Thursday, December 29, 2011

Putting it all together-The Impact of the Influential FSO

FSOs should understand more than just the technical aspects of administering a security program. 

Understanding how to mark, safeguard and disseminate classified information is important. However,
the FSO should reach beyond the description of implementing a security program to safeguard classified material. The position also requires:

1.  Assessing risks to the classified material
2.  Interpreting safeguarding requirements
3.  Communicating and incorporating a culture of compliance within the organization
4.  Projecting the impact of classified contracts on the enterprise.

To do this, the FSO should possess the vision and skills to see where the security program needs to go, how to get there and encourage a security vision from the senior executive level downward. Without the proper influence, the FSO is may not be able to run a program to protect classified material

Effective tools include:
• Helping form corporate culture
• Installing and monitoring metrics
• Converging security and corporate functions
• Planning for Growth


For more detailed information on FSO functions, see Chapter 12 Putting It All Together of the book
DoD Security Clearances and Contracts Guidebook.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Appointing the Right FSO

The Cleared Contractor appoints a Facility Security Officer (FSO) to protect the work on classified contracts and provide important administrative functions to maintain the security clearance of the business and cleared employees. However, the FSO can be much more impacting by applying understanding of four important functions:

1.  How to protect classified information as it relates to the cleared contract, organizational growth, enterprise goals, and NISPOM guidance
2.  How to conduct a risk analysis
3.  Demonstrate cost, benefits and impact of supporting a classified contract under the NISPOM requirements and sustain an environment of cooperation and compliance within the enterprise.
4.  Influence and compel the senior leaders to make good decisions, support compliance and integrate security into the corporate culture.

After all, good industrial security practices protect against damage to national security, but could also impacts the organizations ability to work on and maintain classified contracts. The FSO is pivotal to the successful execution of classified contracts.

As the small enterprise grows, more and more experienced FSOs are beginning to understand a growing company’s needs and have returned to college finish their education. Colleges and universities are
now offering a variety of security and management degrees perfect for meeting the growing FSO education requirements. Professional organizations also offer security certifications. Consequently, the pool of
experienced and educated FSOs is growing. Cleared defense contractor executives should clearly consider the FSO job description and list the exact qualifications desired before posting the position as a job announcement.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Friday, December 23, 2011

4 Practice Questions to Prepare You for Industrial Security Professional ISP Certification

Thinking about getting security certification? Consider ISP Certification

The following questions are from ISP Certification-The Industrial Security Professional Exam Study Manual

107. What method of justification should a contractor submit to attend a classified meeting?
a. List the classified contract involved
b. Cite the clearance level
c. Give company CAGE code
d. Submit job position
e. List qualifications

108. Contractors may keep classified information generated under IR&D provided:
a. Their contract is still active
b. The originating program manager is still employed
c. The FSO catalogs the information
d. Adequate storage capability exists
e. The contractor maintains facilities on Government property

109. Executive Order 12829 requires heads of agencies to enter into agreement with:
a. FSO
b. Foreign Governments
c. Secretary of Defense
d. Department of Labor
e. Department of Energy

110. How do you mark unclassified material to simulate SECRET?
a. EXERCISE…EXERCISE…EXERCISE
b. SECRET TRAINING
c. SECRET FOR TRAINING ONLY
d. SECRET FOR TRAINING, OTHERWISE UNCLASSIFIED
e. SECRET






Answers-Don't Scroll Down until you're ready





107. What method of justification should a contractor submit to attend a classified meeting?
a. List the classified contract involved (NISPOM 6-203)
b. Cite the clearance level
c. Give company CAGE code
d. Submit job position
e. List qualifications

108. Contractors may keep classified information generated under IR&D provided:
a. Their contract is still active
b. The originating program manager is still employed
c. The FSO catalogs the information
d. Adequate storage capability exists (NISPOM 11-304)
e. The contractor maintains facilities on Government property

109. Executive Order 12829 requires heads of agencies to enter into agreement with:
a. FSO
b. Foreign Governments
c. Secretary of Defense (NISPOM 1-103a)
d. Department of Labor
e. Department of Energy

110. How do you mark unclassified material to simulate SECRET?
a. EXERCISE…EXERCISE…EXERCISE
b. SECRET TRAINING
c. SECRET FOR TRAINING ONLY
d. SECRET FOR TRAINING, OTHERWISE UNCLASSIFIED (NISPOM 4-215)
e. SECRET



The above questions are from ISP Certification-The Industrial Security Professional Exam Study Manual

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

6 Great Reasons to Mark Classified Information

Classification markings are applied to the top and bottom, front and back of classified items. Markings are also found in internal pages, paragraphs and other locations inside documents, books, manuals and other paper based products.

