Tuesday, August 1, 2017

 By Jeffrey W. Bennett, ISP, SAPPC
Get your copy @ www.redbikepublishing.com



If you are serious about advancing in your field, get security certification. 

Taking practice tests is a great way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification. DSS has study material and tests available for those who enrol, NCMS has test study material as well.

Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM. It could help you pass the ISP and SPeD certification exams.

We've updated our manual for NISPOM Change 2. Have a go at some new questions. 

Try these questions to see how you do:

1.      A facility at which only one person is assigned shall establish procedures for _____notification after death or incapacitation

a.            CSA
b.            GCA
c.             Next of Kin
d.            FSO
e.             FBI

2.      Reports submitted to the _____ involve espionage, terrorism and sabotage.
a.            CIA
b.            FSO
c.             CSA
d.            ISSM
e.              FBI

3.      Which is a part of System and Services Acquisition Control Measure
a.            Develop Security Plans
b.            Assess and Determine Usefulness of IS Security Controls
​c.            Employ Software Usage
d.            Provide Supporting Utilities for IS
e.             Limit Access to Authorized Users

4.      Which marking DOES NOT properly reflect what should be applied to the “Downgrade To” line:
a.            Derived From
b.            Downgrade To On
c.             Declassify On
​d.             Classified  By
e.             None of the above










Scroll Down For Answers






1.      A facility at which only one person is assigned shall establish procedures for _____notification after death or incapacitation
a.            CSA (NISPOM 1-204)
b.            GCA
c.             Next of Kin
d.            FSO
e.             FBI

2.      Reports submitted to the _____ involve espionage, terrorism and sabotage.
a.            CIA
b.            FSO
c.             CSA
d.            ISSM
e.             FBI (NISPOM 1-300)

3.      Which is a part of System and Services Acquisition Control Measure
a.            Develop Security Plans
b.            Assess and Determine Usefulness of IS Security Controls
c.             Employ Software Usage (NISPOM 8-301)
d.            Provide Supporting Utilities for IS
e.             Limit Access to Authorized Users

4.      Which marking DOES NOT properly reflect what should be applied to the “Downgrade To” line:
a.            Derived From
b.            Downgrade To On
c.             Declassify On
d.            Classified By (NISPOM 4-208c)
e.             None of the above

So how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification,
DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.

According to reader comments and emails to the author, many who have bought this book, the ISP Test Tips, and used our techniques to augment their preparation have performed very well on the exam.



Is your Information Management System (IMS) capable of facilitating the retrieval and disposition of classified material as required?



 Contractors are required to be able to retrieve and dispose of classified information within a reasonable amount of time. The government owns it, so contractually, the contractor should turn it over upon request. An information management system will help with that task.

Question:
Is your Information Management System (IMS) capable of facilitating the retrieval and disposition of classified material as required?

RESOURCE: ISL 2006-01 Information Management System under Industrial Security Letters at: http://www.cdse.edu/toolkits/fsos/safeguarding.html

Answer:

NISPOM 5-200. Policy.

Contractors shall establish an information management system to protect and control the classified information in their possession. Contractors shall ensure that classified information in their custody is used or retained only for a lawful and authorized U.S. Government purpose. The U.S. Government reserves the right to retrieve its classified material or to cause appropriate disposition of the material by the contractor. The information management system employed by the contractor shall be capable of facilitating such retrieval and disposition in a reasonable period of time.

 Where the Top Secret Control Official is required to keep records of TOP SECRET information, the information management systems for SECRET and below is not proscribed. The NISPOM guidance is for contractors to implement a control that allows for the acknowledgement of, tracing of, and disposition classified information that is possessed. The NISPOM does not require any specific format, just that there is something in place that performs a control type of function. What is the function? To be able to retrieve and report disposition of classified information in a reasonable time.

The control helps to ensure that classified information is used or retained for lawful and authorized U.S. Government services. This control helps enforce that. For example, a classified contract is awarded and according to the DD Form 254, the contractor is permitted to receive, generate, and store classified information as the SECRET level.

As classified information is received, generated, and stored, the acceptance, issuance, generation, existence, etc. should be acknowledged in a contractor supplied control. This can be accomplished through a software based solution such as SIMS Software or as simple as using an excel spreadsheet or piece of paper and a stubby pencil.

Now, suppose the contract ends and the government requires returning all classified information related to the contract with in a certain period of time. The contractor is required to return all classified information in a short suspense. If it’s just a few items, no problem, however, if the contractor has multiple security containers in multiple rooms or buildings, this could prove difficult without a dependable and accurate information management system.

There also is no requirement for any form of receipt and dispatch records. However, if a contractor has a large number of documents, such tools may be very helpful. A software program that allows the tracing and “accountability” of inventory could be a significant event while searching for classified information.

For example, suppose the classified information was received and put into a company security container in a central receiving area and logged into that location. A year later, the cleared employees on contract require the classified information to be moved into a newly constructed room with a new security container. A receipting or tracing action that follows the relocation of the document would allow the quick retrieval. Relying upon memory or forgetting to document the movement could result in a time consuming hunt.

Whichever method is used to enforce this control, the intent is for the contractor to demonstrate capability for timely retrieval of classified information wherever it’s and have the ability to dispose of classified information when required to do so.

Validation:

Practice retrieving documents to ensure system functions

Clearly demonstrate ability to retrieve classified information

Clearly demonstrate ability to relay disposition of destroyed classified information

Ensure cleared employees understand the information management system through training and briefings


Saturday, July 29, 2017

Guideline A: 13 Adjudication Criteria

Many are aware of the Thirteen Adjudicative Guidelines of which security clearance decisions are made. For those not aware, the security clearance process begins, maintains, and continues with background investigations, observations, and adjudication decisions. When an employee is required to perform on a classified contract, the Facility Security Officer initiates a security clearance background investigation. When an employee performs on a classified contract, their security clearance privilege is in continuous evaluation. When a cleared employee is required to continue their clearance, the FSO submits a periodic reinvestigation request. These three security clearance states rely on the employee demonstrating their competency to protect classified information under the 13 Adjudicative Guidelines. This article is the first in a series of articles to describe each guideline.

Guideline A Allegiance to the United States

Under Guideline A, the employee bears the burden to clearly demonstrate unquestionable loyalty to the United States. After all, they will be in possession of sensitive information that could lead to varying levels of damage to national security if compromised.

Questionable Behavior

Under Guideline A, decisions are based on findings of disloyal activity, not on the applications words of faithfulness. There are many ways to demonstrate questionable loyalty that outweigh verbal declarations.  For example, you might think your neighbor’s daily flag raising ceremony is very patriotic and you may never question their loyalty. However, your discovery of their belonging to an organization sympathetic to America’s enemies may change your view. In light of their questionable associations, their reciting the Pledge of Allegiance every day is a nice gesture that is outweighed by their behavior.  In a security clearance investigation, these observations may cause a denial or revocation of a security clearance; no matter how much they protest their love of America. The risk that they may compromise classified information to support their potentially true allegiance is too great.

An example of a Guideline A violation could be joining an anti-America or other hate group demonstrating desire to attack, overthrow, sabotage, or otherwise cause harm to the American government or just supporting those who do. This “joining” could be as involved as participating in activities, attending meetings, or just “liking” a social media group run by a foreign or domestic terrorist organization.

Currently, there are no security clearance decisions available on the DOHA website that are based on Guideline A violations. However, there are plenty of examples for Guidelines B and C (Foreign Influence and Foreign Preference). In other words, while Guideline A violations may be difficult to prove, the great probability of determining Guidelines B and C violations may be the next considerations to deny or revoke a security clearance. We will cover these cases in future installments.

Please follow link to read the rest of the article at clearancejobs.com https://news.clearancejobs.com/2017/05/31/criticizing-government-cost-security-clearance/

NISPOM Based Questions

NISPOM Based Questions

                  
 By Jeffrey W. Bennett, ISP, SAPPC
                  
                                                                                                                                 
Get your copy @ www.redbikepublishing.com
                  

         
         
            If you are serious about advancing in your field, get security certification. 
                  

            Taking practice tests is a great way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification. DSS has study material and tests available for those who enrol, NCMS has test study material as well.
           
              Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM. It could help you pass the ISP and SPeD certification exams.

                  
We've updated our manual for NISPOM Change 2. Have a go at some new questions. 
                  

            Try these questions to see how you do:
                  
         

1. The NISP was established by:
                      
a. Executive Order 12829 
                      
b. Executive Order 12333
                      
c. Executive Order 13355
                      
d. Executive Order 12356
                      
e. Executive order 12345
                      
2. An employee with a privileged user account can perform which of the following functions?
                      
a. System Control
                      
b. System Monitoring
                      
c. Data Transfer
                      
d. Functions general users are not authorized to perform
                      
e. All of the above 
                      
3. General and privileged users should receive which of the following training?
                      
a. Threat awareness training
                      
b. Insider threat training
                      
c. Risks associated with user activities
                      
d. NISP based responsibilities
                      
e. All the above 
                      
4. Contractors performing work on federal installations shall safeguard classified information
              according to procedures of:

                      
a. NISPOM
                      
b. Block 13 of DD From 254
                      
c. Host Installation or Agency 
                      
d. CSA
                      
e. CSO
                      
          
                  
                  
                  
                  
                  
                  
                  
                  
         

           
              Scroll Down For Answers
           
         
                      
                      
                      
1. The NISP was established by:
                         
a. Executive Order 12829 (NISPOM 1-101)
                         
b. Executive Order 12333 
                      
c. Executive Order 13355 
                      
d. Executive Order 12356
                      
e. Executive order 12345
                      
2. An employee with a privileged user account can perform which of the following functions?
                      
a. System Control
                      
b. System Monitoring 
                      
c. Data Transfer
                      
d. Functions general users are not authorized to perform
                      
e. All of the above (DSS Assessment and Authorization Process Manual)
                      
3. General and privileged users should receive which of the following training?
                      
a. Threat awareness training 
                      
b. Insider threat training
                      
c. Risks associated with user activities
                      
d. NISP based responsibilities
                      
e. All the above (NISPOM 8-101)
                      
4. Contractors performing work on federal installations shall safeguard classified information
              according to procedures of:

                      
a. NISPOM
                      
b. Block 13 of DD From 254
                      
c. Host Installation or Agency (NISPOM 1-200)
                      
d. CSA
                      
e. CSO
                      

           
           
           
              So how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification,
                      
                      
                      
                      
DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.
           
              According to reader comments and emails to the author, many who have bought this book, the ISP Test Tips, and used our techniques to augment their preparation have performed very well on the exam.

          

Monday, May 29, 2017

Security Controls

This article continues the series covering the Self-Inspection Handbook For NISP Contractors and guidance found in the National Industrial Security Program Operating Manual (NISPOM) Incorporating Change 2

Prior to sending classified information via commercial carriers, the holder of the classified information should gain approval of the intent to ship and the method of shipment.  Once the approval is gained, the shipper should properly prepare the product and coordinate the shipment with the government, shipper, and receiver.

Question:
Do your cleared employees understand their safeguarding responsibilities?

Answer:

NISPOM 5-100. General.

Contractors shall be responsible for safeguarding classified information in their custody or under their control. This includes classified material controls that govern procedures or capabilities that deny, deter, and detect any unauthorized attempt to gain access to classified information.

NISPOM Chapter 5 is a large section that attempts to provide information to protect classified information by format (written document, electronic document, hardware item, information system, etc.) and location (open storage, computer, in transit, at work, etc). Chapter 5 addresses protection of classified information during reception, storage, transmission, destruction, physical security, and more. This protection involves marking, physical security specifications, oral communication, access, hand carrying, need to know, and other measures to prevent unauthorized access.

