Tuesday, July 26, 2016

NISPOM Questions


Taking practice tests is the best way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification. DSS has study material and tests available for those who enrol, NCMS has test study material as well.

Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM. It could help you pass the ISP and SPeD certification exams.
Try these questions to see how you do:


1.      Contractors shall limit the number of PCL requests to:
a.            One third of the company
b.            KMPs and direct reports
c.             That which is necessary to operate efficiently 
d.            Meet future requirements for classified contracts
e.             That which is specifically outlined on the DD Form 254

2.      The _____ is responsible for providing overall policy direction for the NISP.
a.            Nuclear Regulatory Commission
b.            Central Intelligence Agency
c.             Defense Security Services
d.            National Security Council 
e.             Secretary of Defense

3.      Among other requirements, the destruction records for TOP SECRET must contain the _____ and be kept for _____.
a.            Date of destruction, two years 
b.            SSN of destroyer, two years
c.             Name of destroyer, one year
d.            ID material destroyed, one year
e.             Date of Classification, five years

4.      Which types of door locking devices are approved for access to closed area doors?
a.            Key operated pad lock 
b.            Handprint reader
c.             Deadbolt key lock
d.            Swipe card reader

e.             All the above


Scroll down for answers:








1.      Contractors shall limit the number of PCL requests to:
a.            One third of the company
b.            KMPs and direct reports
c.             That which is necessary to operate efficiently (NISPOM 2-200d)
d.            Meet future requirements for classified contracts
e.             That which is specifically outlined on the DD Form 254

2.      The _____ is responsible for providing overall policy direction for the NISP.
a.            Nuclear Regulatory Commission
b.            Central Intelligence Agency
c.             Defense Security Services
d.            National Security Council (NISPOM 1-101a)
e.             Secretary of Defense

3.      Among other requirements, the destruction records for TOP SECRET must contain the _____ and be kept for _____.
a.            Date of destruction, two years (NISPOM 5-707)
b.            SSN of destroyer, two years
c.             Name of destroyer, one year
d.            ID material destroyed, one year
e.             Date of Classification, five years

4.      Which types of door locking devices are approved for access to closed area doors?
a.            Key operated pad lock (NISPOM 5-801e)
b.            Handprint reader
c.             Deadbolt key lock
d.            Swipe card reader

e.             All the above




Monday, July 25, 2016

Transmission of Classified Information

NISPOM
This article continues the series covering the Self-Inspection Handbook For NISP Contractors and guidance found in the National Industrial Security Program Operating Manual (NISPOM) Incorporating Change 2.  

The transmission of classified information is an important concern. Classified information should be controlled as it enters and leaves each facility. Each facility that has a CAGE Code should have it’s own transmission process meeting NISPOM requirements. How is yours doing? Lets find out.


Question:

Are procedures established for proper receipt and inspection of classified transmittals?

Here’s what NISPOM says on the subject. Our narrative follows:

5-202. Receiving Classified Material. Procedures shall be established to ensure that classified material, regardless of delivery method, is received directly by authorized personnel. The material shall be examined for evidence of tampering and the classified contents shall be checked against the receipt. Discrepancies in the contents of a package or absence of a receipt for TOP SECRET and SECRET material shall be reported promptly to the sender.

How to apply the NISPOM (some of this article is from the book DoD Security Clearance and Contracts Guidebook)

Receipt by authorized personnel
The FSO should ensure all arriving classified information is inspected and received into accountability by authorized personnel. Many cleared contractors establish a centralized classified information holding where all classified is processed in and out of the facility and is managed like a library. Others have classified information dispersed throughout the facility where needed. Either way works depending on how it is managed. Regardless of where classified information is stored, it must be properly received by the authorized cleared employees.

What The material shall be examined for evidence of tampering and the classified contents shall be checked against the receipt.
Classified information should arrive in the same condition it was shipped in and contain the exact information as it left with. Due diligence is necessary to ensure that classified information has not been compromised, is related to a contract, and is properly marked.

Inspecting or examining the received material begins with looking at the outside package and looking for condition. Regardless of transmission methods of physical items (mail, courier, overnight, hand carry and etc.) classified material should be double wrapped. Each layer serves to protect the classified material from inadvertent and unauthorized disclosure and should be properly addressed. Anything ripped or seemingly re-taped should be further investigated.