Here are the top reasons for marking classified information:

  1. Warn and inform a user that an item is indeed classified or sensitive
  2. Conveys what exactly needs protection
  3.  Identifies levels of classification or sensitivity
  4. Provides vital information and instruction on when to downgrade or declassify the material
  5. Gives sources and reason for classifying the item
  6. Warns of special access, control, dissemination or safeguarding requirements

Find out more in DoD Security and Contracts Guidebook-What You Need to Know About Your Need to Know


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Tuesday, December 13, 2011

3 Effective Ways to Go Above and Beyond with Category 7 of the NISP Enhancement

Category 7 of the NISP Enhancement is:  Counterintelligence Integration/Cyber Security provides a tool that cleared contractors can use to demonstrate exceeding NISPOM requirements. Injecting this into the security program also enhances security by bringing to light types and frequency of suspicious contacts.

1.      The purposeful execution of Foreign travel pre-briefings-When employees travel to a foreign country, they may be targeted to provide sensitive information. A threat and/or defensive briefing should be provided to all cleared employees per NISPOM Chapter 3 (NISPOM Training). The briefings should be documented with signatures, dates and contents of briefings for presentation to Defense Security Services (DSS) industrial security representatives.
2.    Conducting debriefings once the employees return from foreign travel. It is a tool to follow-up with the threat or defensive security briefing presented prior to the foreign travel.
3.    Implementation of quality assurance efforts to check and verify Suspicious Contact Report (SCR) training, reporting directions and employee knowledge (e.g., setting up appropriate simulated exercises to validate employee knowledge/situational awareness of SCR reporting process). A good training resource can be found @ http://www.dss.mil/counterintel/.
 This can be done in a number of venues:
·        Employing trigger points at various business units. For example, a cleared employee traveling overseas may be required by policy to contact human resources, company insurance, travel branch, export compliance and etc. Build in an demonstrate a trigger point where the Facility Security Officer is also notified to provide briefings or other performance action
·        Build in simulation exercises during annual security refresher training. Demonstrate and document training, discussions, role playing and other activities that teach and test employee knowledge


For more information on NISP Enhancement, see DoD Security Clearance and Contracts Guidebook

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Wednesday, December 7, 2011

Four Powerful Ways FSOs Can Employ in Creating a Security Conscious Enterprise

1.  Influence at all levels-A key trait an FSO should demonstrate is the ability to work within organizational structures to gain executive, manager and work force cooperation. An FSO can train and write policy but without the enterprise’s full cooperation, will find it difficult to enforce.

2.  Integrate security at all levels-A well integrated security plan ensures that all business units within an enterprise notify the FSO of any change in disposition of cleared employees or classified contracts. This integrated system will trigger the contracts, program manager, business development and other units to coordinate with and keep the FSO informed of expired, current, and future contract opportunities and responsibilities.

3.  Be fiscally responsible-An important task that an FSO faces is the successful implementation of the security program while supporting the company’s primary mission; to make money while successfully performing on classified contracts. Security efforts should be risk based and focused while meeting NISPOM requirements. An FSO with business competency and know how is highly desired. For small contractors, this could mean selecting the most competent employee for the appointed duty. For large organizations, a thorough job description and performance requirements should capture the best candidates.

4.  Be flexible, but knowledgeable-The constantly evolving world situation creates an ever changing security environment. Some changes may result in new government policies and guidance. These guidance and policy implementations may provide a changing environment through which the FSO and security staff must be able to negotiate. For the FSO, DSS communicates changes to the NISPOM through Industrial Security Letters (ISL). When changes are identified, the FSO should take advantage of an integrated security plan to notify affected programs and employees to reach a feasible solution.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Monday, December 5, 2011

Why the US Government Assigns Classification Levels and the DoD Contractor Responsibilities

The US Government has designed policy to ensure that classified material is protected at the level designated to prevent unauthorized disclosure. Classified information is marked by an original classification authority (OCA) with CONFIDENTIAL, SECRET or TOP SECRET and cleared contractors should protectect it at the appropriate level. TOP SECRET has more restrictions than SECRET and SECRET has more restrictions than CONFIDENTIAL. Each must be protected according to the classification markings. For example, unauthorized disclosure of CONFIDENTIAL information could reasonably be expected cause damage; SECRET could reasonably be expected to cause serious damage; and TOP SECRET could reasonably be expected to cause exceptionally grave damage to national security.

The OCA provides classification level information through the DD Form 254, security classification guide and through classification markings.

When the classification level is determined, all related classified information should be properly identified with the classification markings. The markings indicate the level of classification, identify the exact information to be protected, provide guidance on downgrading and declassification, give reasons for classification and sources of classification, and warn of special access, control or safeguarding requirements.

Though defense contractors don't assign classification levels, it helps to understand why information gets classified and how the government identifies the classified information. The cleared contractor works with the classified information and protects it according to the markings.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM