Thursday, November 16, 2017

Guideline C: Foreign Preference

Many immigrants experience great economic, academic, and professional opportunities in America.  As such, they have contributed to advanced technologies and capabilities that the US has enjoyed and will continue to benefit from.  However, opportunities may not always be available for security clearance jobs with cleared defense contractors. A subject’s inability or unwillingness to demonstrate full allegiance to the United States of America over any other country, reduce risk of foreign influence, or demonstrate preference to the US over their own countries’ of birth, the burden on national security could be too great to grant a security clearance.

This article is the third of a series of installments on the thirteen Adjudicative Guidelines. These guidelines are fundamental to the government’s role of evaluating persons and making security clearance decisions. It is the responsibility of each applicant to demonstrate they are capable of protecting classified information under the Guidelines both during the initial investigation and periodic reinvestigations. Often, Guideline C concerns appear with Guidelines A and B. Because of the close nature with Guidelines A and B, we will write this article in the same manner.

A subject under the security clearance adjudication process could have acted or be acting in ways that demonstrate preference for a foreign country. This preference could arise from being born in a foreign country, a foreign spouse, or just ideological concerns which manifest into decisions harmful to the United States. Some indications include travelling with foreign passports, serving the interests of foreign nations, or using foreign documentation to maintain foreign assets. All of which could demonstrate behavior which could lead to harm to national security.
American citizens have allowed their personal convictions and ideologies to benefit other countries; bad decisions with grave consequences. Two such spies are Jonathan Pollard and Ana Montes. Jonathan Pollard provided Top Secret information to his handler for delivery to Israel and Ana Montes provided U.S. secrets to Cuba.

Case study: Sending US Secrets to Cuba and Israel

Our first subject was born in Israel, and travels frequently to Israel with an Israeli passport to visit friends and family. He even submits his Israeli passport to his Facility Security Officer (FSO) until needed for travel. However he has not relinquished his Israeli passport because of convenience and financial costs involved with travelling on a US passport. Additionally, he demonstrated problems with Guideline: F because of continuing financial problems and tax delinquency.
While the government has clarified individuals may maintain a foreign passport, doing so for financial gain is certainly an issue.

Read the rest of the article here

Guideline B: Foreign Influence

America is rich in international heritage and culture. We pride ourselves in our ability to expand our technology and enhance our military capability. We also recognize that much of this progress directly reflects the knowledge and technical expertise of our immigrant population. We also understand the value of American citizens living abroad who fall in love and marry spouses from their host nations. Many Americans in such situations continue to thrive in jobs requiring security clearances and many immigrants successfully obtain and maintain security clearance. However, some relationships and situations may not be favorably adjudicated. The risk to national security is just too great.
This article is the second in a series covering the Thirteen Adjudicative Guidelines. As a reminder, these guidelines form the investigative and adjudicative foundation of which security clearance decisions are made. They continue to provide the same service during the cleared employees continuous evaluation phase and periodic reinvestigations for security clearance updates and maintenance. The subject employee should demonstrate their competency to protect classified information under the 13 Adjudicative Guidelines and continue to do so once a security clearance is granted.

GUIDELINE B: Foreign Influence

Under Guideline B, the employee bears the burden to clearly demonstrate that they are not susceptible or vulnerable to foreign influence that could lead to unauthorized theft or disclosure of classified information.  Foreign influence can lead to unauthorized disclosure as the cleared employee may be coerced to provide classified information due to threat to foreign influences (friends, family, in-laws) or from foreign influences (blackmail, elicitation, favors).  Where Guideline A: Allegiance to the United States, may be hard to prove Guideline B: Foreign Influence could be a paired concern. Below are real life situations of how Guideline B: can impact a security clearance decision.

Situation A: STrong Allegiance to the United States but significant Foreign Influence

In an appeal to an earlier denial of a security clearance, an applicant who emigrated to the U.S. from China states that they have demonstrated loyalty to the United States and argues that there is no reason to deny their security clearance.
However, in spite of strong demonstrations of loyalty to the U.S., they hold strong ties to relatives living in China. The applicant communicates strong sense of duty and affection to Chinese family members. These relatives could come to the attention of Chinese intelligence and become subject to pressure.  This pressure could result in the applicant being coerced through family members to release sensitive data.

