Saturday, January 27, 2018

Printers and Copy Machines are Information Systems

This article continues the series covering the Self-Inspection Handbook For NISP Contractors and guidance found in the National Industrial Security Program Operating Manual (NISPOM) Incorporating Change 2. 

Contractors depend heavily on reproducing, printing, or otherwise providing hard copy documents as contract deliverables or work products. Printers, copiers, and fax machines now have memory storage and are more information systems by nature than just “copy machines”. The NISPOM has been updated to address how to use and categorize equipment with storage capability.

Question:
Does the equipment used for classified reproduction have any sort of memory capability? If yes, the equipment may require accreditation as an Information System (IS).

Answer: 
The concern is that unless a copier with storage capability is treated as an Information System classified information residing in the storage could be at risk if improperly disposed of. According to the Self-Inspection Handbook for NISP Contractors, any reproduction device that has memory storage may have to be accredited as an Information System.
In many classified environments, hundreds of thousands of pages of reports are printed to meet contractual requirements in the printer's lifetime. Test data, program presentations, critical design reviews, statements of work, period of performance reports, are but a few sensitive documents subject to reproduction. These days, date is commanded to be sent from the drive of one classified computer to the printer, copy machine, or fax machine only to be stored on their drive. Over the years, this information can collate into quite a voluminous library of intimate programmatic details. The good news is that it is protected inside of a classified environment and many facility security officers understand very well how to protect classified information systems.

However, for the uninitiated, a little more training may be required. The understanding that a printer is simply an intellectually dumb machine passively making copies is what the Defense Security Services is attempting to impact. Some are familiar with tales of investigative journalists procuring recycled copy machines and printers only to access the hard drives. Years of sensitive government and personal information were surprisingly revealed as a demonstration of just how foolish it was to recycle these machines without destroying for wiping the hard drives.

Any machine that processes classified information and has storage or memory capability should be considered an information system and therefore accredited prior to use. The accredited system and components will now come under more scrutiny and accountability to prevent improper disposition.


Validation:
Inspect and inventory all printers, copiers, fax machines and other office equipment that process classified and sensitive information.
Review accredited IS against the inventory of office equipment and ensure qualifying systems and components are included in the accreditation.
Develop a plan that identifies and demonstrate future disposition of items no longer required (destruction, recycling, etc.)

Ensure cleared employees understand the information system requirements through training and briefings.

For more security ideas, training, and books, visit www.redbikepublishing.com

Wednesday, January 10, 2018

Debt and Your Security Clearance

Debt and Your Security Clearance

By: Jeffrey W. Bennett, SAPPC, ISP
Bad decisions affect the ability to get a security clearance. When it comes to financial mistakes, those bad decisions can linger for years to come. There are many life situations that can cause debt, that are of not fault of the debtor. Some of these situations include military deployment, relying on others to manage finances, finicky housing markets, and bad investments. Those who suffered under massive debt after the housing market burst asked, “How will my bankruptcy impact my clearance?” A quick study of security clearance decisions can provide an answer.
Adjudicative Guideline F; Financial addresses when a person lives above their means or fails to pay debts. They could exhibit poor self-control, lack of good judgement, or just show lack of willingness to follow to rules and regulations. This behavior raises questions about loyalty, reliability, and ability to protect classified information. Here are five specific examples of financial issues resulting in clearance denial or revocation.

I Just Don’t Pay Taxes

Applicant’s debts include failing to pay federal and state taxes and required child support. The unpaid taxes were incurred when the applicant failed to file income tax returns in a timely fashion for many years.
Though the applicant states he is trying to pay debts, he could not provide evidence of responsible behavior, nor could he provide copies of signed tax returns. Additionally, though he has agreed to repay his federal tax debt he has not provided evidence that he is in compliance with the plan. Clearance denied.