Detailed Inspection Requirements
Regardless of transmission methods, the recipient should examine the outer wrapping for evidence of tampering or to compromise of classified material. Classified material should be double wrapped with two independent layers of protection. Each layer should consists of opaque material such as an envelope, paper, box or other strong wrapping material.

The receiver should look for evidence of tearing, ripping, re-wrapping or some other means of unauthorized access to the material. Then review the shipping label for a classified mailing address and return address. There should be no classification markings on the outer layer of the item as classification markings on the outside of a package are a security violation.

The inner layer should be inspected the same way as the outer layer for evidence of tampering or unauthorized disclosure (Figure 1). However, the inside wrapping should contain the full address of the recipient as well as classification markings on the top, bottom, front and back, and sides (Figure 2). TOP SECRET and SECRET material should have a packing list or receipt. Receipts are not necessary with the shipment of CONFIDENTIAL material. If a receipt is included, the receiver should sign it and return it to the sender.
 
Figure 1 Torn outer cover of classified package
The receiver should then check the receipt against the contents to ensure the items are listed correctly and accounted for. The properly filled out receipt should list the sender, the addressee, and correctly identify the contents by an unclassified title and appropriate quantity. Since the receipt may be filed for administrative and compliance purposes, the inspector should ensure it contains no classified information.

Figure 2 Properly marked classified package (inner wrapper)
The receiver should compare the classification marking on the contents with the wrapper and the receipt to once again verify the classification level and prevent unauthorized disclosure.

Discrepancies in the contents of a package or absence of a receipt for TOP SECRET and SECRET material shall be reported promptly to the sender.

Any problems resulting from the examination and inspection should be addressed with the sender. Both should determine whether or not a security incident exists or other explanation. Sometimes packages are ripped, poorly wrapped, or damaged during shipment. The parties should make that determination.

If the shipment is in order, the receipt shall be signed and returned to the sender. If a receipt is included with CONFIDENTIAL material, it shall be signed and returned to the sender.

Once all the checks and verifications are complete, the receiver can then sign a copy of the receipt and return to the sender, thus closing the loop on the sender’s accounting responsibilities.

 VALIDATION:
  
Capture names of employees authorized to inspect and transmit classified information.

Record of authorized employee securitytraining.

Keep a pedigree of all transmitted classified information from receipt to final disposition. This is a receipt log that explains the lifecycle of classified information as received, stored, transmitted or destroyed.


Present classified transmission procedures if written. 

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Tuesday, June 28, 2016

Classification Markings

This article continues the series covering the Self-Inspection Handbook For NISP Contractors and guidance found in the National Industrial Security Program Operating Manual (NISPOM) Incorporating Change 2.

Question: Is all classified material, regardless of its physical form, marked properly?

The topic of Classification Markings covers eight of 138 NISPOM pages. That’s almost 5% of the NISPOM’s attention. That’s because the entire success of the Facility Security Officers security program to protection classified information depends on properly marked classified material and cleared employees’ responses to the requirements. This first article on the topic will cover classification markings at a high level, while future installments will drill down into specific actions and examples of best practices.

According to NISPOM:


4-200. General. Physically marking classified information with appropriate classification markings serves to warn and inform holders of the information of the degree of protection required…

4-201. Marking Requirements for Information and Material. … the markings specified … are required for all classified information regardless of the form in which it appears...

Properly annotating classification levels and handling instructions warns and notifies the holder of classified information. The holder of classified information is responsible for ensuring that they work with, store, transmit, and otherwise work with the classified material as appropriate with the classification level. They are also charged with ensuring only those with the proper clearance level and need to know gain access to the material.

