Friday, January 27, 2012

Requirements for obtaining an FCL

The facility clearance is required to be in place prior to the contractor performing on classified work. After the GCA or prime contractor submits the sponsorship letter, the company can begin the process of applying for the clearance. A contractor has to meet five requirements before it can be processed for an FCL.

• Be Sponsored
• Sign Department of Defense Security Agreement
• Complete a Certificate Pertaining to Foreign Interests
• Provide Organization Credentials
• Identify Key Management Personnel clearances

Sponsorship-A company cannot apply for a security clearance for business development purposes or to be more competitive. The security clearance process begins with a need which is supported by a legitimate U.S. Government or foreign government requirement and the classified contract will be offered to meet that need.

Department of Defense Security Agreement (DD Form 441)-A security agreement is signed between the US Government and defense contractor. This agreement is legally binding and designates responsibilities of each party to follow procedures established by NISPOM.

Certificate Pertaining to Foreign Interests (SF 328)-Cleared contractors are evaluated to determine whether or not they fall under Foreign Ownership Control or Influence (FOCI) and to what degree.

Organization-the enterprise must be in good business standings and have a history of demonstrating a good reputation and ethical business practices. The company should prove that they are structured and a legal entity under the laws of the United States, the District of Columbia or Puerto Rico and have a physical location in the United States or territories.

Key Management Personnel (KMP)-These are management or senior leaders who influence decisions regarding classified contracts. KMPs can be members of the board of directors, vice-presidents, directors
or other upper level managers. Also, neither the company nor key managers can be barred from participating in U.S. Government contracts.



Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Wednesday, January 18, 2012

Three Requirements FSOs Should Include in Cleared Contractor Initial Security Training and Annual Refresher Training

Training is increasingly important as those working in the National Industrial Security Program (NISP) employ security measures at cleared contractor facilities under the National Industrial Security Program Operating Manual (NISPOM). Challenges emerge as new technology provides increasing levels of difficulty while protecting classified information.

The facility security officer (FSO) should foster an environment where training is encouraged and expected. Developing such relationships with cleared employees create an environment of cooperation. This environment facilitates the recruitment of all employees to protect national security. Those working in the enterprise can be the eyes, ears and muscle, acting as force multipliers, and extending the effectiveness of the security department.

FSOs should conduct initial and refresher training and file reports as required by the NISPOM. Instead of conducting NISPOM training with compliance as the end goal, the training can be performed as an effective relationship building opportunity. This education increases a cleared employee’s knowledge of responsibility to:
  • ·         protect classified material
  • ·         detect attempts at espionage and other security violations
  • ·         report incidents, violations and status changes affecting personnel and facility clearances

 Training programs should address three issues: 
  1.             Effective Performance – The NISPOM requires cleared employees to attend initial and refresher  training. The FSO should explain NISPOM requirements as they apply to the cleared facility’s storage and clearance levels and mission.
  2.             Adverse Information – Cleared employees should be able to report credible anything that affects the ability of themselves, other cleared employees and the facility’s ability to protect classified information. Traditionally, those who have stolen information from their organizations have demonstrated patterns and behavior that should have raised suspicion with co-workers much earlier. Too much time at the copier, working late when unnecessary, sudden unexplained wealth and other indicators have been reported to investigators after the fact. Timely reporting is a vital link between security and employees in the protection of classified information. Adverse information should be reported immediately. Reluctance to report information on themselves could stem from FSOs not adequately communicated the objective of reporting.
  3.       Security Violations – Security violations occur when classified information is not protected. When violations do occur they must be reported to the FSO immediately. Relationships can develop while conducting training and other interaction opportunities could lead to more willingness to report minor incidents and major violations. Investigations and interviews should be conducted to find root causes and determine whether or not a loss, compromise or suspected compromise has occurred. The results are either handled in-house or sent to DSS depending on the findings.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Friday, January 13, 2012

Test your Knowledge with FSO Problems From Chapter 6 DoD Security Clearance and Contracts Guidebook

Test your Knowledge with Problems From Chapter 6 DoD Security Clearance and Contracts Guidebook
1. As a document custodian, your responsibilities include receiving and inspecting documents for proper classification markings. You receive a properly wrapped classified document from a Government agency with the following characteristics:   
     • Contains UNCLASSIFIED, CONFIDENTIAL and SECRET information
     • Created on June 21, 2007
     • Reason for Classification is 1.4 (a)
     • Contains 400 pages
     • Classified by: Jon Wain, RBP, 1022 DDMA
     • Classification guidance is found in the Gravy Security Classification Guide

1a. Based on the above description, what are the major areas you would expect to see classification markings?

1b. Write out the “By:” line describing who classified the material, reason for classification and the declassify on date.

1c. Which classification marking would you expect to find on the overall marking?

2. Your security team is conducting an annual inventory of your company’s classified holdings. In the course of the inventory, they come across a 30 page document entitled Weather Capabilities (U). The document is slightly worn but otherwise in good condition. Your team notifies you that a page is loose and that the document needs to be repaired. They also ask your opinion on some findings concerning internal illustrations;
none of the graphs, pictures or containers contains classification markings. Additional information for the document follows:
     • Created in 1986
     • Contains the following marking on the first page:
     • Classified by: RBP, 1022 DMDA
     • Reason for classification: Military capabilities
     • Declassify on: OADR
     • Contains overall classification of CONFIDENTIAL.

