Tuesday, March 18, 2014

NISPOM Training Questions. For ISP Certification Practice

1.      In order to protect fragile intelligence resources and methods, SCI has been established as the SAP for:
a.            NSA
b.            GCA
c.             DNI 
d.            CSA
e.             GSA

2.      Interim TOP SECRET FCLs or PCLs are valid for access to COMSEC at the ____ and ____ levels.
a.            SECRET, TOP SECRET
b.            TOP SECRET, CONFIDENTIAL
c.             CONFIDENTIAL, FOUO
d.            SECRET, FOUO
e.             CONFIDENTIAL, SECRET 

3.      The COR establishes the COMSEC account and notifies the _____:
a.            CSA 
b.            GCA
c.             FSO
d.            NSA
e.             DIA


4.      Contractors maintain TOP SECRET reproduction records for _____ years.
a.            Two years 
b.            One year
c.             Five years
d.            Ten years
e.             None of the above
5.      Contractors are authorized to retain classified material received under contract for a period of _____ after completion of contract.
a.            One year
b.            Two years 
c.             Five years
d.            180 days
e.             90 days

Scroll down for answers....




1.      In order to protect fragile intelligence resources and methods, SCI has been established as the SAP for:
           c.  DNI (NISPOM 9-302b)

2.      Interim TOP SECRET FCLs or PCLs are valid for access to COMSEC at the ____ and ____ levels.
e.             CONFIDENTIAL, SECRET (NISPOM 9-402c)

3.      The COR establishes the COMSEC account and notifies the _____:
a.            CSA (NISPOM 9-403b)

4.      Contractors maintain TOP SECRET reproduction records for _____ years.
a.            Two years (NISPOM 5-603)

5.      Contractors are authorized to retain classified material received under contract for a period of _____ after completion of contract.
b.            Two years (NISPOM 5-701)

Find way more questions in Red Bike Publishing's Unofficial Guide to ISP Certification


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Facility Security Clearance Element

As a recap from the last article, we can apply the “Elements of Inspection” that are common to ALL cleared companies participating in the NISP. There are a few more elements that might be applied at unique cleared facilities, but facility security officers in those situations can adapt these articles to those specific needs. According to DSS’ The Self-Inspection Handbook for NISP Contractors, the five elements are:

(A) Facility Security Clearance (FCL)

(B) Access Authorizations

(C) Security Education

(D) FOCI

(E) Classification

A good place to start is the very beginning. This second article in the series will address how to integrate the Facility Security Clearance (FCL) into the overall security program designed to protect classified information.

Documentation is key.

Once a government contracting activity and/or prime contractor awards a contract, the defense contractor can begin preparing documentation to begin the facility security clearance (FCL) process. Proper documentation is required to get the FCL process started and must be maintained the entire time the defense contractor maintains their clearance. Defense Security Services is part of the clearance process and assist the defense contractor through the FCL process. As part of the FCL process, DSS works with the contractor to complete the required documents. Once the FCL is granted, DSS performs a vulnerability assessment and inspects NISPOM compliance (including required document maintenance).

Cleared defense contractors should keep all FCL related documents readily available both for reference and for future security audits. In an article on how to get an FCL, I outlined the requirements and explained the role of the following documents and actions the process follows in a very simplistic representation):
  • The GCA or prime contractor provides a sponsorship memo
  • The subject contractor applies for the clearance
  • DSS, GCA or Prime Contractor and subject contractor address security clearance request documentation:
    • Verify/Apply for CAGE Code
    • Sign Department of Defense Security Agreement (DD Form 441)
    • Complete a Certificate Pertaining to Foreign Interests (SF 328)
    • Provide Organization Credentials (type of business, business structure, list of officer, etc)
    • Identify Key Management Personnel for clearances

Just understanding what it takes to get the FCL process started lends to the importance of maintaining all original documents and updating as necessary. Some best practices include keeping these documents in a binder, folder or file for easy access and safe keeping. This administrative practice allows quick reference during security and certification reviews and protects the information for privacy and document configuration.

The following table is right out of The Self-Inspection Handbook for NISP Contractors:

A.  FACILITY CLEARANCE
NISPOM REF:
Question:
YES
NO
N/A
1-302g(3)
Have all changes (e.g. changes in ownership, operating name or address, Key Management Personnel (KMP) information, previously reported FOCI information, or action to terminate business)
affecting the condition of the FCL been reported to your DSS IS Rep?
VALIDATION:






2-100c
Has the companys FCL been used for advertising or promotional
purpose?
VALIDATION:



2-104
Are the senior management official, the FSO, and other KMP cleared as required in connection with the FCL? VALIDATION:



2-106a-b
Have the proper exclusion actions been conducted for uncleared company officials?
RESOURCE:  Temporary Exclusion Resolution for KMP Template under Key Management Personnel at: http://www.cdse.edu/toolkits/fsos/personnel-clearances.html VALIDATION:



2-108
2-109
Are you familiar with the way your facility is organized and structured?
RESOURCE Business Structure Job Aid under Facility Clearance at:  http://www.cdse.edu/toolkits/fsos/facility- clearance.html
VALIDATION:





There are seven discussion areas in the, The Self-Inspection Handbook for NISP Contractors that address the FCL. These can all be verified based on maintaining the above documentation. Having the original FCL package and updating as necessary is the requirement. FSOs are expected to use the self-inspection handbook to verify that the enterprise is in compliance.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Wednesday, March 12, 2014

NISPOM Security Programs Improved With 5 Elements

NISPOM
Good things happen where preparation and opportunity meet. Of course you can’t control the opportunity part, but you can always be ready when it does come knocking. In this case, the opportunity is the chance to get a SATISFACTORY or higher rating from Defense Security Services (DSS). Preparation is what you do to meet the minim standard, apply enhancements for higher ratings and demonstrate the implementation. The opportunity knocks on your door during the annual DSS review.

By applying the five “Elements of Inspection” that are common to ALL cleared companies participating in theNISP, and the additional elements that might be applied at unique cleared facilities, facility security officers can control the opportunity a bit better. According to DSS’ The Self-Inspection Handbook for NISP Contractors, the five elements are:

(A) Facility Security Clearance (FCL)

(B) Access Authorizations

(C) Security Education

(D) FOCI

(E) Classification


Using the DSS publication as the intended guidebook, FSOs can glean important information and ideas for applying the elements to their own facilities. This guidance just doesn’t get the cleared contractor ready for the inspection, but when applied, it solidifies a sound and proven security program.


A goal is not usually a plan, it’s just a target. A goal might be to win the coveted DSS Cogswell Award, but without preparation, it’s just a hope; and hope’s no strategy. A driver just can’t just claim that they will travel to California from Washington, DC. They don’t just walk out to their car, point it toward the setting sun and say, “I declare I will be in LA by next Tuesday.” Without some sort of map or GPS, that western route will be fraught with obstacles and failure. A good plan will help them navigate those way points.


A strategy focused on the five elements is a great place to start. Each element is a way point that lets FSOs know where they are and what is needed to get to the next way point. Additionally, DSS will be following the same logic as they perform a vulnerability assessment on the cleared facilities. They will follow the same road map to determine the state of security as related to those elements.


Understanding the requirements of protecting classified information and applying the elements to the cleared facility is fundamental. In past, I’ve written articles about using these elements to determine cleared facility type, how to conduct targeted security training, how to use elements to build an ISP Certification exam study program and more. This next series of articles will address each element individually and give application that most FSOs can adopt.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".