NBIB the investigating agency has had a significant backlog over the years. Some of the most common items that can cause a delay in the expeditiousness of the investigation are foreign contacts/involvement/travel, criminal history, financial problems, and drug/alcohol usage.

Each Intelligence Agency only has a certain number of designated individuals that process reciprocity requests. The limited amount of resources coupled with the requirement to review the investigation completed by the originating agency can cause a reciprocity request to take up to 90 days.

Fingerprints can be required if you have had a 2 year lapse in your security clearance access, a re-investigation is needed due to an incident report, or it is an initial investigation. Fingerprints taken for security clearances are not transferred to other agencies for other security clearances.

Your eligibility may remain in the system of record so long as you are within scope on your investigation while only being indoctrinated at the Secret level.

Once logged into Security Control, from the Employee Portal click on MY REQUESTS AND REPORTS found on the left side panel. From there you can select the specific type of incident report you need to file.

The best way to report new hires to us is by using the Quick Request/Actions button in the upper right of the Main Page of the Employee Portal. When you click on that button you will see a number of options available to include the Report New Hire.

The first item you need is a DD254 (contract) issued by a Prime Contractor or Government Customer. If you have a DD254 issued by the Prime Contractor, they must have the Government Customers concurrence to sponsor your facility clearance. The DD254 and the Sponsorship Request shall be initially submitted by the sponsoring organization via NISS.

Not on an individual basis but most (but not all) of the notifications can be turned off company wide needed

The Client Manager role allows us to customize the permissions for users, however, to view personnel records we do require that the user have at least an Interim Secret clearance.

We currently only provide logins to cleared personnel, however, a company can keep records on uncleared employees if they chose as well but they do not receive a login.

On-site: We do the fingerprinting electronically. You may come to our office located at 250 Exchange Place, Suite E Herndon, VA. 20170 (Located near Dulles Airport).

Off-site: If you are not located in the Northern Virginia area, for fingerprinting you can go to a local Police Department or Sheriff’s office and get fingerprinted. After you get fingerprinted please visit our web site: www.dodsecurity.com to place the order online. Select the “I will mail in my fingerprint cards”.

Electronic submission: If you have had your fingerprints electronically done by an organization that does not have the capability to submit through SWFT to OPM, You can request that they send you the file and you can go to our web site and select the “I will Electronically submit an EFT and upload the file”.

Please visit our web site: www.dodsecurity.com to place the order online. Under services select the tab for SWFT Fingerprinting Services. Select the click here box as shown below:

Fingerprinting Now

The quickest way to tell if compliance is a requirement of your contracts is to look for the DFARS clauses governing the protection of CUI in your contracts. They are:

– DFARS 252.204-7012

  • Requirement for NIST 800-171a Compliance


– DFARS 252.204-7019

  • Requirement to submit self-assessment score for NIST 800-171a to the SPRS database

– DFARS 252.204-7020

  • Requirement for contractors to have an SSP (System Security Plan) and a self-
    assessment score no more then 3 years old

– DFARS 252.204-7021

  • Contractor must be CMMC certified to the level specified by the contract at the time of
Unfortunately not, but this is a common misconception. CMMC is not the requirement to meet the NIST 800-171a compliance standard, CMMC is the requirement that contractors must be assessed and certified by a third-party. The requirement to be compliant with NIST 800-171a was instituted with DFARS 252.204-7012 which went into effect on December 31 st , 2017.
Possibly, but you will want to make sure that a FULL assessment was done. This process would take a few weeks minimum and would review all 110 controls required. More then likely you would end up with a POAM (Plan of Action and Milestones) as a remediation plan for any missed controls.
A fair question as, historically, governance on the submission of compliance attestations has been few and far between but that’s changing. Yes, CMMC is coming which will require a thorough check by a third-party to confirm your compliance, but the DoD isn’t waiting for that. Recently “5 Day Audits” were begun on select contractors submitting to the SPRS database. The DoD’s initial findings showed that a majority of company’s actual posture did not meet their submitted score, which has caused audit efforts to ramp up.
No. Compliance is a multi phased approach which covers all aspects of your IT infrastructure and internal processes. ISI has engineered a security stack and remediation approaches to simplify the path to compliance as much as possible.
Unfortunately, not, but we can do the bulk of the heavy lifting. Compliance includes the processes and procedures that govern your business so there will always be some responsibility on the end user. Furthermore, maintaining compliance requires buy-in from your staff to ensure compliant policies and procedures are followed.
No. While proper security and meeting compliance usually involves changing some of your current processes, ISI strives to help it’s clients meet compliance with as little detriment to their current way of being as possible. Some things, like MFA and complex passwords, are unavoidable to stay safe in today’s world but we will work to ensure the implementation of these processes is as smooth and pain-free as possible.