2a. What would you direct your team to do concerning the portion markings?

3. An engineer is about to print a report based on classified information. This report is a summary of information found in two different documents. As you prepare to help her correctly mark the derivative document you take into consideration the two source documents that she has provided. The source documents are the same as example questions 1 and 2.

3a. The derived document contains information classified SECRET, how would the “Classified by:” line be filled out?

3b. What should be put on the “Reason for classification:” line?

3c. What would be the duration of classification?

4. You are making the rounds of your security team’s area and overhear a heated discussion between your team members and a technical writer. In order to diffuse the situation, you politely interrupt the conversation and ask the technical writer if you can be of any help. He informs you that “your” security specialist
has rejected acceptance of the document based on classification marking errors. He states that it is a good product and no one would notice the mistake anyway. What would you say to him?

5. A program manager knocks on your door and asks if you have a moment for something important. He asks you to take a walk with him to a secure area where he shows you a piece of hardware. The object is small enough to fit in your hand. You notice a commercial CONFIDENTIAL label; the kind that a manufacturer might install at the factory. The manager lets you know that he has been informed that the object is not classified at all, but that the manufacturer installed the labels as classified material would be added at a later date. The program manager would like to bring the item to an unclassified meeting seeing that “it’s not classified anyway.” You notice that the object is well worn and does not look new at all.

5a. Where can you go to discover whether or not the item is classified?

5b. Are there any other sources?

5c. After speaking with the right people and consulting the authoritative documents, you are now more confused than ever. You decide to challenge the classification to seek the clarification you need to properly protect the item. Describe the process you would employ.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

8 Simple Steps FSOs use to Inspect Classified Deliveries

The FSO should ensure all arriving classified information is inspected and received into accountability. This due diligence is conducted to ensure that classified information has not been compromised, is related to a contract, and is properly marked. Regardless of transmission methods of physical items (mail, courier, overnight, hand carry and etc.) classified material should be double wrapped. Each layer serves to protect the classified material from inadvertent and unauthorized disclosure and should be properly addressed.
The classified information should be wrapped and sealed in opaque material or envelopes.

The NISPOM does not cover seams of wrapped items, but a good practice is to cover seams with rip-proof opaque tape or other material that prevents and detects tampering. All seams of the outer layer should be sealed with opaque tape in an effort to create a solid layer of covering. The item should be wrapped and sealed with the first layer containing the proper classification level and to and from address lines. Two copies of receipts should either be attached to the first layer or inside the first layer. The outer layer should not contain classification markings and be addressed to a cleared contractor and not a person’s name.

A good security practice allows for the sender to contact the receiver that classified material is being sent to their facility. This alerts the receiver to expect the delivery. Many times program managers, engineers
or other technical employees are anticipating the delivery, but may not have all the details of delivery times and dates. However an FSO to FSO coordination can provide all the information of the transaction
in advance.


Regardless of transmission methods, the recipient should examine the outer wrapping for evidence of tampering or to otherwise to inspect that there has been no compromise of classified material. Classified
material should be double wrapped or in other words have two independent layers of protection. Each layer consists of opaque material such as: an envelope, paper, box or other strong wrapping material.

1.  The first part of the inspection should be conducted to look for evidence of tearing, ripping, re-wrapping or some other means of unauthorized access to the material.

2.  Next, the shipping label should be reviewed for full approved classified mailing address, return address.

3.  There should be no classification markings on the outer layer of the item; the outer layer should not draw attention to the classified material inside. Classification markings on the outside of a package are a security violation.

4.  The inner layer should be inspected the same way as the outer layer for evidence of tampering or unauthorized disclosure.

5.  However, the inside wrapping should contain the full address of the recipient as well as classification markings on the top, bottom, front and back. TOP SECRET and SECRET material should have a packing list or receipt of contents either on the outside or inside of the container.

6.  If a receipt is included, the receiver should sign it and return it to the sender. Receipts are not necessary with the shipment of CONFIDENTIAL material.

7.  The receiver should then check the receipt against the contents to ensure the item has been identified correctly and all items are accounted for. The properly filled out receipt should list the sender, the addressee and correctly identify the contents by an unclassified title and appropriate quantity. Since the receipt may be filed for administrative and compliance purposes, the inspector should ensure it contains no classified information. If the receipt contains a classified title, the sender may be able to coordinate for an unclassified title for internal use.

8.  Once all the checks and verification are complete, the receiver can then sign a copy of the receipt and return to the sender, thus closing the loop on the sender’s accounting responsibilities.