Situation b: STrong Allegiance to the United States but significant threat to family members

An applicant from Iraq is denied a security clearance based on civil unrest, kidnappings, and terrorism occurring in their home country and relatives living in Iraq who could be exploited. At the time of the security clearance decision, terrorist groups controlled a large portion of Iraq.
In this case, the applicant maintains contact with Iraqi family members and provides financial support. Additionally, the terrorist activity in Iraq poses a heightened risk that that could lead to coercion. The applicant is vulnerable to threats to herself and family members that could bring her to a decision point between loyalty to the U.S. and her concern for her family. This could result in failing to protect sensitive information.

Read the rest of the article at: https://news.clearancejobs.com/2017/07/11/3-scenarios-foreign-influence-can-cost-clearance/

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Tuesday, August 1, 2017

NISPOM FSO Certification

 By Jeffrey W. Bennett, ISP, SAPPC
Get your copy @ www.redbikepublishing.com



If you are serious about advancing in your field, get security certification. 

Taking practice tests is a great way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification. DSS has study material and tests available for those who enrol, NCMS has test study material as well.

Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM. It could help you pass the ISP and SPeD certification exams.

We've updated our manual for NISPOM Change 2. Have a go at some new questions. 

Try these questions to see how you do:

1.      A facility at which only one person is assigned shall establish procedures for _____notification after death or incapacitation

a.            CSA
b.            GCA
c.             Next of Kin
d.            FSO
e.             FBI

2.      Reports submitted to the _____ involve espionage, terrorism and sabotage.
a.            CIA
b.            FSO
c.             CSA
d.            ISSM
e.              FBI

3.      Which is a part of System and Services Acquisition Control Measure
a.            Develop Security Plans
b.            Assess and Determine Usefulness of IS Security Controls
​c.            Employ Software Usage
d.            Provide Supporting Utilities for IS
e.             Limit Access to Authorized Users

4.      Which marking DOES NOT properly reflect what should be applied to the “Downgrade To” line:
a.            Derived From
b.            Downgrade To On
c.             Declassify On
​d.             Classified  By
e.             None of the above










Scroll Down For Answers






1.      A facility at which only one person is assigned shall establish procedures for _____notification after death or incapacitation
a.            CSA (NISPOM 1-204)
b.            GCA
c.             Next of Kin
d.            FSO
e.             FBI

2.      Reports submitted to the _____ involve espionage, terrorism and sabotage.
a.            CIA
b.            FSO
c.             CSA
d.            ISSM
e.             FBI (NISPOM 1-300)

3.      Which is a part of System and Services Acquisition Control Measure
a.            Develop Security Plans
b.            Assess and Determine Usefulness of IS Security Controls
c.             Employ Software Usage (NISPOM 8-301)
d.            Provide Supporting Utilities for IS
e.             Limit Access to Authorized Users

4.      Which marking DOES NOT properly reflect what should be applied to the “Downgrade To” line:
a.            Derived From
b.            Downgrade To On
c.             Declassify On
d.            Classified By (NISPOM 4-208c)
e.             None of the above

So how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification,
DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.

According to reader comments and emails to the author, many who have bought this book, the ISP Test Tips, and used our techniques to augment their preparation have performed very well on the exam.



Is your Information Management System (IMS) capable



 Contractors are required to be able to retrieve and dispose of classified information within a reasonable amount of time. The government owns it, so contractually, the contractor should turn it over upon request. An information management system will help with that task.

Question:
Is your Information Management System (IMS) capable of facilitating the retrieval and disposition of classified material as required?

RESOURCE: ISL 2006-01 Information Management System under Industrial Security Letters at: http://www.cdse.edu/toolkits/fsos/safeguarding.html

Answer:

NISPOM 5-200. Policy.

Contractors shall establish an information management system to protect and control the classified information in their possession. Contractors shall ensure that classified information in their custody is used or retained only for a lawful and authorized U.S. Government purpose. The U.S. Government reserves the right to retrieve its classified material or to cause appropriate disposition of the material by the contractor. The information management system employed by the contractor shall be capable of facilitating such retrieval and disposition in a reasonable period of time.

 Where the Top Secret Control Official is required to keep records of TOP SECRET information, the information management systems for SECRET and below is not proscribed. The NISPOM guidance is for contractors to implement a control that allows for the acknowledgement of, tracing of, and disposition classified information that is possessed. The NISPOM does not require any specific format, just that there is something in place that performs a control type of function. What is the function? To be able to retrieve and report disposition of classified information in a reasonable time.

The control helps to ensure that classified information is used or retained for lawful and authorized U.S. Government services. This control helps enforce that. For example, a classified contract is awarded and according to the DD Form 254, the contractor is permitted to receive, generate, and store classified information as the SECRET level.

