Threat
    • Export Controlled
    • Technology Controls
  • Identify, mark and document sensitive information
  • Define basic / applied research

NSPM-33

There is an increasing need to protect U.S-funded scientific research from undue foreign influence, including exploitation of the open university research environment and intellectual property theft.

We could assist in a few ways:

  • Develop a program
  • Execute the program
  • Provide training for those who work the program
  • Write policies and procedures

The benefit is that universities would confidently perform government research and do so in a way that foreign students can participate and government information will be protected.

Proposal Specific Protection Plan (PSPP)

SBIRs, BAAs and other efforts require a Proposal Specific Protection Plan (PSPP) as part of a response; no plan, no award. We are experienced in writing protection plans accross the DoD and their defense contractors. Choose us to work with and get your PSPP prepared for submission and fine tuned once awarded.

From the PSPP requirement:

The following five sections are required to address these requirements, and provide an iterative record of risk management over the program’s lifecycle:

  • Introduction, Updates, and Responsible Points of Contact (POCs)
  • Technology Element Identification and Impact Assessment
  • Identified Threats and Vulnerabilities
  • Countermeasures and Risk Mitigation Plan
  • Response, Recovery, and Support

Visit our sister company for FSO books and training products.

Security Compliance

We provide tailored solutions to help defense contractors meet compliance requirements under:

  • FOCI Mitigation
  • ITAR / EAR
  • NISPOM
  • National Security Presidential Memorandum (NSPM-33)

Outsourced FSO Solutions

It’s not easy to understand the requirements for becoming a cleared defense contractor or for newly cleared companies to navigate security clearance requirements.

Security Policy Analysis

It’s not enough to be NIST or CMMC compliant or certify information systems for processing CUI and classified information. We will review your corporate policies, make recommendation, write new policies or develop programs to ensure your organization is compliant.

System Security

More and more, contract language requires the contractor to conduct tasks in support of Program Protection Plans (PPP) and develop Program Protection Implementation Plans (PPIP).

Contact us @ jb@thriveanalysis.com

Services

What We Can Do For You

Our specialty is our capability to interpret requirements and how they should be implemented for your unique situation. We apply program protection, write and tailor processes, procedures and policies so that they will fit within the constraints of your enterprise.

Your enterprise is made up of many moving parts and business units, but none should stand alone. We believe each requirement should be part of the corporate body and not a stove piped solution. We conduct analyses for entity wide application so that burden and opportunities are shared:

  • Corporate Policy
  • Program Protection Planning
  • Supply Chain Risk Management
  • Criticality Analysis
  • OPSEC Analysis
  • Security Classification Guidance
  • NISPOM Compliance

Program Protection Planning

Supply Chain Risk Management (SCRM)

Criticality Analyses

NISPOM Compliance

Processes and Procedures

Cyber-SCRM