Monday, May 30, 2016

Social Media and Security Clearance Investigations

This month the Office of Director of National Intelligence announced that a person's social media pages can be reviewed during the security clearance investigation process. You might remember that in an earlier article we had covered this possibility, explaining some of the red flags that could occur in social media content. 

In the previous article, we discussed activities such as: pictures of partying, un-vetted non-US person friends or contacts, or other social media activity that could lead to questioning allegiance, decision making capability, or risky behavior could cause concern during an investigation.

New Opportunities for Investigators


Let's look at some other possibilities that could arise as a result of the new policy. In this new policy, the investigator could be forearmed with more information about the subject in a more timely manner. The social media pre-investigation research could provide a more aggressive investigation capability. The investigation now has information readily available that had never existed previously. The subject's social media profiles can provide the investigator with more information than normally available in the SF-86 Questionnaire for National Security Positions and interviews. 

The SF-86 provides raw data for the investigator to research and the investigator builds a story based on records and interviews. Investigators typically conduct background research on financial, court and education records. They also interview the subjects and references based on information provided in the SF-86. 

With social media, the investigator now has access into behavior, habits, side business, friendships, after duty lifestyle, travel experiences and more. The investigator has the subject's world at their fingertips and are no longer limited by what the subject wants them to know.


Repercussions - The investigator can learn more about the subject than the subject disclosed on the SF-86.


  •         Foreign travel not claimed-Go to Canada, Mexico, Bahamas, or Europe recently? You have the posts and pics to prove it. Could be a problem if you never notified security or disclosed foreign travel on the SF-86.
  •         Disloyalty to the organization-Posts about the work environment can raise flags as a disgruntled employee or possible insider threat.
  •         Interaction with Non-US citizens-Problems can result form collecting likes, friends or contacts without vetting them
  •         Side businesses-Posts about side businesses or sources of revenue not claimed on the SF-86 could cause questions as an entire section of the SF-86 addresses income sources.
  •         Hidden lifestyle-Groups, pages, and other social media memberships may raise red flags if their ties are questionable.

Solutions - What to do about the social media risks

Closing social media accounts and going of the grid is one option. However, before you go removing social media posts or tuning out entirely, there are a few things you can do to keep engaged and do so responsibly.
  •         Disengage from social media
  •         Complete SF-86 as thoroughly and accurately as possible balancing activities with what is avaialbe on your social media sites
  •         Make your postings private
  •         Only post information that demonstrates low risk to violating the 13 Adjudicative Guidelines
  •         Be sure to pay a visit to the security manager and on the SF-86 to close the loop.
  •         Reconcile all business and revenue sources.
  •         Consider not posting any work related activities.
  •         Be sure you can explain likes, friendships, or relationships with non US persons if they come up in the investigation. 

Social media can and should be used responsibly. It is not the place to go to tell your problems, woes, join un-vetted groups or friendships, or talk about your work with abandon. Doing so may raise awareness to problems with any of the 13 Adjudicative Guidelines. Being aware that social media posts can be used in the investigation process, posting responsibly can prevent adjudication problems.





Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Tuesday, May 17, 2016

ISP Certification Questions



Taking practice tests is the best way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification. DSS has study material and tests available for those who enrol, NCMS has test study material as well.

Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM. It could help you pass the ISP and SPeD certification exams.

Try these questions to see how you do:


1. According to the NISPOM, when should a contractor sign a receipt for transmission of CONFIDENTIAL material?


a. When sender deems it necessary

b. Always per NISPOM


c. When receiver requests receipt


d. None of the above


e. All the above


2. Information classified as SECRET can be transmitted outside of facility by all means EXCEPT:


a. Defense Courier Service, if Authorized by GCA


b. U.S. Postal Service Registered Mail


c. U.S. Postal Service Priority Mail


d. Cleared commercial carrier


e. Cleared commercial messenger service


3. What should the FSO do with original, signed copies of the SF 86 and the Authorization for Release of Information and Records before access eligibility is granted or denied?


a. Send to GCA


b. Send to FBI


c. Retain


d. Return to applicant


e. All the above


4. Concerning the Information Sensitivity Matrix for Confidentiality, what level of concern matches the CONFIDENTIAL Data Qualifiers?


a. Low


b. Medium


c. High


d. Basic


e. Intermediate












Answers are below:













1. According to the NISPOM, when should a contractor sign a receipt for transmission of CONFIDENTIAL material?


a. When sender deems it necessary (NISPOM 5-401a)


b. Always per NISPOM


c. When receiver requests receipt


d. None of the above


e. All the above


2. Information classified as SECRET can be transmitted outside of facility by all means EXCEPT:


a. Defense Courier Service, if Authorized by GCA


b. U.S. Postal Service Registered Mail


c. U.S. Postal Service Priority Mail (NISPOM 5-403b)


d. Cleared commercial carrier


e. Cleared commercial messenger service


3. What should the FSO do with original, signed copies of the SF 86 and the Authorization for Release of Information and Records before access eligibility is granted or denied?


a. Send to GCA


b. Send to FBI


c. Retain (NISPOM 2-202)

d. Return to applicant


e. All the above


4. Concerning the Information Sensitivity Matrix for Confidentiality, what level of concern matches the CONFIDENTIAL Data Qualifiers?


a. Low


b. Medium


c. High


d. Basic (NISPOM Chapter 8 Table 1)





e. Intermediate









According to reader comments and emails to the author, many who have bought this book, the ISP Test Tips, and used our techniques to augment their preparation have performed very well on the exam.

So how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification, DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.





                                             

Monday, May 9, 2016

Supplemental Controls and Closed Areas


A secret is diluted by the square of the number of those who have heard it-Robert Half

This article continues the series covering of the Defense Security Service (DSS) Self Inspection Handbook for NISP Contractors. Now we'll review the National Industrial Security Program Operating Manual (NISPOM), Paragraph 5-303. This is another installation from the handbook under the topic of M. Classified Storage
                                   
Are supplemental controls in place for storage of SECRET material in Closed Areas? 

The NISPOM states:

5-303. SECRET Storage. SECRET material shall be stored in a GSA-approved security container, an approved vault, or closed area. Supplemental controls are required for storage in closed areas.


While those in the know understand what supplemental controls are and how to find them, the NISPOM in general does not identify or discuss supplemental controls until later in Paragraph 5-307 and in more detail in Section 9. A scan of the NISPOM table of contents should help. Another good idea is to download the electronic NISPOM and conduct a word search.

Supplemental Controls

Supplemental controls are intrusion detection systems (IDS) or an approved guard force. These controls are required for SECRET stored in closed areas and all TOP SECRET information. However, the NISPOM does not require supplemental controls standards for SECRET stored in GSA approved container when the CSA has determined that the GSA-approved security container or approved vault is located in an area of the facility with security-in-depth.

Closed Areas

Closed areas are great for storing bulk information that may not fit in a security container. As mentioned earlier, in situations where SECRET material is stored in a closed area without a GSA approved container, it does require supplemental protection. These closed areas require access control either with an ever present, cleared employee checking a roster or through a supplanting access control system such as biometrics, access card, pin number, and retina scan readers. The NISPOM does say that supplemental protection is not necessary at the time when the work area is occupied. It makes sense as cleared employees would be tripping IDS every time they breathed.

According to DoD Security Clearance and Contracts Guidebook, closed areas are a more permanent solution for possessing facilities and when classified items are difficult to store in a GSA approved container. When unique sizes and shapes do not fit into conventional GSA container storage capability, the FSO should seek approval from DSS for open shelf or bin storage.

Physical security measures employed in a closed area prevents unauthorized access at any time. Reinforced doors, windows and other access points should be installed to prevent anyone from easily breaking in or going around current security precautions. DSS approves new construction, modifications, and repairs of closed areas.

Though closed areas are built to standard, approved by the cognizant security agency, and inspected, they cannot be assumed theft proof. Supplemental controls close the loop on security during off duty times.

Validation:

1. Written security policy for application of NISPOM Paragraph 5 Section 9 with Intrusion Detection Systems.
2. IDS records, incidents and results
3. Written policy for the use of Security Guards if in use
4. Document Security Guard Patrol Schedule and Results
5. Copy of properly completed Alarm System Description Form
6. Cognizant Security Agency approval for open bin storage
7. Security training includes use of supplemental controls

8. Supplemental control policy