As classified information is received, generated, and stored, the acceptance, issuance, generation, existence, etc. should be acknowledged in a contractor supplied control. This can be accomplished through a software based solution such as SIMS Software or as simple as using an excel spreadsheet or piece of paper and a stubby pencil.

Now, suppose the contract ends and the government requires returning all classified information related to the contract with in a certain period of time. The contractor is required to return all classified information in a short suspense. If it’s just a few items, no problem, however, if the contractor has multiple security containers in multiple rooms or buildings, this could prove difficult without a dependable and accurate information management system.

There also is no requirement for any form of receipt and dispatch records. However, if a contractor has a large number of documents, such tools may be very helpful. A software program that allows the tracing and “accountability” of inventory could be a significant event while searching for classified information.

For example, suppose the classified information was received and put into a company security container in a central receiving area and logged into that location. A year later, the cleared employees on contract require the classified information to be moved into a newly constructed room with a new security container. A receipting or tracing action that follows the relocation of the document would allow the quick retrieval. Relying upon memory or forgetting to document the movement could result in a time consuming hunt.

Whichever method is used to enforce this control, the intent is for the contractor to demonstrate capability for timely retrieval of classified information wherever it’s and have the ability to dispose of classified information when required to do so.

Validation:

Practice retrieving documents to ensure system functions

Clearly demonstrate ability to retrieve classified information

Clearly demonstrate ability to relay disposition of destroyed classified information

Ensure cleared employees understand the information management system through training and briefings


Saturday, July 29, 2017

Guideline A: 13 Adjudication Criteria

Many are aware of the Thirteen Adjudicative Guidelines of which security clearance decisions are made. For those not aware, the security clearance process begins, maintains, and continues with background investigations, observations, and adjudication decisions. When an employee is required to perform on a classified contract, the Facility Security Officer initiates a security clearance background investigation. When an employee performs on a classified contract, their security clearance privilege is in continuous evaluation. When a cleared employee is required to continue their clearance, the FSO submits a periodic reinvestigation request. These three security clearance states rely on the employee demonstrating their competency to protect classified information under the 13 Adjudicative Guidelines. This article is the first in a series of articles to describe each guideline.

Guideline A Allegiance to the United States

Under Guideline A, the employee bears the burden to clearly demonstrate unquestionable loyalty to the United States. After all, they will be in possession of sensitive information that could lead to varying levels of damage to national security if compromised.

Questionable Behavior

Under Guideline A, decisions are based on findings of disloyal activity, not on the applications words of faithfulness. There are many ways to demonstrate questionable loyalty that outweigh verbal declarations.  For example, you might think your neighbor’s daily flag raising ceremony is very patriotic and you may never question their loyalty. However, your discovery of their belonging to an organization sympathetic to America’s enemies may change your view. In light of their questionable associations, their reciting the Pledge of Allegiance every day is a nice gesture that is outweighed by their behavior.  In a security clearance investigation, these observations may cause a denial or revocation of a security clearance; no matter how much they protest their love of America. The risk that they may compromise classified information to support their potentially true allegiance is too great.

An example of a Guideline A violation could be joining an anti-America or other hate group demonstrating desire to attack, overthrow, sabotage, or otherwise cause harm to the American government or just supporting those who do. This “joining” could be as involved as participating in activities, attending meetings, or just “liking” a social media group run by a foreign or domestic terrorist organization.

Currently, there are no security clearance decisions available on the DOHA website that are based on Guideline A violations. However, there are plenty of examples for Guidelines B and C (Foreign Influence and Foreign Preference). In other words, while Guideline A violations may be difficult to prove, the great probability of determining Guidelines B and C violations may be the next considerations to deny or revoke a security clearance. We will cover these cases in future installments.

Please follow link to read the rest of the article at clearancejobs.com https://news.clearancejobs.com/2017/05/31/criticizing-government-cost-security-clearance/

NISPOM Based Questions

NISPOM Based Questions

                  
 By Jeffrey W. Bennett, ISP, SAPPC
                  
                                                                                                                                 
Get your copy @ www.redbikepublishing.com
                  

         
         
            If you are serious about advancing in your field, get security certification. 
                  

            Taking practice tests is a great way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification. DSS has study material and tests available for those who enrol, NCMS has test study material as well.
           
              Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM. It could help you pass the ISP and SPeD certification exams.

                  
We've updated our manual for NISPOM Change 2. Have a go at some new questions. 
                  