Multiple Deployments to a Combat Zone

An applicant owed thousands to the federal government for several years of unpaid taxes. Though the federal tax payments were deferred while he served, the state taxes were not. Though he claims to have paid his debt, he couldn’t show proof. Additionally, he and his wife chose to pay their children’s college tuition instead of the tax debt.
The applicant was denied a security clearance because of his bad decision to prioritize other payments above his obligation to the taxes he owed.

The Housing Bubble Popped

The applicant had almost a million dollars in delinquent debts that he attributed to the housing market crash. Though he owned several pieces of property they were valued lower than when he purchased them.
The applicant filed bankruptcy, but then decided to cancel and sold a house to pay off some of his debts. His debts include time share accounts, a home equity loan, and credit cards.   Some of the debts were resolved through debt forgiveness and some were paid or settled for lesser amounts.  However, the applicant failed to show that he had resolved two of the credit card debts.
The judge ruled against the applicant. Having debts forgiven is not the same as personally paying the debts. The applicant also showed poor judgment in many of his financial decisions. The applicant had not had effective financial counseling and there are no clear indications that his problems are under control.

Temporarily Unemployed

The applicant traces his financial difficulties to his having a disagreement with his supervisor and leaving his job, thinking that he could do better, but was not able to find good work. He got behind in his bills.
Though he eventually found work, he did not follow a plan to repay his debts and continued to acquire more debt. As a result, he failed to sufficiently mitigate the security concern and was denied a clearance.

If I Ignore It, It Will Go Away

Applicant held a significant and tardy debt to the U.S. Department of Education (USDE) for two student loans. He chose not to repay these debts, hoping that it “would just go away”.
Eventually he made arrangements to start paying off this debt when he “decided it was not going to go away.” He also knew that he had to get his “finances straight” because of his “job and security clearance”.
Additionally, the applicant had an unpaid phone bill and ignored payments for over a year until he made arrangements to pay those debts. However, in the SF86 he responded “no” to the question, “Are you currently over 90 days delinquent on any debt(s)?” He also failed to provide a list of debts. Clearance denied.

Takeaway: Live Within Your Means and Seek Help

Though unexpected significant life and market changes can affect your financial situations, it does not always impact your security clearance. In many cases those who were in sudden significant debt due to no fault of their own, but lived within their means, attempted to pay the debt, and sought debt counseling were granted clearances.  Those who ignored the debt and lived beyond their means were not granted clearances.
Read the full article here

Could Drinking Cost a Security Clearance?

Could Drinking Cost You a Security Clearance?
By: Jeffrey W. Bennett, SAPPC, ISP
Alcohol consumption is one of the 13 adjudicative guidelines because of the possible impact of questionable judgement, failure to control impulses and the applicant’s reliability and trustworthiness. These concerns are serious and could impact national security where they involve someone working with sensitive or classified information. After reviewing case studies, it’s not too difficult to see the impact of alcohol use on people’s lives.
Consider the following cases that demonstrate how alcohol consumption can impact security clearances. There are many more recorded, but these few will give an idea. Two cases demonstrate denial of security clearances, while one shows how the applicant adequately demonstrated mitigation and a security clearance is granted.

“I can handle it”

Applicant has had numerous alcohol-related driving arrests. She paid fees and fines, and completed probation.  However, she did not seek help in dealing with her issues with alcohol. At a later date, the applicant was involved in an accident while driving under the influence of alcohol (DUI).  She was found guilty of DWI and sentenced to 180 days, paid fines and had probation.
After the last incident, she finally sought help with alcohol counseling. The counselor noted that the applicant met the diagnosis of alcohol use disorder in early remission and that her participation in therapy and continued abstinence are positive indicators. However, the applicant does not abstain from drinking, against the counselor’s recommendations, and said that she feels she is in control and if there is a social event she will drink. The judge felt the applicant had not properly mitigated the concerns and denied the applicant a security clearance.

Completed some requirements

An applicant was refused a security clearance based on Guideline G, Alcohol Consumption. Later he appealed the decision stating he had adequately mitigated the behavior. The judge reiterated the facts for the appeal that demonstrated public drunkenness and driving while intoxicated. For a two-year period, the applicant actually did attend counseling for alcohol problems and was diagnosed with alcohol dependence. He reported it was in full remission. However, less than a year later he was convicted of impaired driving.
The judge supported the denial of a security clearance because of the evidence that the applicant continued to consume alcohol and become intoxicated. Though the applicant was attending counseling, he also continued to drink and drive. The applicant’s behavior demonstrated that he had not done enough to mitigate the concerns.

Just need to let off some steam

Applicant took three days off work to drink as his way of dealing with stress. There was enough other evidence of alcohol use for the judge to make the finding that the applicant was abusing alcohol. One consideration is habitual or binge consumption of alcohol to the point of impaired judgment, regardless of whether the individual is diagnosed with alcohol use disorder. The security significance of the drinking episode is significant even though it did not result in an arrest or other involvement with law enforcement officials.

I’m just trying to get it right

The final applicant in this article developed a drinking problem after getting in trouble at work. He was terminated and while at home started drinking. He became dependent on alcohol and by the time he got a new job, his dependence on alcohol led to problems on his new job.
After many attempts to stop on his own, he recognized that he had a drinking problem and sought treatment. He had several relapses during treatment, but continued to be honest with counselors and his employer and continued to get help.
While he had several relapses, the judge considered the fact that he was committed to abstinence, had not consumed alcohol in two years, and is being supported by Alcoholics Anonymous and his family. In this case the judge determined the applicant had mitigated concerns and granted the request for a security clearance.
Alcohol consumption can contribute to making bad decisions that puts classified information at risk. Therefore, decisions against a security clearance may be made even if an applicant has never been charged or arrested for an alcohol related event. Abusing alcohol has proven a sufficient finding to deny a clearance. Where the applicant recognized the problem, sought treatment, and had a recent history of abstinence, the judge determined the security risk under the guideline was sufficiently mitigated.
Read the complete article here
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing .

ISP and Security Certification





If you are serious about advancing in your field, get security certification. 


Taking practice tests is a great way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification. DSS has study material and tests available for those who enrol, NCMS has test study material as well.

Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM. It could help you pass the ISP and SPeD certification exams.

We've updated our manual for NISPOM Change 2. Have a go at some new questions. 


Try these questions to see how you do:

1.      The _____ shall identify the recipient government’s DGR and appoint a U.S. DGR.
a.            COR
b.            CSA
c.             FSO
d.            GCA
e.             State Department

2.      Which of the following are appropriate portion markings found on classified documents?
a.            SECRET, TOP SECRET, CONFIDENTIAL
b.            S, TS, C, U 
c.             UNCLASSIFIED, TS, CONFIDENTIAL
d.            FSO, TS, C, U
e.             All the above

3.      The National Agency Check with Local Agency Check and Credit Checks is required for:
a.            CONFIDENTIAL, L, and SECRET PCLs 
b.            TOPSECRET, Q, and SCI access
c.             TOP SECRET
d.            A and c
e.             SECRET only

4.      The Secretary of Energy or the Chairman of the Nuclear Regulatory Commission are responsible for prescribing that portion of the manual that pertains to information classified under reference:
a.            A
b.            B
c.            
d.            D
e.             E


Scroll Down for Answers





1.      The _____ shall identify the recipient government’s DGR and appoint a U.S. DGR.
a.            COR
b.            CSA (NISPOM 10-401c)
c.             FSO
d.            GCA
e.             State Department


2.      Which of the following are appropriate portion markings found on classified documents?
a.            SECRET, TOP SECRET, CONFIDENTIAL
b.            S, TS, C, U (NISPOM 4-206)
c.             UNCLASSIFIED, TS, CONFIDENTIAL
d.            FSO, TS, C, U
e.             All the above

3.      The National Agency Check with Local Agency Check and Credit Checks is required for:
a.            CONFIDENTIAL, L, and SECRET PCLs (NISPOM 2-201b)
b.            TOPSECRET, Q, and SCI access
c.             TOP SECRET
d.            A and c
e.             SECRET only

4.      The Secretary of Energy or the Chairman of the Nuclear Regulatory Commission are responsible for prescribing that portion of the manual that pertains to information classified under reference:
a.            A
b.            B
c.             C (NISPOM 1-101e)
d.            D
e.             E

So,  how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification,



DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.

According to reader comments and emails to the author, many who have bought this book, the ISP Test Tips, and used our techniques to augment their preparation have performed very well on the exam.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Thursday, November 16, 2017

Guideline C: Foreign Preference

Many immigrants experience great economic, academic, and professional opportunities in America.  As such, they have contributed to advanced technologies and capabilities that the US has enjoyed and will continue to benefit from.  However, opportunities may not always be available for security clearance jobs with cleared defense contractors. A subject’s inability or unwillingness to demonstrate full allegiance to the United States of America over any other country, reduce risk of foreign influence, or demonstrate preference to the US over their own countries’ of birth, the burden on national security could be too great to grant a security clearance.

This article is the third of a series of installments on the thirteen Adjudicative Guidelines. These guidelines are fundamental to the government’s role of evaluating persons and making security clearance decisions. It is the responsibility of each applicant to demonstrate they are capable of protecting classified information under the Guidelines both during the initial investigation and periodic reinvestigations. Often, Guideline C concerns appear with Guidelines A and B. Because of the close nature with Guidelines A and B, we will write this article in the same manner.

A subject under the security clearance adjudication process could have acted or be acting in ways that demonstrate preference for a foreign country. This preference could arise from being born in a foreign country, a foreign spouse, or just ideological concerns which manifest into decisions harmful to the United States. Some indications include travelling with foreign passports, serving the interests of foreign nations, or using foreign documentation to maintain foreign assets. All of which could demonstrate behavior which could lead to harm to national security.
American citizens have allowed their personal convictions and ideologies to benefit other countries; bad decisions with grave consequences. Two such spies are Jonathan Pollard and Ana Montes. Jonathan Pollard provided Top Secret information to his handler for delivery to Israel and Ana Montes provided U.S. secrets to Cuba.

Case study: Sending US Secrets to Cuba and Israel

Our first subject was born in Israel, and travels frequently to Israel with an Israeli passport to visit friends and family. He even submits his Israeli passport to his Facility Security Officer (FSO) until needed for travel. However he has not relinquished his Israeli passport because of convenience and financial costs involved with travelling on a US passport. Additionally, he demonstrated problems with Guideline: F because of continuing financial problems and tax delinquency.
While the government has clarified individuals may maintain a foreign passport, doing so for financial gain is certainly an issue.

Read the rest of the article here

Guideline B: Foreign Influence

America is rich in international heritage and culture. We pride ourselves in our ability to expand our technology and enhance our military capability. We also recognize that much of this progress directly reflects the knowledge and technical expertise of our immigrant population. We also understand the value of American citizens living abroad who fall in love and marry spouses from their host nations. Many Americans in such situations continue to thrive in jobs requiring security clearances and many immigrants successfully obtain and maintain security clearance. However, some relationships and situations may not be favorably adjudicated. The risk to national security is just too great.
This article is the second in a series covering the Thirteen Adjudicative Guidelines. As a reminder, these guidelines form the investigative and adjudicative foundation of which security clearance decisions are made. They continue to provide the same service during the cleared employees continuous evaluation phase and periodic reinvestigations for security clearance updates and maintenance. The subject employee should demonstrate their competency to protect classified information under the 13 Adjudicative Guidelines and continue to do so once a security clearance is granted.

GUIDELINE B: Foreign Influence

Under Guideline B, the employee bears the burden to clearly demonstrate that they are not susceptible or vulnerable to foreign influence that could lead to unauthorized theft or disclosure of classified information.  Foreign influence can lead to unauthorized disclosure as the cleared employee may be coerced to provide classified information due to threat to foreign influences (friends, family, in-laws) or from foreign influences (blackmail, elicitation, favors).  Where Guideline A: Allegiance to the United States, may be hard to prove Guideline B: Foreign Influence could be a paired concern. Below are real life situations of how Guideline B: can impact a security clearance decision.

Situation A: STrong Allegiance to the United States but significant Foreign Influence

In an appeal to an earlier denial of a security clearance, an applicant who emigrated to the U.S. from China states that they have demonstrated loyalty to the United States and argues that there is no reason to deny their security clearance.
However, in spite of strong demonstrations of loyalty to the U.S., they hold strong ties to relatives living in China. The applicant communicates strong sense of duty and affection to Chinese family members. These relatives could come to the attention of Chinese intelligence and become subject to pressure.  This pressure could result in the applicant being coerced through family members to release sensitive data.

Situation b: STrong Allegiance to the United States but significant threat to family members

An applicant from Iraq is denied a security clearance based on civil unrest, kidnappings, and terrorism occurring in their home country and relatives living in Iraq who could be exploited. At the time of the security clearance decision, terrorist groups controlled a large portion of Iraq.
In this case, the applicant maintains contact with Iraqi family members and provides financial support. Additionally, the terrorist activity in Iraq poses a heightened risk that that could lead to coercion. The applicant is vulnerable to threats to herself and family members that could bring her to a decision point between loyalty to the U.S. and her concern for her family. This could result in failing to protect sensitive information.

Read the rest of the article at: https://news.clearancejobs.com/2017/07/11/3-scenarios-foreign-influence-can-cost-clearance/

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Tuesday, August 1, 2017

NISPOM FSO Certification

 By Jeffrey W. Bennett, ISP, SAPPC
Get your copy @ www.redbikepublishing.com



If you are serious about advancing in your field, get security certification. 

Taking practice tests is a great way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification. DSS has study material and tests available for those who enrol, NCMS has test study material as well.

Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM. It could help you pass the ISP and SPeD certification exams.

We've updated our manual for NISPOM Change 2. Have a go at some new questions. 

Try these questions to see how you do:

1.      A facility at which only one person is assigned shall establish procedures for _____notification after death or incapacitation

a.            CSA
b.            GCA
c.             Next of Kin
d.            FSO
e.             FBI

2.      Reports submitted to the _____ involve espionage, terrorism and sabotage.
a.            CIA
b.            FSO
c.             CSA
d.            ISSM
e.              FBI

3.      Which is a part of System and Services Acquisition Control Measure
a.            Develop Security Plans
b.            Assess and Determine Usefulness of IS Security Controls
​c.            Employ Software Usage
d.            Provide Supporting Utilities for IS
e.             Limit Access to Authorized Users

4.      Which marking DOES NOT properly reflect what should be applied to the “Downgrade To” line:
a.            Derived From
b.            Downgrade To On
c.             Declassify On
​d.             Classified  By
e.             None of the above










Scroll Down For Answers






1.      A facility at which only one person is assigned shall establish procedures for _____notification after death or incapacitation
a.            CSA (NISPOM 1-204)
b.            GCA
c.             Next of Kin
d.            FSO
e.             FBI

2.      Reports submitted to the _____ involve espionage, terrorism and sabotage.
a.            CIA
b.            FSO
c.             CSA
d.            ISSM
e.             FBI (NISPOM 1-300)

3.      Which is a part of System and Services Acquisition Control Measure
a.            Develop Security Plans
b.            Assess and Determine Usefulness of IS Security Controls
c.             Employ Software Usage (NISPOM 8-301)
d.            Provide Supporting Utilities for IS
e.             Limit Access to Authorized Users

4.      Which marking DOES NOT properly reflect what should be applied to the “Downgrade To” line:
a.            Derived From
b.            Downgrade To On
c.             Declassify On
d.            Classified By (NISPOM 4-208c)
e.             None of the above

So how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification,
DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.

According to reader comments and emails to the author, many who have bought this book, the ISP Test Tips, and used our techniques to augment their preparation have performed very well on the exam.