While other NISP Handbook sections address format and location of classified information, Section Q focuses on controls that are in place to trace and account for classified information at the cleared facility. This safeguarding question addresses a theme that is undercurrent to the entire Chapter 5; the administrative and technical controls in place to document and detect status of classified information. Though some of these controls were covered in other NISP Handbook questions, they are re-visited here to demonstrate a specific security function.

The question again is general and will be further unpacked in in specific application as we work our way through Section Q. The point with this article is to explain the controls at a high level and dig deeper in consecutive articles. The cleared employees should understand how to answer the question in the context of information management system and perimeter controls available to ensure classified information is received, only authorized persons gain access, and any unauthorized attempts to gain access is detected.

Validation:
Policy and procedure in place that describe information management and perimeter controls
Employee acknowledgement of security training and understanding of classified material controls
Provide written authorization for hand carrier to transport classified information
Develop tracking system to ensure receipts are returned in a timely manner
Provide proof of hand carrier or escort briefing
Review and compare signatures of couriers who have attended training and briefings


Saturday, May 6, 2017

Hand Carrying Classified Information and Multi-mode Travel



Traveling with classified information.

The other day as I traveled home from work I thought about my coffee pot. Did I turn it off? Am I sure it’s off? How do I know it’s off? The only way I was able to hold anxiety back is to recall my end of day process and determine with conviction that I had indeed turned it off.

Imagine how the anxiety increase if you can’t recall whether or not you secured the security container, removed classified information from the printer, or set alarms. Well, the dedicated security professional understands the need for process, procedure, and end of day check lists. Without these controls, many would have a hard time sleeping.

You may be able to recall news reports, security awareness training, briefings, or other notifications where someone has had unattended sensitive information stolen from their rooms, vehicles, or other location while in transit. These incidents are preventable with application of process and procedure.

This prior planning (processes and procedures) not only helps ensure classified information is protected during transport, but it gives assurance that once planned and rehearsed, it should work well during execution. Even with the many variables that could be faced during travel (weather, delays, re-routing, cancellations, etc.) the process can be tailored and applied with assurance of mission accomplishment.

This planning and rehearsal should be conducted with the mode of transportation in mind. The remainder of this article is from the book “DoD Security Clearance and Contracts Guidebook” and discusses how to protect classified information during travel.

Modes of Travel
Hundreds of thousands of tons of cargo travel our roads, rails, and airspace daily. America depends on transportation to get products to customers safely and on time. When products are lost or damaged, carrier insurance will reimburse either the shipper or receiver. However, there is no insurance for damage to national security. Classified items lost, stolen or exposed during shipment pose a threat. No matter how dependable a carrier’s track record, the government approver, sender, and hand carrier should do everything possible to transport classified information while mitigating any risk of loss or compromise.

The volume of material transported on any given day is staggering. Transportation by any means is reliable but not risk free. Vehicle accidents, traffic jams, break downs or any number of problems with land, air, rail and sea transportation can threaten the security of the classified product. Natural disasters and mechanical failure can cause delays in the reliable movement of items. Air travel also has inherent risks including: late gate departures and arrivals, crowded terminals, and maintenance problems significantly threaten the ability of an escort to keep a close eye on the cargo hold. Those escorting classified material via trains, over the road vehicles, and air carriers should be aware of inconsistencies or events during the shipment that could negatively impact the security of the item. When any event happens to cause an unscheduled delay, the escort should immediately notify the shipper.

Rail
When shipping classified information by train the escort should ride in the same car, keep the package under constant surveillance and remain vigilant during stops and layovers. Experienced travelers understand the frustrations involved when others have retrieved the wrong baggage. Escorts should ensure they maintain their receipts and watch their package to prevent such mistakes from occurring as well as other attempts to pilfer or steal. Shipping classified material in a separate car poses a more difficult challenge. Coordination with railroad employees will significantly reduce the challenges while helping to strengthen security. When freight cars and passenger cars are separated, the FSO should arrange with the railroad for the freight car to be positioned immediately in front of the escort’s car. The biggest threat occurs during stops. When time permits, escorts should leave the train at all stops and perform a physical inspection of the protective measures (seals, locks, etc) applied to the classified items on the shipment cars.

Highway
Overnight escorts should remain alert for security violations, theft, piracy, pilferage, hi-jacking, damage or other incidences that could jeopardize the shipment and compromise the classified information. Rest and overnight stops, regulated driving hours and refueling pose additional risks to the voyage. At every stop the escort should keep the vehicle in view and remains alert to threatening actions. Highly sensitive items, urgency and threat may require a carrier to provide enough escorts to work around the clock shifts.

Air
Airlines also offer unique challenges to transporting classified material. Air carriers are experienced in flying various types of cargo to worldwide locations. Federal marshals fly prisoners, zoo keepers ship exotic animals, and doctors transport donor organs. Those transporting classified materials are also limited to the type of cargo the Federal Aviation Administration and the National Transportation Safety Board authorizes. Prior arrangements with the air carrier help them understand the unique requirements for shipping classified material and will better meet the requests of the consignor.
Passenger travel is a choreographed event. Passengers board when invited, remain in their seats during takeoff and landing and deplane when instructed. When transporting classified material, the escort should request boarding and deplaning services outside of normal operations.

When layovers are expected, the escort should be the first off the plane and wait in an area where they can observe activities on and around the cargo access door. If the cargo is transshipped using another airplane, the escort should observe the process. When the plane is ready to continue the journey the escort is again the last to board. Upon reaching the final destination, the escort becomes the first to deplane.

Cleared employees traveling by commercial aircraft should conduct extensive pre planning. In addition to identification, a courier briefing, and notification to maintain accountability of the classified material at all times, should be coordinated with the Transportation Security Administration (TSA). For example, while traveling by automobile, the courier may only need to drive to the final destination without having to speak to anyone. The route is often direct to the destination with no interruptions. However more vigilance is needed when traveling to and through an airport terminal.
Prior to a cleared employee traveling with classified information on commercial airlines the FSOs should coordinate with the TSA. TSA can help the courier or escort transition security with the least amount of interruption or intrusion for both the courier and TSA agents. TSA agents might examine the classified package with x-ray equipment.

Depending on the size of the airport, urgency and threat level, the arrangements and coordination made with TSA can help make negotiating through to the secure area easier. A good working relationship between the FSO and TSA helps both parties understand the importance of the courier remaining with the classified package at all times. When it is necessary to send the classified material through the x-ray machine, the courier must remain vigilant and know where the item is at all times.

 A risk based approach should be undertaken prior to sending classified information outside of secure facilities. Every effort should be made to plan the trip to protect classified information by format and location along the route. Plan for delays and interruptions in schedules as many travel issues are out of the travelers control. Training, planning, process, procedures, and rehearsal can provide safe travels and keep anxiety levels down.


Red Bike Publishing provides downloadable training and briefings that are helpful in managing security programs that protect classified information. You can find training and briefings that meet your need at our website.

This article is based on the book DoD Security Clearance and Contracts Handbook available at www.redbikepublishing.com


             

Hand Carrying Classified Information-Planning and Execution

This article continues the series covering the Self-Inspection Handbook For NISP Contractors and guidance found in the National Industrial Security Program Operating Manual (NISPOM) Incorporating Change 2

Prior to sending cleared employees to courier or escort classified material, the holder of the classified information should gain authorization. Classfied information should not leave the facilities without the authorization to do so, a complete inventory of the items to be removed, and the intent to protect it from unauthorized disclosure, loss, or theft.  

NISPOM 5-410. Use of Couriers, Hand Carriers, and Escorts. Contractors who designate cleared employees as couriers, hand carriers, and escorts shall ensure:

c. The employee retains classified material in his or her personal possession at all times. Arrangements shall be made in advance of departure for overnight storage at a U.S. Government installation or at a cleared contractor's facility that has appropriate storage capability, if needed.

d. If the classified material is being hand carried to a classified meeting or on a visit, an inventory of the material shall be made prior to departure. A copy of the inventory shall be carried by the employee. On the employee's return to the facility, an inventory shall be made of the material for which the employee was charged.

Question:
5-410
Is hand carrying of classified material outside the facility properly authorized, inventoried, and safeguarded during transmission?


Answer:

To help ensure that classified information is protected during shipment, the courier should understand their role and responsibility to protect classified information. The security manager, FSO, holder of classified information, Defense Security Services, and Government Contracting Activity should understand the mission, where the classified information exists, where it will go, the method of transportation, the route, and how it will be protected during transport, and secured once delivered. In this case, the classified information should be properly inventoried, wrapped, and hand carried by a fully briefed cleared employee. All parties should be involved in all phases of transporting classified information to include pre-trip, during transport, and after trip preparations.

Pre-Trip
Travel planning should include mode of travel, route to take, a travel plan to get there, and all necessary credentials for the cleared employee carrier. The involved parties might form a temporary planning team to discuss travel scenarios to prepare for and execute safe transport and protection of classified material. Prior to departure the planning team should also ensure that the classified package to be carried is inventoried and documented, receipted, provided written authorization is available and picture identification and credentials are on hand. A good practice is to issue a memorandum or other written authorization that identify the cleared employee the approved carrier.  

The credentials should be issued only after the cleared employee has acknowledged their understanding of their role and requirements along the way. Practice runs, hands on training or using experienced employees is a preferred way to prepare. Look for threat points and methods of tailoring the travel to protect items by their format, mode of travel, and location along the route. Such confidence, experience, and education help prevent security violations.

During Transport
Courier should adhere to the planned route and not make unnecessary deviations without coordination and approval. Where overnight or long term stops are required, they should be part of a plan with approved locations to store the classified information. The classified information must remain with the courier and should not be opened by unauthorized persons or contents discussed openly. The classified package should never to be left unattended and the courier should not allow themselves to be distracted from protecting the classified material.

If the trip involves an overnight stay, a stop should be scheduled during preparation and arrangements made for approved storage. Plans should also include what to do in case of emergencies, unintended layovers, vehicle breakdowns, or other unplanned events. This approved storage should be coordinated with the GCA or DSS. The courier should not store classified information in lockers, private homes, automobile trunks, hotel safes or other unauthorized areas.

After Trip
A government customer may require a defense contractor to attend a classified visit or meeting at another defense contractor’s cleared facility. The cleared facilities where the meeting occurs may authorize the courier to report directly to the meeting without additional processing. However, the courier should be prepared to introduce the classified information according to the cleared facility’s policies or per instruction from the government sponsor. Prior arrangements and coordination will prevent any delays or surprises.

The courier should expect the receiver to inventory the classified information, sign required receipts, and assume responsibility of the classified information. Once that is established, the courier’s job is complete and they are relieved of possession and responsibilities of protecting the classified information.

Once the courier returns, they should provide signed receipts and close out the travel action. This closeout might include a report of the trip to include any follow up for suspicious contact, incidents, or threats to the classified information.

Validation:
Document planning process with planning team
Provide written authorization for hand carrier to transport classified information
Develop tracking system to ensure receipts are returned in a timely manner
Provide proof of hand carrier or escort briefing
Review and compare signatures of couriers who have attended training and briefings

Red Bike Publishing provides downloadable training and briefings that are helpful in managing security programs that protect classified information. You can find training and briefings that meet your need at our website.

This article is based on the book DoD Security Clearance and Contracts Handbook available at www.redbikepublishing.com