According to the Original Classification Authority Desktop Reference, The OCA’s final step in the original classification decision process is to designate the information as classified and communicate the decision. There are three methods for communicating the decision.
• Security classification guides/declassification guides
• Properly marked source documents
• Outline classification instructions on a DD Form 254, DoD Contract Security Classification Specification

Properly Marked Source Documents:


The cleared employee working with classified information is required to use the classified information exactly as the OCA has specified. Once the government classified the information, the cleared defense contractors protect it and any derivative classified information appropriately. This includes proper markings on the physical item. These markings include classification level, “CLASSIFIED BY” Line, “DERIVED FROM” Line, “DECLASSIFY ON” Line, and “DOWNGRADE TO” Line. For documents classification markings should identify the level of the entire document and each portion (page, paragraph, graphic, and etc.).

These markings should stand out. Remember the purpose is to warn and inform. For example, if in a written document, the font size should be larger or the color significantly different to draw attention to the handling requirements. Marking should be applied to all material regardless of format or make up. Though there is no standard requiring a specific marking for a specific type or media, the user should do their best to warn and inform.

Follow Through:


Is all classified material, regardless of its physical form, marked properly?
VALIDATION:
  • Produce written process or procedures for marking classified materials.
  • Demonstrate inspection process to ensure internally generated, incoming and outgoing classified information is marked properly.
  • Cleared employees are trained on derivative classification and classification marking topics.




Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Tuesday, June 7, 2016

NISPOM STudy Questions



Taking practice tests is the best way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification. DSS has study material and tests available for those who enrol, NCMS has test study material as well.

Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM. It could help you pass the ISP and SPeD certification exams.

Try these questions to see how you do:


1. All the following provide an appropriate proof of U.S. citizenship EXCEPT:

a. Driver’s license

b. Birth Certificate

c. Expired Passport

d. DD Form 1966

e. Current Passport


2. Announcements of meetings shall be _____ and require government approval.

a. FOUO

b. SECRET

c. CONFIDENTIAL

d. UNCLASSIFIED

e. TOP SECRET


3. Which of the following is NOT true concerning classified information in meetings:

a. Can be presented orally

b. Can be presented visually

c. Can be handed out to attendees

d. Attendees must turn in classified notes

e. Classified notes will be disseminated per NISPOM


4. When wrapping classified material for shipment, the _____ cannot go on the outer cover:

a. Individual’s name

b. Office code letter

c. Office code number

d. Directions for routing

e. Facility name

5. All of the following must be included in the authorization letter for hand carrying classified material on a commercial aircraft EXCEPT:

a. Traveler’s Social Security Number

b. Description of traveler’s ID

c. Description of material being carried

d. Identify points of departure, destination, and known transfer point

e. Location and telephone number of CSA




Scroll Down For Answers---Good Luck









1. All the following provide an appropriate proof of U.S. citizenship EXCEPT:


a. Driver’s license (NISPOM 2-208)


b. Birth Certificate


c. Expired Passport


d. DD Form 1966


e. Current Passport


2. Announcements of meetings shall be _____ and require government approval.


a. FOUO


b. SECRET


c. CONFIDENTIAL


d. UNCLASSIFIED (NISPOM 6-201c1)


e. TOP SECRET


3. Which of the following is NOT true concerning classified information in meetings:


a. Can be presented orally


b. Can be presented visually


c. Can be handed out to attendees (NISPOM 6-201c)


d. Attendees must turn in classified notes


e. Classified notes will be disseminated per NISPOM


4. When wrapping classified material for shipment, the _____ cannot go on the outer cover:


a. Individual’s name (NISPOM 5-406)


b. Office code letter


c. Office code number


d. Directions for routing


e. Facility name


5. All of the following must be included in the authorization letter for hand carrying classified material on a commercial aircraft EXCEPT:


a. Traveler’s Social Security Number (NISPOM 5-411)


b. Description of traveler’s ID


c. Description of material being carried


d. Identify points of departure, destination, and known transfer point

e. Location and telephone number of CSA


According to reader comments and emails to the author, many who have bought this book, the ISP Test Tips, and used our techniques to augment their preparation have performed very well on the exam.

So how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification, DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.





                                             

Monday, June 6, 2016

NCMS's 52d Annual Training Seminar in Nashville

This week begins the summer conference schedule. There is so much security and cyber education and training available to help attendees keep up with credits, work experience and goals. 

One such event is NCMS's 52d Annual Training Seminar in Nashville. Hundreds of National Industrial Security (NISP) Professionals will be on hand to learn more about their craft, industry updates, NISPOM Changes, best practices, and much more. Experts will be on hand to share experiences and lead seminars. Industry vendors will also demonstrate their capabilities.

Just recently DoD released NISPOM Conforming Change 2with plenty of updates and changes including Chapter 8 as well as new requirementsje such as Insider Threat considerations. Also, CDSE has released the corresponding Self-Inspection Handbook for NISP Contractors to reflect all changes.

Another great opportunity is ISP Certification training and testing. Good luck to all the attendees and future ISP Certified professionals.



Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Friday, June 3, 2016

NISPOM Change 2 Guidance and Self-Inspections For NISP Contractors

Self-Inspection Handbook
For the past two years, we’ve been writing articles with the goal of helping FSOs manage their security programs. Hopefully we’ve provided a useful service and hope to continually do so. The greatest driver of our articles has been the Self-Inspection Handbook for NISP Contractors. This format has provided plenty of material for articles that the reader can implement immediately. Fortunately there have been many updates to the NISPOM and related guidance and tools.

Recently the National Industrial Security Program Operating Manual (NISPOM) has incorporated Change 2 and the Center for Development of Security Excellence (CDSE) has released the updated 2016 Self-Inspection Handbook for NISP Contractors. This handbook covers the latest NISPOM incorporating Change 2 and is an outstanding tool for novice and seasoned FSOs to perform a risk based assessment of their security program to protect classified information. We will continue to write articles and do our best to stay current and up to date with industry changes. As such, the following article describes a very recent update that FSOs should be prepared to implement.

Self-Inspection Requirement


According to NISPOM Paragraph 1-207b and subparagraphs. “Contractors shall review their security system on a continuing basis and shall also conduct a formal self-inspection, including the self-inspection required by paragraph 8-101h of chapter 8 of this Manual, at intervals consistent with risk management principles.”

This requirement provides a new element to the FSOs responsibilities. Additional documentation, coordination, and subtasks outlined in the NISPOM Change 2 add technical difficulty to the self-inspection requirement. Additional time and resources should be pre-planned to close the loops on what the NISPOM requires and what the Cognizant Security Agency (CSA) (DSS for DoD Contractors) will inspect. To meet the need, Defense Security Service’s Center for Development of Security Excellence (CDSE) has provided the 2016 Self-Inspection Handbook for NISP Contractors as a tool for planning, conducting and coordinating the contractor self-inspection. Used correctly, it can help facilitate inspection execution and documentation.

For example, detailed self-inspection requirements word for word:

(1) These self-inspections will be related to the activity, information, information systems (ISs), and conditions of the overall security program, to include the insider threat program; have sufficient scope, depth, and frequency; and management support in execution and remedy.

(2) The contractor will prepare a formal report describing the self-inspection, its findings, and resolution of issues found. The contractor will retain the formal report for CSA review through the next CSA inspection.

(3) A senior management official at the cleared facility will certify to the CSA, in writing on an annual basis, that a self-inspection has been conducted, that senior management has been briefed on the results, that appropriate corrective action has been taken, and that management fully supports the security program at the cleared facility.

(4) Self-inspections by contractors will include the review of representative samples of the contractor’s derivative classification actions, as applicable.

Interpretation and Application


Requirement (1) describes what is subject to inspection and includes a few updates. The newly redesigned NISPOM Chapter 8 and Insider Threat sections offer topics the FSO should be aware of prior to conducting the self-inspection. The goal is a holistic approach to demonstrating the effectiveness of the security program designed to protect classified information; each element is equally important.

Requirement (2) provides guidance on what to do with self-inspection results. This is where the added resources and time come in. The NISPOM is clear on how the contractor should demonstrate compliance; provide a report and make it available for the next CSA review. The size, details, and essence of the report are up to the contractor. However, using the handbook to facilitate the inspection, annotating the checklist, taking notes, and recording findings immediately takes care of the raw data. The FSO can then transcribe the findings, perhaps word for word, into a Microsoft Word document.

Requirement (3) requires buy in from senior management. If the FSO is not actively engaged with senior management because of corporate structure or other issues, this is the time to bridge the gap. The handbook data can be used to provide Microsoft PowerPoint or other type of presentation to brief management of the results, mitigations, and information necessary to get their full support. Another idea is to have the senior management members sign the self-inspection report, demonstrating their acknowledgement of the findings and support of the program.

Requirement (4) should not be too much of an operation change as DSS regularly reviews classified documents for markings and other issues.

How to Implement


While the self-inspection process is a NISPOM requirement, there is not a requirement to use the handbook. However, the handbook is an excellent resource to inform security and NISPOM training topics, train the inspection team, keep track of inspection topics, document results, and take notes. According to CDSE, “This Self-Inspection Handbook is designed as a job aid to assist you in complying with these requirements. It is not intended to be used as a checklist only; rather, it is intended to assist you in developing a viable self-inspection program specifically tailored to the classified needs of your cleared company”.

Instead of trying to develop a new inspection process, FSOs should use the handbook as an established process to prepare the required reports, briefings, and senior leadership buy-in. The FSO should save all inspection results, artifacts, notes and reports for at least a year and the next DSS review.

Download your copy from DSS or purchase a professionally printed version here.



Monday, May 30, 2016

Social Media and Security Clearance Investigations

This month the Office of Director of National Intelligence announced that a person's social media pages can be reviewed during the security clearance investigation process. You might remember that in an earlier article we had covered this possibility, explaining some of the red flags that could occur in social media content. 

In the previous article, we discussed activities such as: pictures of partying, un-vetted non-US person friends or contacts, or other social media activity that could lead to questioning allegiance, decision making capability, or risky behavior could cause concern during an investigation.

New Opportunities for Investigators


Let's look at some other possibilities that could arise as a result of the new policy. In this new policy, the investigator could be forearmed with more information about the subject in a more timely manner. The social media pre-investigation research could provide a more aggressive investigation capability. The investigation now has information readily available that had never existed previously. The subject's social media profiles can provide the investigator with more information than normally available in the SF-86 Questionnaire for National Security Positions and interviews. 

The SF-86 provides raw data for the investigator to research and the investigator builds a story based on records and interviews. Investigators typically conduct background research on financial, court and education records. They also interview the subjects and references based on information provided in the SF-86. 

With social media, the investigator now has access into behavior, habits, side business, friendships, after duty lifestyle, travel experiences and more. The investigator has the subject's world at their fingertips and are no longer limited by what the subject wants them to know.

Repercussions - The investigator can learn more about the subject than the subject disclosed on the SF-86.

  •         Foreign travel not claimed-Go to Canada, Mexico, Bahamas, or Europe recently? You have the posts and pics to prove it. Could be a problem if you never notified security or disclosed foreign travel on the SF-86.
  •         Disloyalty to the organization-Posts about the work environment can raise flags as a disgruntled employee or possible insider threat.
  •         Interaction with Non-US citizens-Problems can result form collecting likes, friends or contacts without vetting them
  •         Side businesses-Posts about side businesses or sources of revenue not claimed on the SF-86 could cause questions as an entire section of the SF-86 addresses income sources.
  •         Hidden lifestyle-Groups, pages, and other social media memberships may raise red flags if their ties are questionable.

Solutions - What to do about the social media risks

Closing social media accounts and going of the grid is one option. However, before you go removing social media posts or tuning out entirely, there are a few things you can do to keep engaged and do so responsibly.
  •         Disengage from social media
  •         Complete SF-86 as thoroughly and accurately as possible balancing activities with what is avaialbe on your social media sites
  •         Make your postings private
  •         Only post information that demonstrates low risk to violating the 13 Adjudicative Guidelines
  •         Be sure to pay a visit to the security manager and on the SF-86 to close the loop.
  •         Reconcile all business and revenue sources.
  •         Consider not posting any work related activities.
  •         Be sure you can explain likes, friendships, or relationships with non US persons if they come up in the investigation. 

Social media can and should be used responsibly. It is not the place to go to tell your problems, woes, join un-vetted groups or friendships, or talk about your work with abandon. Doing so may raise awareness to problems with any of the 13 Adjudicative Guidelines. Being aware that social media posts can be used in the investigation process, posting responsibly can prevent adjudication problems.



Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".