NISS SSN Justification Memo

DEFENSE SECURITY SERVICE
27130 TELEGRAPH ROAD
QUANTICO, VA 22134-2253

June 22, 2017

MEMORANDUM FOR DEFENSE PRIVACY CIVIL LIBERTIES AND TRANSPARENCY
DIVISION
THROUGH CHIEF, FOIA/PRIVACY ACT COURTNEY.STEPHANIE.J.11
86852040

Digitally signed by COURTNEY.STEPHANIE.J.1186852040
DN: c=US, o=U.S. Government, ou=DoD, ou=PKI, ou=DSS,
cn=COURTNEY.STEPHANIE.J.1186852040
Date: 2017.06.22 11:37:40 -04'00'

SUBJECT: Justification for the Use of the Social Security Number (SSN) for National Industrial
Security System (NISS)
The National Industrial Security System (NISS) is a Defense Security Service (DSS)
enterprise information system of record for contractor facility security clearances. (FCL). The
purpose, role, and responsibilities of the National Industrial Security System (NISS) are laid out
in DoD Instruction 5220.22, Volume 3, April 17, 2014, and Executive Order 12829, National
Industrial Security Program, January 6, 1993.
The Defense Security Service (DSS) is creating a new system of records, “The National
Industrial Security System”. The National Industrial Security System (NISS) will become the
repository of records related to the collection and maintenance of information pertaining to
contractor facility security clearances and contractor capabilities to protect classified information
in its possession. The DoD Information Technology (IT) Portfolio Repository (DITPR) number
for NISS is 14954. The information is utilized to determine if a company and its key
management personnel are eligible for issuance of a facility clearance in accordance with the
National Industrial Security Program Operating Manual (NISPOM) requirements. In addition,
information is utilized to inform Government Contracting Activities of contractor’s ability to
maintain facility clearance status, and to analyze vulnerabilities identified within security
programs and ensure proper mitigation actions are taken to preclude unauthorized disclosure of
classified information. The DSS is currently working with its Information Management Control
Officer to develop the 60-day Paperwork Reduction Act (PRA) notice.
Collection of full Social Security Numbers (SSNs) from non-DoD personnel is an
acceptable use of the SSN provided by DoDI 1000.30, subparagraph 2.c.(3), Security Clearance
Investigation or Verification, and subparagraph 2.c. (8) Computer Matching. The SSN is the
single identifier that links all aspects of a security clearance investigation together through
process and technical interfaces. This use case is also linked to other Federal agencies that
continue to use the SSN as a primary identifier. In addition, The NISS collects SSN of
individuals who are the culpable party of a security violation. The SSN is used to create an
incident report in the Joint Personnel Adjudication System (JPAS), as necessary. Additionally,
this retention is necessary to identify patterns of negligible behavior in individuals with security
clearances.

DSS will store all personally identifiable information (PII) electronically which has
physical controls. The records are maintained in a controlled facility in servers located within
the DSS Data Center East. Access to the records is limited to person(s) responsible for servicing
the record in performance of their official duties and who are properly screened and cleared for
need-to-know. Physical entry is restricted by the use of Security Guards, Identification Badges,
Key Cards, and Closed Circuit TV, and is only accessible to authorized personnel. Paper records
are contained and stored in regulation safes/filing cabinets which are located in a Sensitive
Compartmented Information Facility (SCIF) with limited access. Access to the NISS is
restricted by User Identification, Intrusion Detection System, Encryption, Firewall, External
Certificate Authorities, DoD Public Key Infrastructure Certificates and Common Access Card
and PIN. The DSS reviewed all of the safeguards established for the system to ensure they are
compliant with The Department of Defense (DoD) requirements and are appropriate to the
sensitivity of the information stored within the system, including the use of SSNs. The proposed
specific routine uses have been reviewed to ensure the minimum amount of personally
identifiable information shared has been established.
A copy of the draft system of records notice and privacy impact assessment for the
National Industrial Security System is attached. The records disposition is pending until the
National Archives and Records Administration (NARA) approves the disposition schedule. A
copy of the SF-115 submitted to NARA for approval in April 2017 is attached.

KAUCHER.CRAI
G.EDWIN.1032
751004

Digitally signed by
KAUCHER.CRAIG.EDWIN.1032751004
DN: c=US, o=U.S. Government,
ou=DoD, ou=PKI, ou=DSS,
cn=KAUCHER.CRAIG.EDWIN.10327510
04
Date: 2017.06.22 11:34:09 -04'00'

Craig Kaucher
Chief Information Officer
Enclosures:
Draft Privacy Act Statement
Draft System of Records Notice (SORN)
Draft Privacy Impact Assessment (PIA)
Request for Records Disposition Authority (SF-115)

2