            Try these questions to see how you do:
                  
         

1. The NISP was established by:
                      
a. Executive Order 12829 
                      
b. Executive Order 12333
                      
c. Executive Order 13355
                      
d. Executive Order 12356
                      
e. Executive order 12345
                      
2. An employee with a privileged user account can perform which of the following functions?
                      
a. System Control
                      
b. System Monitoring
                      
c. Data Transfer
                      
d. Functions general users are not authorized to perform
                      
e. All of the above 
                      
3. General and privileged users should receive which of the following training?
                      
a. Threat awareness training
                      
b. Insider threat training
                      
c. Risks associated with user activities
                      
d. NISP based responsibilities
                      
e. All the above 
                      
4. Contractors performing work on federal installations shall safeguard classified information
              according to procedures of:

                      
a. NISPOM
                      
b. Block 13 of DD From 254
                      
c. Host Installation or Agency 
                      
d. CSA
                      
e. CSO
                      
          
                  
                  
                  
                  
                  
                  
                  
                  
         

           
              Scroll Down For Answers
           
         
                      
                      
                      
1. The NISP was established by:
                         
a. Executive Order 12829 (NISPOM 1-101)
                         
b. Executive Order 12333 
                      
c. Executive Order 13355 
                      
d. Executive Order 12356
                      
e. Executive order 12345
                      
2. An employee with a privileged user account can perform which of the following functions?
                      
a. System Control
                      
b. System Monitoring 
                      
c. Data Transfer
                      
d. Functions general users are not authorized to perform
                      
e. All of the above (DSS Assessment and Authorization Process Manual)
                      
3. General and privileged users should receive which of the following training?
                      
a. Threat awareness training 
                      
b. Insider threat training
                      
c. Risks associated with user activities
                      
d. NISP based responsibilities
                      
e. All the above (NISPOM 8-101)
                      
4. Contractors performing work on federal installations shall safeguard classified information
              according to procedures of:

                      
a. NISPOM
                      
b. Block 13 of DD From 254
                      
c. Host Installation or Agency (NISPOM 1-200)
                      
d. CSA
                      
e. CSO
                      

           
           
           
              So how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification,
                      
                      
                      
                      
DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.
           
              According to reader comments and emails to the author, many who have bought this book, the ISP Test Tips, and used our techniques to augment their preparation have performed very well on the exam.

          

Monday, May 29, 2017

Security Controls

This article continues the series covering the Self-Inspection Handbook For NISP Contractors and guidance found in the National Industrial Security Program Operating Manual (NISPOM) Incorporating Change 2

Prior to sending classified information via commercial carriers, the holder of the classified information should gain approval of the intent to ship and the method of shipment.  Once the approval is gained, the shipper should properly prepare the product and coordinate the shipment with the government, shipper, and receiver.

Question:
Do your cleared employees understand their safeguarding responsibilities?

Answer:

NISPOM 5-100. General.

Contractors shall be responsible for safeguarding classified information in their custody or under their control. This includes classified material controls that govern procedures or capabilities that deny, deter, and detect any unauthorized attempt to gain access to classified information.

NISPOM Chapter 5 is a large section that attempts to provide information to protect classified information by format (written document, electronic document, hardware item, information system, etc.) and location (open storage, computer, in transit, at work, etc). Chapter 5 addresses protection of classified information during reception, storage, transmission, destruction, physical security, and more. This protection involves marking, physical security specifications, oral communication, access, hand carrying, need to know, and other measures to prevent unauthorized access.

While other NISP Handbook sections address format and location of classified information, Section Q focuses on controls that are in place to trace and account for classified information at the cleared facility. This safeguarding question addresses a theme that is undercurrent to the entire Chapter 5; the administrative and technical controls in place to document and detect status of classified information. Though some of these controls were covered in other NISP Handbook questions, they are re-visited here to demonstrate a specific security function.

The question again is general and will be further unpacked in in specific application as we work our way through Section Q. The point with this article is to explain the controls at a high level and dig deeper in consecutive articles. The cleared employees should understand how to answer the question in the context of information management system and perimeter controls available to ensure classified information is received, only authorized persons gain access, and any unauthorized attempts to gain access is detected.

Validation:
Policy and procedure in place that describe information management and perimeter controls
Employee acknowledgement of security training and understanding of classified material controls
Provide written authorization for hand carrier to transport classified information
Develop tracking system to ensure receipts are returned in a timely manner
Provide proof of hand carrier or escort briefing
Review and compare signatures of couriers who have attended training and briefings