Items to inspect when receiving classified deliveries:

  • Outside wrapper:
    •  Evidence of tamper
    • Seams sealed with anti-rip tape
    • Label is addressed to organization (not individual)
  • Inside wrapper:
    • Evidence of tamper
    • Seams sealed with anti-rip tape 
    • Inside label addressed to recipient 
    • Inside wrapper is marked with appropriate classification 
    • Receipts / packing list included for SECRET and above 
    • Compare receipt/packing list against contents 
    • Ensure items are classified properly 
    • Sign receipts and return to sender
Figure 5-3 (From DoD Security Clearances and Contracts Guidebook) The FSO should ensure that all classified deliveries are inspected prior to bringing them into accountability. Such checks are necessary to  ensure items were sent properly, were not tampered with in transit, contain correct items and are authorized for storage in the classified holdings


Learn more FSO required skills in DoD Security Clearances and Contracts Guidebook

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Tuesday, January 10, 2012

FSOs Can Use Defense Security Services Annual Review as Metrics

Annual DSS Reviews as Metrics
Inspections are typically conducted every 12 months for possessing and 18 months for non possessing facilities, but circumstances can require more or less frequent visits. DSS inspects the facility’s security
program for the primary purposes of ensuring their programs provide the proper protection of classified information they are charged with protecting. Additionally, the inspection programs are designed to
improve the effectiveness of the contractor’s security program. At the conclusion of the inspections, the contractor is given a rating ranging from unsatisfactory to superior:

     • Unsatisfactory-indicates that the contractor has lost or is in the process of losing their ability to protect classified material.
     • Marginal-indicates that a contractor is not meeting the requirements of NISPOM and has a substandard security program.
     • Satisfactory-the most common rating indicates that the company is generally in compliance with the NISPOM
     • Commendable-indicates that a cleared contractors runs a successful security program and enjoys the support of management.
     • Superior-is awarded for consistently high security posture and minimum amount of findings or security issues.

Prior to each inspection, the FSO and cleared contractor leadership should present DSS with a state of security briefing to introduce and go over the company security policy. Similarly, the DSS special agent may
provide an out-briefing detailing the results of the inspection. This outbriefing and soon to follow  documentation of the inspection provides further data toward building an excellent security program.

Pay attention to the results and apply them to make your security program to protect classified information even more effective.

For more detailed information, see DoD Security Clearances and Contracts Guidebook.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Thursday, January 5, 2012

3 Ways FSOs Create an Effective Security Culture

How do effective FSOs and security managers develop a culture of compliance with regulations and security programs? Quoting regulations only exasperates cleared employees and the very act does little
to foster a climate of cooperation. However, developing relationships based on a good understanding of business, the company mission and influence goes a long way toward implement the successful security
program.

1. FSO influences corporate culture-Security of classified information should be part of the organization's DNA. Instead of stove piping security functions, they should tie into the corporate mission. Though each office has a different product, funding or budget item, each fulfills their obligation in a chain of responsibilities necessary to get the product to market. When a business unit breaks down or fails to fulfill its mission,
other business units are affected.

2. FSO performs a vital mission of protecting classified information. Failure to safeguard classified material
could result in a defense contractor losing the facility clearance and ultimately cost current and future contracts. Security as an afterthought or viewed as a “necessary evil” has contributed to a loss in influence and commitment. Though the NISPOM applies to classified projects, FSOs would be mistaken to assume that only cleared persons and cleared programs
are worthy of their attention.

3. FSO trains and treats ALL employees as security “force multipliers”. With security ingrained in the performance and actions of employees, the organization has a united front and all employees exist to protect classified information. For example, even employees without security clearances can help protect classified information by learning to recognize classification markings reporting suspicious behavior or contacts.

The corporate culture of successful organizations is published organization wide and employees are well versed. Each employee should understand how they fit into the company mission and the importance
of their contribution toward the enterprise’s success.

For more detailed information, be sure to get DoD Security Clearance and Contracts Guidebook

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM
How do effective FSOs and security managers develop a culture of compliance with regulations and security programs? Quoting regulations only exasperates cleared employees and the very act does little
to foster a climate of cooperation. However, developing relationships based on a good understanding of business, the company mission and influence goes a long way toward implement the successful security
program.

1. FSO influences corporate culture-Security of classified information should be part of the organization's DNA. Instead of stove piping security functions, they should tie into the corporate mission. Though each office has a different product, funding or budget item, each fulfills their obligation in a chain of responsibilities necessary to get the product to market. When a business unit breaks down or fails to fulfill its mission,
other business units are affected.

2. FSO performs a vital mission of protecting classified information. Failure to safeguard classified material
could result in a defense contractor losing the facility clearance and ultimately cost current and future contracts. Security as an afterthought or viewed as a “necessary evil” has
contributed to a loss in influence and commitment. Though the NISPOM applies to classified projects, FSOs would be mistaken to assume that only cleared persons and cleared programs
are worthy of their attention.

3. FSO trains and treats ALL employees as security “force multipliers”. With security ingrained in the performance and actions of employees, the organization has a united front and all employees exist to protect classified information. For example, even uncleared employees can help protect classified information by learning to recognize classification markings reporting suspicious behavior or contacts.


The corporate culture of successful organizations is published organization wide and employees are well versed. Each employee should understand how they fit into the company mission and the importance
of their contribution toward the enterprise’s success.



Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM