DoD Security

Copying Classified Documents

2012-02-11T11:45:00.000-06:00

Classified information should only be reproduced in response to a contractual requirement such as in the performance of a deliverable. Reproduction should not be made as a matter of convenience as it puts classified information at unnecessary risk and it requires dedicated resources. The FSO can enforce resource discipline with:

1. Creating processes and procedures identifying reproduction only as necessary and using only approved equipment

2. Ensuring only trained and authorized personnel are able to reproduce classified information.

3. Identifying office equipment, copy machines, scanners and other reproduction equipment for classified information reproduction. All other enterprise equipment should be off limits to classified reproduction.
This can be accomplished through signs identifying authorized equipment as “Approved for Classified Production at the _______ level”. Other equipment would be identified as “Not authorized for the reproduction of classified information”.

4. Considering the type of equipment the company purchases, leases or rents. When service contracts expire, repairs are needed, equipment is to be replaced or other transactions replacing or removing the equipment occur, the hard drive or memory should be destroyed or wiped in an approved manner to remove all stored classified information. DSS can help determine this approved method and guidance is available in Chapter 8 of the NISPOM.

Copying classified information is serious business. The FSO has a big role and should make the determination of how many and who to authorize. Decisions can be based on contractual needs, workload or other valid reason. However, procedures should be established that identify authorized persons and train them how and when to copy classified information and how to protect it. Procedures should include detecting and deterring unauthorized reproduction of classified information, documenting copies according to the IMS procedures, marking, storing and disseminating the classified information.

For more details, see Chapter 7 of DoD Security Clearances and Contracts Guidebook

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Requirements for obtaining an FCL

2012-01-27T11:21:00.000-06:00

The facility clearance is required to be in place prior to the contractor performing on classified work. After the GCA or prime contractor submits the sponsorship letter, the company can begin the process of applying for the clearance. A contractor has to meet five requirements before it can be processed for an FCL.

• Be Sponsored
• Sign Department of Defense Security Agreement
• Complete a Certificate Pertaining to Foreign Interests
• Provide Organization Credentials
• Identify Key Management Personnel clearances

Sponsorship-A company cannot apply for a security clearance for business development purposes or to be more competitive. The security clearance process begins with a need which is supported by a legitimate U.S. Government or foreign government requirement and the classified contract will be offered to meet that need.

Department of Defense Security Agreement (DD Form 441)-A security agreement is signed between the US Government and defense contractor. This agreement is legally binding and designates responsibilities of each party to follow procedures established by NISPOM.

Certificate Pertaining to Foreign Interests (SF 328)-Cleared contractors are evaluated to determine whether or not they fall under Foreign Ownership Control or Influence (FOCI) and to what degree.

Organization-the enterprise must be in good business standings and have a history of demonstrating a good reputation and ethical business practices. The company should prove that they are structured and a legal entity under the laws of the United States, the District of Columbia or Puerto Rico and have a physical location in the United States or territories.

Key Management Personnel (KMP)-These are management or senior leaders who influence decisions regarding classified contracts. KMPs can be members of the board of directors, vice-presidents, directors
or other upper level managers. Also, neither the company nor key managers can be barred from participating in U.S. Government contracts.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Three Requirements FSOs Should Include in Cleared Contractor Initial Security Training and Annual Refresher Training

2012-01-18T19:17:00.001-06:00

Training is increasingly important as those working in the National Industrial Security Program (NISP) employ security measures at cleared contractor facilities under the National Industrial Security Program Operating Manual (NISPOM). Challenges emerge as new technology provides increasing levels of difficulty while protecting classified information.

The facility security officer (FSO) should foster an environment where training is encouraged and expected. Developing such relationships with cleared employees create an environment of cooperation. This environment facilitates the recruitment of all employees to protect national security. Those working in the enterprise can be the eyes, ears and muscle, acting as force multipliers, and extending the effectiveness of the security department.

FSOs should conduct initial and refresher training and file reports as required by the NISPOM. Instead of conducting NISPOM training with compliance as the end goal, the training can be performed as an effective relationship building opportunity. This education increases a cleared employee’s knowledge of responsibility to:

· protect classified material
· detect attempts at espionage and other security violations
· report incidents, violations and status changes affecting personnel and facility clearances

Training programs should address three issues:

Effective Performance – The NISPOM requires cleared employees to attend initial and refresher training. The FSO should explain NISPOM requirements as they apply to the cleared facility’s storage and clearance levels and mission.
Adverse Information – Cleared employees should be able to report credible anything that affects the ability of themselves, other cleared employees and the facility’s ability to protect classified information. Traditionally, those who have stolen information from their organizations have demonstrated patterns and behavior that should have raised suspicion with co-workers much earlier. Too much time at the copier, working late when unnecessary, sudden unexplained wealth and other indicators have been reported to investigators after the fact. Timely reporting is a vital link between security and employees in the protection of classified information. Adverse information should be reported immediately. Reluctance to report information on themselves could stem from FSOs not adequately communicated the objective of reporting.
Security Violations – Security violations occur when classified information is not protected. When violations do occur they must be reported to the FSO immediately. Relationships can develop while conducting training and other interaction opportunities could lead to more willingness to report minor incidents and major violations. Investigations and interviews should be conducted to find root causes and determine whether or not a loss, compromise or suspected compromise has occurred. The results are either handled in-house or sent to DSS depending on the findings.

For more details, see DoD Security Clearances and Contracts Guidebook

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Test your Knowledge with FSO Problems From Chapter 6 DoD Security Clearance and Contracts Guidebook

2012-01-13T14:51:00.000-06:00

Test your Knowledge with Problems From Chapter 6 DoD Security Clearance and Contracts Guidebook

1. As a document custodian, your responsibilities include receiving and inspecting documents for proper classification markings. You receive a properly wrapped classified document from a Government agency with the following characteristics:
• Contains UNCLASSIFIED, CONFIDENTIAL and SECRET information
• Created on June 21, 2007
• Reason for Classification is 1.4 (a)
• Contains 400 pages
• Classified by: Jon Wain, RBP, 1022 DDMA
• Classification guidance is found in the Gravy Security Classification Guide

1a. Based on the above description, what are the major areas you would expect to see classification markings?

1b. Write out the “By:” line describing who classified the material, reason for classification and the declassify on date.

1c. Which classification marking would you expect to find on the overall marking?

2. Your security team is conducting an annual inventory of your company’s classified holdings. In the course of the inventory, they come across a 30 page document entitled Weather Capabilities (U). The document is slightly worn but otherwise in good condition. Your team notifies you that a page is loose and that the document needs to be repaired. They also ask your opinion on some findings concerning internal illustrations;
none of the graphs, pictures or containers contains classification markings. Additional information for the document follows:
• Created in 1986
• Contains the following marking on the first page:
• Classified by: RBP, 1022 DMDA
• Reason for classification: Military capabilities
• Declassify on: OADR
• Contains overall classification of CONFIDENTIAL.

2a. What would you direct your team to do concerning the portion markings?

3. An engineer is about to print a report based on classified information. This report is a summary of information found in two different documents. As you prepare to help her correctly mark the derivative document you take into consideration the two source documents that she has provided. The source documents are the same as example questions 1 and 2.

3a. The derived document contains information classified SECRET, how would the “Classified by:” line be filled out?

3b. What should be put on the “Reason for classification:” line?

3c. What would be the duration of classification?

4. You are making the rounds of your security team’s area and overhear a heated discussion between your team members and a technical writer. In order to diffuse the situation, you politely interrupt the conversation and ask the technical writer if you can be of any help. He informs you that “your” security specialist
has rejected acceptance of the document based on classification marking errors. He states that it is a good product and no one would notice the mistake anyway. What would you say to him?

5. A program manager knocks on your door and asks if you have a moment for something important. He asks you to take a walk with him to a secure area where he shows you a piece of hardware. The object is small enough to fit in your hand. You notice a commercial CONFIDENTIAL label; the kind that a manufacturer might install at the factory. The manager lets you know that he has been informed that the object is not classified at all, but that the manufacturer installed the labels as classified material would be added at a later date. The program manager would like to bring the item to an unclassified meeting seeing that “it’s not classified anyway.” You notice that the object is well worn and does not look new at all.

5a. Where can you go to discover whether or not the item is classified?

5b. Are there any other sources?

5c. After speaking with the right people and consulting the authoritative documents, you are now more confused than ever. You decide to challenge the classification to seek the clarification you need to properly protect the item. Describe the process you would employ.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

8 Simple Steps FSOs use to Inspect Classified Deliveries

2012-01-13T14:43:00.000-06:00

The FSO should ensure all arriving classified information is inspected and received into accountability. This due diligence is conducted to ensure that classified information has not been compromised, is related to a contract, and is properly marked. Regardless of transmission methods of physical items (mail, courier, overnight, hand carry and etc.) classified material should be double wrapped. Each layer serves to protect the classified material from inadvertent and unauthorized disclosure and should be properly addressed.
The classified information should be wrapped and sealed in opaque material or envelopes.

The NISPOM does not cover seams of wrapped items, but a good practice is to cover seams with rip-proof opaque tape or other material that prevents and detects tampering. All seams of the outer layer should be sealed with opaque tape in an effort to create a solid layer of covering. The item should be wrapped and sealed with the first layer containing the proper classification level and to and from address lines. Two copies of receipts should either be attached to the first layer or inside the first layer. The outer layer should not contain classification markings and be addressed to a cleared contractor and not a person’s name.

A good security practice allows for the sender to contact the receiver that classified material is being sent to their facility. This alerts the receiver to expect the delivery. Many times program managers, engineers
or other technical employees are anticipating the delivery, but may not have all the details of delivery times and dates. However an FSO to FSO coordination can provide all the information of the transaction
in advance.

Regardless of transmission methods, the recipient should examine the outer wrapping for evidence of tampering or to otherwise to inspect that there has been no compromise of classified material. Classified
material should be double wrapped or in other words have two independent layers of protection. Each layer consists of opaque material such as: an envelope, paper, box or other strong wrapping material.

1. The first part of the inspection should be conducted to look for evidence of tearing, ripping, re-wrapping or some other means of unauthorized access to the material.

2. Next, the shipping label should be reviewed for full approved classified mailing address, return address.

3. There should be no classification markings on the outer layer of the item; the outer layer should not draw attention to the classified material inside. Classification markings on the outside of a package are a security violation.

4. The inner layer should be inspected the same way as the outer layer for evidence of tampering or unauthorized disclosure.

5. However, the inside wrapping should contain the full address of the recipient as well as classification markings on the top, bottom, front and back. TOP SECRET and SECRET material should have a packing list or receipt of contents either on the outside or inside of the container.

6. If a receipt is included, the receiver should sign it and return it to the sender. Receipts are not necessary with the shipment of CONFIDENTIAL material.

7. The receiver should then check the receipt against the contents to ensure the item has been identified correctly and all items are accounted for. The properly filled out receipt should list the sender, the addressee and correctly identify the contents by an unclassified title and appropriate quantity. Since the receipt may be filed for administrative and compliance purposes, the inspector should ensure it contains no classified information. If the receipt contains a classified title, the sender may be able to coordinate for an unclassified title for internal use.

8. Once all the checks and verification are complete, the receiver can then sign a copy of the receipt and return to the sender, thus closing the loop on the sender’s accounting responsibilities.

Items to inspect when receiving classified deliveries:

Outside wrapper:

Evidence of tamper
Seams sealed with anti-rip tape
Label is addressed to organization (not individual)

Inside wrapper:

Evidence of tamper
Seams sealed with anti-rip tape
Inside label addressed to recipient
Inside wrapper is marked with appropriate classification
Receipts / packing list included for SECRET and above
Compare receipt/packing list against contents
Ensure items are classified properly
Sign receipts and return to sender

Figure 5-3 (From DoD Security Clearances and Contracts Guidebook) The FSO should ensure that all classified deliveries are inspected prior to bringing them into accountability. Such checks are necessary to ensure items were sent properly, were not tampered with in transit, contain correct items and are authorized for storage in the classified holdings

Learn more FSO required skills in DoD Security Clearances and Contracts Guidebook

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

FSOs Can Use Defense Security Services Annual Review as Metrics

2012-01-10T18:45:00.000-06:00

Annual DSS Reviews as Metrics
Inspections are typically conducted every 12 months for possessing and 18 months for non possessing facilities, but circumstances can require more or less frequent visits. DSS inspects the facility’s security
program for the primary purposes of ensuring their programs provide the proper protection of classified information they are charged with protecting. Additionally, the inspection programs are designed to
improve the effectiveness of the contractor’s security program. At the conclusion of the inspections, the contractor is given a rating ranging from unsatisfactory to superior:

• Unsatisfactory-indicates that the contractor has lost or is in the process of losing their ability to protect classified material.
• Marginal-indicates that a contractor is not meeting the requirements of NISPOM and has a substandard security program.
• Satisfactory-the most common rating indicates that the company is generally in compliance with the NISPOM
• Commendable-indicates that a cleared contractors runs a successful security program and enjoys the support of management.
• Superior-is awarded for consistently high security posture and minimum amount of findings or security issues.

Prior to each inspection, the FSO and cleared contractor leadership should present DSS with a state of security briefing to introduce and go over the company security policy. Similarly, the DSS special agent may
provide an out-briefing detailing the results of the inspection. This outbriefing and soon to follow documentation of the inspection provides further data toward building an excellent security program.

Pay attention to the results and apply them to make your security program to protect classified information even more effective.

For more detailed information, see DoD Security Clearances and Contracts Guidebook.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

3 Ways FSOs Create an Effective Security Culture

2012-01-05T20:12:00.000-06:00

How do effective FSOs and security managers develop a culture of compliance with regulations and security programs? Quoting regulations only exasperates cleared employees and the very act does little
to foster a climate of cooperation. However, developing relationships based on a good understanding of business, the company mission and influence goes a long way toward implement the successful security
program.

1. FSO influences corporate culture-Security of classified information should be part of the organization's DNA. Instead of stove piping security functions, they should tie into the corporate mission. Though each office has a different product, funding or budget item, each fulfills their obligation in a chain of responsibilities necessary to get the product to market. When a business unit breaks down or fails to fulfill its mission,
other business units are affected.

2. FSO performs a vital mission of protecting classified information. Failure to safeguard classified material
could result in a defense contractor losing the facility clearance and ultimately cost current and future contracts. Security as an afterthought or viewed as a “necessary evil” has contributed to a loss in influence and commitment. Though the NISPOM applies to classified projects, FSOs would be mistaken to assume that only cleared persons and cleared programs
are worthy of their attention.

3. FSO trains and treats ALL employees as security “force multipliers”. With security ingrained in the performance and actions of employees, the organization has a united front and all employees exist to protect classified information. For example, even employees without security clearances can help protect classified information by learning to recognize classification markings reporting suspicious behavior or contacts.

The corporate culture of successful organizations is published organization wide and employees are well versed. Each employee should understand how they fit into the company mission and the importance
of their contribution toward the enterprise’s success.

For more detailed information, be sure to get DoD Security Clearance and Contracts Guidebook

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

2012-01-05T20:06:00.000-06:00

How do effective FSOs and security managers develop a culture of compliance with regulations and security programs? Quoting regulations only exasperates cleared employees and the very act does little
to foster a climate of cooperation. However, developing relationships based on a good understanding of business, the company mission and influence goes a long way toward implement the successful security
program.

1. FSO influences corporate culture-Security of classified information should be part of the organization's DNA. Instead of stove piping security functions, they should tie into the corporate mission. Though each office has a different product, funding or budget item, each fulfills their obligation in a chain of responsibilities necessary to get the product to market. When a business unit breaks down or fails to fulfill its mission,
other business units are affected.

2. FSO performs a vital mission of protecting classified information. Failure to safeguard classified material
could result in a defense contractor losing the facility clearance and ultimately cost current and future contracts. Security as an afterthought or viewed as a “necessary evil” has
contributed to a loss in influence and commitment. Though the NISPOM applies to classified projects, FSOs would be mistaken to assume that only cleared persons and cleared programs
are worthy of their attention.

3. FSO trains and treats ALL employees as security “force multipliers”. With security ingrained in the performance and actions of employees, the organization has a united front and all employees exist to protect classified information. For example, even uncleared employees can help protect classified information by learning to recognize classification markings reporting suspicious behavior or contacts.

The corporate culture of successful organizations is published organization wide and employees are well versed. Each employee should understand how they fit into the company mission and the importance
of their contribution toward the enterprise’s success.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Putting it all together-The Impact of the Influential FSO

2011-12-29T17:42:00.000-06:00

FSOs should understand more than just the technical aspects of administering a security program.

Understanding how to mark, safeguard and disseminate classified information is important. However,

the FSO should reach beyond the description of implementing a security program to safeguard classified material. The position also requires:

1. Assessing risks to the classified material
2. Interpreting safeguarding requirements
3. Communicating and incorporating a culture of compliance within the organization
4. Projecting the impact of classified contracts on the enterprise.

To do this, the FSO should possess the vision and skills to see where the security program needs to go, how to get there and encourage a security vision from the senior executive level downward. Without the proper influence, the FSO is may not be able to run a program to protect classified material

Effective tools include:
• Helping form corporate culture
• Installing and monitoring metrics
• Converging security and corporate functions
• Planning for Growth

For more detailed information on FSO functions, see Chapter 12 Putting It All Together of the book
DoD Security Clearances and Contracts Guidebook.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Appointing the Right FSO

2011-12-29T17:36:00.000-06:00

The Cleared Contractor appoints a Facility Security Officer (FSO) to protect the work on classified contracts and provide important administrative functions to maintain the security clearance of the business and cleared employees. However, the FSO can be much more impacting by applying understanding of four important functions:

1. How to protect classified information as it relates to the cleared contract, organizational growth, enterprise goals, and NISPOM guidance
2. How to conduct a risk analysis
3. Demonstrate cost, benefits and impact of supporting a classified contract under the NISPOM requirements and sustain an environment of cooperation and compliance within the enterprise.
4. Influence and compel the senior leaders to make good decisions, support compliance and integrate security into the corporate culture.

After all, good industrial security practices protect against damage to national security, but could also impacts the organizations ability to work on and maintain classified contracts. The FSO is pivotal to the successful execution of classified contracts.

As the small enterprise grows, more and more experienced FSOs are beginning to understand a growing company’s needs and have returned to college finish their education. Colleges and universities are
now offering a variety of security and management degrees perfect for meeting the growing FSO education requirements. Professional organizations also offer security certifications. Consequently, the pool of
experienced and educated FSOs is growing. Cleared defense contractor executives should clearly consider the FSO job description and list the exact qualifications desired before posting the position as a job announcement.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

4 Practice Questions to Prepare You for Industrial Security Professional ISP Certification

2011-12-23T12:29:00.001-06:00

Thinking about getting security certification? Consider ISP Certification

The following questions are from ISP Certification-The Industrial Security Professional Exam Study Manual

107. What method of justification should a contractor submit to attend a classified meeting?
a. List the classified contract involved
b. Cite the clearance level
c. Give company CAGE code
d. Submit job position
e. List qualifications

108. Contractors may keep classified information generated under IR&D provided:
a. Their contract is still active
b. The originating program manager is still employed
c. The FSO catalogs the information
d. Adequate storage capability exists
e. The contractor maintains facilities on Government property

109. Executive Order 12829 requires heads of agencies to enter into agreement with:
a. FSO
b. Foreign Governments
c. Secretary of Defense
d. Department of Labor
e. Department of Energy

110. How do you mark unclassified material to simulate SECRET?
a. EXERCISE…EXERCISE…EXERCISE
b. SECRET TRAINING
c. SECRET FOR TRAINING ONLY
d. SECRET FOR TRAINING, OTHERWISE UNCLASSIFIED
e. SECRET

Answers-Don't Scroll Down until you're ready

107. What method of justification should a contractor submit to attend a classified meeting?
a. List the classified contract involved (NISPOM 6-203)
b. Cite the clearance level
c. Give company CAGE code
d. Submit job position
e. List qualifications

108. Contractors may keep classified information generated under IR&D provided:
a. Their contract is still active
b. The originating program manager is still employed
c. The FSO catalogs the information
d. Adequate storage capability exists (NISPOM 11-304)
e. The contractor maintains facilities on Government property

109. Executive Order 12829 requires heads of agencies to enter into agreement with:
a. FSO
b. Foreign Governments
c. Secretary of Defense (NISPOM 1-103a)
d. Department of Labor
e. Department of Energy

110. How do you mark unclassified material to simulate SECRET?
a. EXERCISE…EXERCISE…EXERCISE
b. SECRET TRAINING
c. SECRET FOR TRAINING ONLY
d. SECRET FOR TRAINING, OTHERWISE UNCLASSIFIED (NISPOM 4-215)
e. SECRET

The above questions are from ISP Certification-The Industrial Security Professional Exam Study Manual

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

6 Great Reasons to Mark Classified Information

2011-12-23T12:17:00.001-06:00

Classification markings are applied to the top and bottom, front and back of classified items. Markings are also found in internal pages, paragraphs and other locations inside documents, books, manuals and other paper based products.

Here are the top reasons for marking classified information:

Warn and inform a user that an item is indeed classified or sensitive
Conveys what exactly needs protection
Identifies levels of classification or sensitivity
Provides vital information and instruction on when to downgrade or declassify the material
Gives sources and reason for classifying the item
Warns of special access, control, dissemination or safeguarding requirements

Find out more in DoD Security and Contracts Guidebook-What You Need to Know About Your Need to Know

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

3 Effective Ways to Go Above and Beyond with Category 7 of the NISP Enhancement

2011-12-13T17:59:00.000-06:00

Category 7 of the NISP Enhancement is: Counterintelligence Integration/Cyber Security provides a tool that cleared contractors can use to demonstrate exceeding NISPOM requirements. Injecting this into the security program also enhances security by bringing to light types and frequency of suspicious contacts.

1. The purposeful execution of Foreign travel pre-briefings-When employees travel to a foreign country, they may be targeted to provide sensitive information. A threat and/or defensive briefing should be provided to all cleared employees per NISPOM Chapter 3 (NISPOM Training). The briefings should be documented with signatures, dates and contents of briefings for presentation to Defense Security Services (DSS) industrial security representatives.

2. Conducting debriefings once the employees return from foreign travel. It is a tool to follow-up with the threat or defensive security briefing presented prior to the foreign travel.

3. Implementation of quality assurance efforts to check and verify Suspicious Contact Report (SCR) training, reporting directions and employee knowledge (e.g., setting up appropriate simulated exercises to validate employee knowledge/situational awareness of SCR reporting process). A good training resource can be found @ http://www.dss.mil/counterintel/.

This can be done in a number of venues:

· Employing trigger points at various business units. For example, a cleared employee traveling overseas may be required by policy to contact human resources, company insurance, travel branch, export compliance and etc. Build in an demonstrate a trigger point where the Facility Security Officer is also notified to provide briefings or other performance action

· Build in simulation exercises during annual security refresher training. Demonstrate and document training, discussions, role playing and other activities that teach and test employee knowledge

For more information on NISP Enhancement, see DoD Security Clearance and Contracts Guidebook

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Four Powerful Ways FSOs Can Employ in Creating a Security Conscious Enterprise

2011-12-07T13:57:00.000-06:00

1. Influence at all levels-A key trait an FSO should demonstrate is the ability to work within organizational structures to gain executive, manager and work force cooperation. An FSO can train and write policy but without the enterprise’s full cooperation, will find it difficult to enforce.

2. Integrate security at all levels-A well integrated security plan ensures that all business units within an enterprise notify the FSO of any change in disposition of cleared employees or classified contracts. This integrated system will trigger the contracts, program manager, business development and other units to coordinate with and keep the FSO informed of expired, current, and future contract opportunities and responsibilities.

3. Be fiscally responsible-An important task that an FSO faces is the successful implementation of the security program while supporting the company’s primary mission; to make money while successfully performing on classified contracts. Security efforts should be risk based and focused while meeting NISPOM requirements. An FSO with business competency and know how is highly desired. For small contractors, this could mean selecting the most competent employee for the appointed duty. For large organizations, a thorough job description and performance requirements should capture the best candidates.

4. Be flexible, but knowledgeable-The constantly evolving world situation creates an ever changing security environment. Some changes may result in new government policies and guidance. These guidance and policy implementations may provide a changing environment through which the FSO and security staff must be able to negotiate. For the FSO, DSS communicates changes to the NISPOM through Industrial Security Letters (ISL). When changes are identified, the FSO should take advantage of an integrated security plan to notify affected programs and employees to reach a feasible solution.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Why the US Government Assigns Classification Levels and the DoD Contractor Responsibilities

2011-12-05T12:59:00.000-06:00

The US Government has designed policy to ensure that classified material is protected at the level designated to prevent unauthorized disclosure. Classified information is marked by an original classification authority (OCA) with CONFIDENTIAL, SECRET or TOP SECRET and cleared contractors should protectect it at the appropriate level. TOP SECRET has more restrictions than SECRET and SECRET has more restrictions than CONFIDENTIAL. Each must be protected according to the classification markings. For example, unauthorized disclosure of CONFIDENTIAL information could reasonably be expected cause damage; SECRET could reasonably be expected to cause serious damage; and TOP SECRET could reasonably be expected to cause exceptionally grave damage to national security.

The OCA provides classification level information through the DD Form 254, security classification guide and through classification markings.

When the classification level is determined, all related classified information should be properly identified with the classification markings. The markings indicate the level of classification, identify the exact information to be protected, provide guidance on downgrading and declassification, give reasons for classification and sources of classification, and warn of special access, control or safeguarding requirements.

Though defense contractors don't assign classification levels, it helps to understand why information gets classified and how the government identifies the classified information. The cleared contractor works with the classified information and protects it according to the markings.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Three Excellent Ways to Meet Category Six of NISP Enhancement

2011-11-17T17:06:00.000-06:00

National Industrial Security Program (NISP) Enhancement Category 6 is: Classified Material Controls/Physical Security. DSS can quantify a cleared contractor’s ability to track classified information throughout its lifecycle, implement countermeasures to deny access to sensitive information, and provide accountability of all classified information through this process. The FSO’s ability to demonstrate such capability is impactful and can help DSS determine whether or not the cleared facility is going “above and beyond NISPOM requirements. Below are three ways an FSO can demonstrate going above and beyond the NISPOM requirements:

1. Track location and disposition of classified information-This can be done on the cheap or with a decent Information Management System (IMS) such as software provided by vendors like SIMSSoftware. The point is for the FSO to not only know what they know about classified information moving within and without of the cleared facility, but to also demonstrate the capability to track it. A small organization can develop a tracking sheet to record the reception or creation of classified information.

a. Inexpensive methods-a small company or one with a tight security budget can create a tracking sheet (such as Microsoft Excel) that captures information as classified information is developed or received into the company. Useful information includes:

· item name
· item tracking number
· item type (hard drive, paper, CD/DVD, hardware, etc)
· contract number
· date item created or received
· amount of copies made
· disposition (shipped, couriered, destroyed just leave room for updates)
· receipts of disposition
· Location of item (security container number)
· Other information as needed

b. Vendor provided software. Software exists that can automatically track classified items as long as information such as listed above is provided to the database. Some (like SIMSsoftware) can generate and save receipts and disposition data for recall.

2. Implement countermeasures-these countermeasures can be documented that protect classified items, unclassified technical data, export controlled items or personal identifiable information and proprietary information. Countermeasures include:

Conduct inventory-determine regularly that items are where they should be and protected according to government or company requirements (NISPOM for classified, ITAR for export controlled, company policy for intellectual property, etc).

Limit access-provide barriers to items that need protection and ensure only authorized persons are able to enter. For classified information, follow guidance provided by NISPOM. However, an FSO can go further to protect other sensitive data. This can be done by posting guards, placing signs identifying off limits areas, and locking intellectual property away. In other words, limit limiting knowledge and access to only those who need it. Does an executive assistant need to know the special fabric weave even if it is unclassifed? Does the financial officer need to know the algorithm that gives your product a capability? If not, ensure procedures are in place to prevent access.

3. Conduct a regularly scheduled inventory. NISPOM does not require an accountability system for classified information SECRET level and below. However it does require the ability to retrieve classified information within a reasonable amount of time. To do this, conduct a regularly scheduled inventory. Use the spreadsheet to do this manually or automated IMS to either locate the classified item or account for the disposition. Some IMS provide bar code capability to ease inventory requirements.

Though wrapped up in three steps, there are a lot of implied tasks to demonstrating above and beyond as outlined in category 6. If a cleared facility is authorized to store and process classified information, this is a fundamental basis for created a good information management program. This article covers the protection of classified and unclassified information for your use. Be sure to document and demonstrate your capability.

More information can be found in the book DoD SecurityClearance and Contracts Guidebook.

5 Great Ways to Perform Award Winning Self-Inspections

2011-11-14T14:14:00.000-06:00

Category 5 of the NISP Enhancement Program is titled: Self Inspection. Here, a cleared contractor's FSO documents a self inspection as part of a continuous security program evaluation. This is simply a health check of the established security program designed to safeguard classified information. The Defense Security Services (DSS) recommends that the cleared contractor’s Facility Security Officer (FSO) share the inspection results with their industrial security representative to keep communication open as well as address any issues that might be resolved prior to the scheduled DSS annual review.

The self inspection should be designed to evaluate all National Industrial Security Program Operating Manual (NISPOM) areas the cleared contractor operates under. At a minimum, each facility should inspect its compliance with NISPOM Chapters 1-5 and parts of Chapter 6. These chapters cover general security, personnel and facility clearances, FSO roles and responsibilities, required training, classified contracts, classified discussions and working with classified information and apply to every cleared facility in varying degrees. FSOs should determine how and if their facilities fall under the remaining chapters. Here are 5 ways to conduct and award winning self inspection:

1. Download the Self Inspection Handbook from http://www.dss.mil/. The handbook reflects questions based on NISPOM requirements. This is the resource for your inspections

2. Review the inspection criteria and determine which apply to your facility. The questions are thorough, but are limited to yes/no answers. You can further define metrics to dig deeper into issues and take notes to create a more comprehensive evaluation. Be sure to document the inspection.

3. Schedule to completely inspect applicable areas (should be conducted annually and within six months of a DSS review). Allow adequate time to complete the inspection and resolve issues as soon as possible. Allow time to have an after action review and develop a plan of action to fix, fine tune or develop new and effective processes.

4. Involve others. The self inspection does not need to be conducted by the FSO and there is value in delegating this responsibility to subordinates or sharing it with other business units. Correct on the spot deficiencies and take notes on processes or procedures that are successful or need improvement. Benefits include:

a. An Industrial Security Professional candidate can use the self inspection as a platform for increasing their NISPOM knowledge with real world application

b. Security employees can expand their knowledge base outside of their day to day disciplines (ie,a personnel security employee can inspect information security and vice versa)

c. An FSO can gain a better understanding of the security program by managing an inspection instead of conducting the inspection. A team concept and new points of view is incredibly valuable

d. Engineers, program managers and others working on classified contracts can provide more insight into the mechanics of the security program. Invite them to take ownership of the security program either by conducting an inspection themselves or advising on the results. They can provide the “impact” or answer the “what if” related issues brought up by the yes/no questions.

e. If you have cleared quality control, Six Sigma or other lean process team employees, invite them to participate. Since most security functions charge to overhead, costs directly impact the organization. Processes and procedures can be streamlined that directly impact paper, postage, storage, man hours and other costs.

5. Collect data and conduct an after action review. If you employed the team concept, invite everyone involved. The purpose; share results and improve the security program. Review results and provide a way ahead for implementing improvements. Once complete, provide a report available to employees and shareholders. This report should provide metrics:

a. for implemented processes that save money and improve security

b. procedures developed to fix a security shortfall. This should include training and plan to institutionalize the changes

c. recognizing those that have gone above and beyond. This should be by name or department where efforts reflect good results. Be sure to include efforts of inspecting members.

An award winning self inspection involves the entire team. Those inspected should understand their role within the security program as well as the importance of preparing and participating in the inspection. The FSO should coordinate the inspection and involve others in the process and use findings to improve the program. Reports should be generated to both identify the best performers as well as show metrics of how the inspection impacted the cleared contractor organization.

For more information on conducting self inspections, see DoD Security Clearance and Contracts Guidebook.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

10 Ways to Demonstrate Above and Beyond - Category 3 of the NISP Enhancement

2011-11-04T16:15:00.000-05:00

Category 3 of the NISP Enhancement covers Security Education: Information/Product Sharing Within the Community. This focuses on the FSO providing security education peers and other FSOs outside of their organization. This is a security community event where contractors and government managers can learn from each other. Think Society of Industrial Security, American Society of Industrial Security, or other professional organization level event. Or it can be a smaller venue. Either way, involve others outside of your organization. This demonstrates contribution to the community, a pursuit of improving national security, and helps quantify going above and beyond. For example, an FSO uses their facility, creates an agenda and executes a security conference or training event. Or, committees can be formed to share the tasks. Education of this magnitude has tremendous value as the security community learns from experiences and examples of their peers and applies them at their own organizations

Here are some recommendations on how to provide that training:

Demonstrate how to conduct on the spot security inspections
Introduce how your company receives classified material and enters it into an information management system (IMS)
Compare benefits of different IMS vendors
Hold a class on using Joint Personnel Adjudication System (JPAS)
Conduct security refresher training for the security community
Demonstrate unique and successful training strategies and programs
Host an Industrial Security Professional Exam training session or study group
Have a classified marking seminar
Show others how to prepare classified items for shipment
Provide training on how to read, understand and implement a DD Form 254

Training opportunities abound. Each cleared contractor has unique challenges and opportunities. Creating a training seminar where experiences can be shared benefits the entire community and each FSO can learn from another’s experiences.

FSO Security Staff Training

2011-11-01T17:58:00.000-05:00

Category 3 of the NISP Enhancement continues with Security Education.

This category addresses internal security staff professionalization. Specifically, it measures whether or not security staff training exceeds NISPOM training and DSS FSO certification requirements to include obtaining on-going professional certifications and incorporating the knowledge through the organic security program. There are currently several certifications and training available to the security professional, including some recommendations by DSS:

Industrial Security Professional (ISP) FSOs could set the ISP Certification as a goal and encourage staff employees to achieve. When employees study for the ISP Certification, they learn: how to read and apply the NISPOM, the importance of forming professional relationships with cleared employees, how the cleared contractor and the DSS representatives interact, and much more. DSS also understands the importance of individuals who achieve the ISP Certification as well as the organizations that hire them. The FSO can display the certificate and refer to it during the annual inspection as continued ISP and FSO training.
Certified Protection Professional (CPP)-The CPP certification is for those who have a broad range of security experience to meet complex security issues. Holders of the CPP certification understand the threats that face the workplace, employees, product and the public. This has a significant application in the defense industry as industrial security professionals, security specialists and FSOs demonstrate their knowledge of physical security, personnel security, business management, security principles, information security, emergency procedures, investigations and legal aspects.
SPeD Certification-This is Security Professional educational Development. DSS has developed this program as a means of training government security professionals. This test begins at the fundamental level and includes information, general, physical and other security disciplines. Additional certifications are available that address more advanced and specific security areas.. More information can be found @ http://www.dss.mil/seta/sped/sped_what.html
Computer Information Systems Security Professional (CISSP)-The Certified Information Systems Security Professional (CISSP) is sponsored by International Information Systems Security Certification Consortium or ISC2. For those working as an Information System Security Manager, Information System Security Officer, Chief Information Officer or other mid to senior level management positions in information security should consider the CISSP. The CISSP measures competency and experience in 10 key areas: Access Control, Application Security, Business Continuity and Disaster Recovery Planning, Cryptography, Information Security and Risk Management, Legal, Regulations, Compliance and Investigations, Operations Security, Physical (Environmental) Security, Security Architecture and Design and Telecommunications and Network Security.
The OPSEC Certification Program (OCP)-The OCP is for those who are actively engaged in identifying vulnerabilities of sensitive government activities and denying an adversary’s ability to collect information on the activities. In addition to the five years of experience, the candidate for the OCP should have a four year degree and at least 48 hours of formal OPSEC training. The applicant submits a 10 page paper on the topic of OPSEC using one or more of the five OPSEC processes (identification of critical information; analysis of threats; analysis of vulnerabilities; assessment of risks; and the application of appropriate countermeasures).

See pages 304 to 306 of DoD Security Clearance and Contracts Guidebook for more detailed information.

5 Easy Ways to Demonstrate NISP Enhancement Category 2

2011-10-27T20:32:00.000-05:00

Category 2 of the NISP Enhancement covers Security Education: Internal Educational Brochures/Products. This focuses on the FSO providing security education to the entire employee population. This is in addition to security awareness training provided to cleared employees (employees with security clearances) required by NISPOM. What is the benefit of training cleared and uncleared employees? Uncleared employees can be the eyes and ears that are needed and add an additional layer of protection.

For example, cleared employees can be trained to recognize classified information. If a classified package is unattended, the cleared employee can be trained to recognize the sensitivity and report the incident to the FSO. Otherwise, they may take possession, read it, throw it away or otherwise cause compromise of classified information.

Here are some recommendations on how to provide that training:

CD/DVD-Defense Security Services, Interagency OPSEC Support Staff and other professional and government organizations have movies available for ordering that apply to both cleared and uncleared employees. The movies are short, but dramatic on varying topics of treason, OPSEC and protecting personal identifiable information.
Web-based interactive tools-Again, these are available from the same agencies. Defense contractors can also create their own training and upload it for employee use. Red Bike Publishing also provides similar training.
Newsletters-The FSO can designate, sponsor or assign someone to create a periodic newsletter to provide timely articles. The newsletter can be generic or laser focused on industry topics. There are vendors out there that provide newsletters for a small fee. Or, you can re-use ours and blast it out to your employees or professional organization. Just be sure to give proper credit.
Security games/contests- FSOs have hosted poster contests where instead of relying on the security department to provide all the talent, other employees contribute. Organically produced posters can also use the company brand and carry on the company mission statement by having the security message reflect the organizational goals and values.
Brochures- There are great resources for delivering pinpointed security messages. Companies can brand their security specifically to the organization or mission. Government agencies have websites with downloadable brochures and posters on many topics.

Be sure to create an index or catalog of where brochures, posters or other training items are located so that you can keep them updated, monitor use and make improvements. Most of all, it’s important to document and demonstrate how you use these items to improve your security posture. Become an expert for your training and show DSS how you are making a difference.

For more detailed ideas see pages 225-227 of DOD SECURITY CLEARANCES AND CONTRACTS GUIDEBOOK

National Industrial Security Program-NISP Enhancement

2011-10-20T11:45:00.000-05:00

Category 1 of the NISP enhancement involves company sponsored events. This is an opportunity that the FSO can use to demonstrate above and beyond adherence to NISPOM Chapter 3. Some of the suggested ideas include:

· Security fairs-Security fairs are great ways to demonstrate the added value security provides to the cleared defense contractors. The FSO can set up designated booths that functions to provide security solution and awareness. For some examples include:

· Document wrapping booth to demonstrate how to properly mark and wrap classified packages. You can take the opportunity to brief courier and other classified transport opportunities.

· Fingerprint booth-As FSO I ordered children’s finger print cards. When we had a company picnic, I invited all the parents to come by to get their children fingerprinted. I then turned the completed cards back to the parents for safe keeping. This provided a service to the company and helped establish personal and working relationships.

· Document destruction-You can extend shredding and destruction services to employees. Invite them to bring in personal information such as financial records and shred them on site. If you have a vendor that provides the service for you, they many offer to do so in support of the security fair. While there, you can relay the importance of protecting and properly destroying classified, export controlled and privacy information.

Interactive designated security focused weeks-You can implement great security training by having theme weeks. For example, you can designate one week for information security, one week for personnel security, one week for general security and etc. During the focus weeks, you can provide educational emails, letters, posters or announcements with the relevant security reminders or training.

Security lunch events-I worked with a company that initiated a “lunch with the FSO”. The FSO reserved a conference room, carved out time in his schedule, and invited subject matter security experts to sit on a board. Every employee was extended an invitation to attend the monthly events. The FSO opened the meeting with any updates or reminders of security policy and invited the attendees to ask questions of the subject matter experts.

Hosting guest speakers on security related topics –There are great resources that the FSO can call on to provide guest speakers. Fellow members of professional organizations may be happy to help. You can enlist fellow professionals to talk about International Traffic in Arms Regulation (ITAR) compliance or how to escort foreign visitors or other subject matter expert to on any topic appropriate for your company. You can contact a vendor to talk about their security related products or bring in a paid speaker or consultant. Also, don’t forget counter intelligence agencies, DSS or the FBI’s domain coordinators who may be available for such occasions. You might even consider inviting an Industrial Security Professional (ISP) certified FSO to talk about the value of hiring employees board certified to protect classified information.

Webinars-More and more training is being conducted on line. Professional organizations have such material available to paid members, DSS has a catalog of tons of training, and there is lots of free training available online. There are also great vendors who provide training software and hosting for company developed online training. Additionally, many vendors offer already developed online NISPOM training perfect for sending to your employees.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

What is a National Industrial Security Program Enhancement Category

2011-10-14T17:53:00.000-05:00

Defense Security Services are training their agents to apply the new Security Rating Calculation tool. This tool is used to standardize and is based on a numerical scale that allows graded results while accounting for a cleared facility’s involvement in the National Industrial Security Program. However DSS is training their agents to ensure they understand the process before implementing it.

This provides a great opportunity for cleared contractors and FSOs to prepare for the changes to come. One of the most prominent features is the addition of a method to grade the ability of a cleared contractor to go above and beyond National Industrial Security Operating Manual (NISPOM) requirements. At one time the ability to go above and beyond seemed objective, requiring the FSO to demonstrate how they went above and beyond during the review or other interaction with DSS. Now, DSS has included a proactive measurement called the NISP Enhancement. According to the DSS website, “…directly relates to and enhances the protection of classified information beyond baseline NISPOM Standards.”

DSS has identified 13 categories that they will evaluate the cleared contractor for “above and beyond” capabilities. During the review the DSS special agent will interview employees and review processes and procedures to evaluate impact on the security program.

The 13 criteria follow:

Category 1-4 Security Education

Category 5 Self inspection

Category 6 Classified Material Controls/Physical Security

Category 7 CI integrations/Cyber Security

Category 8 Information Systems

Category 9 FOCI

Category 10 International

Category 11 Membership/Attendance in Security Community Events

Category 12 Active Communication in the Security Community

Category 13 Personnel Security

Future articles will include ways to implement each of the13 categories. I hope you’ll continue to visit our blog and newsletter for more information on “going above and beyond baseline NISPOM Standards.”

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

Who will be the next FSO

2011-10-13T20:22:00.000-05:00

For those defense contractors who what to perform on classified contracts, there are a few considerations to address. Under the National Industrial Security Program (NISP), a cleared contractor should appoint an FSO to take on this responsibility of directing a security program to protect our classified information. This FSO is the link between the government contractor and the cognizant security agency (CSA).

When considering who to appoint as an FSO, the cleared contractor has a few choices:

1. The senior officer can assume the role.

2. The cleared contractor can designate an existing employee

3. The cleared contractor can hire an new employee

Whoever assumes the role of FSO must meet two requirements:

1. Be a United States citizen. Both the facility and the FSO have to be U.S. Entities and must have a history of integrity and conduct that prevents or limits exploitation or coercion to release classified material in an unauthorized manner.

2. Possess a security clearance according to the company’s facility clearance level (FCL). A facility clearance is awarded to businesses that meet strict requirements and have a need to work with classified information. The personnel security clearance is awarded based on the need and the approval of a facility clearance.

Depending on mission and size of company it’s not unusual for the cleared contractor to appoint an assistant, engineer, program manager, human resources specialist or other capable employee with the additional responsibility. Larger companies may have the luxury of hiring additional personnel for specific and defined security responsibilities.

When assigning an FSO, shareholders should look for demonstrated leadership and team playing traits that complement the minimum requirements found in the NISPOM. The FSO’s primary purpose is to prevent the unauthorized disclosure and release of classified information and help the organization maintain security clearance eligibility. Any unauthorized release can cause problems such as but not limited to: loss of reputation, loss of contracts, jail time or disciplinary actions against the employee, and loss of clearance for the employee and/or the business. The FSO has a tough task that they can’t possibly do alone (for training resources visit our website).

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

5 Steps to Protecting Technical Data on International Travel

2011-10-10T12:20:00.000-05:00

Prior to travel, a cleared employee should have a good understanding of their responsibilities to protect sensitive information. This can include classified or unclassified information and military or dual use information. For defense contractors, protection of classified information is addressed in the National Industrial Security Program Operating Manual (NISPOM), military technical data is covered by the International Traffic in Arms Regulation (ITAR) and dual use technical data is protected under the Export Administration Regulation (EAR).

Facility Security Officers (FSOs) and Exports Compliance Officers can train their travelling employees to protect technical and help them accept the responsibly to protect themselves, classified information, and technical information. Preparation for travel can be covered in 5 steps:

1. Ensure cleared employees notify their security office of all foreign business well in advance of a proposed travel date. This will prepare the employee and the supporting staff to adequately support the visit. If technical exchange is necessary, a year’s notice may be necessary to acquire the appropriate licenses and TAAs.

2. Travelers should understand how technical data can be transferred inadvertently or purposefully through a written note, viewing a computer screen, conducting seminars and etc. Make sure employees know they are only authorized to communicate technical data through a license and or TAA.

3. Employees should know the boundaries in advance before sharing any technical information with non US persons. Help them understand the provisos of licenses and TAAs and exactly what they are allowed to disclose.

4. Coordinate with the IT department (or someone offering these services) provides a computer only equipped with permitted information (according to licenses and TAAs). A sanitized computer reduces the threat of exports violations or theft of economic or corporate data. Keep all products and information that could lead to export violations or the release of proprietary data close at hand.

5. Teach employees to practice good physical safety and security. A good practice is for employees to conduct themselves as professionals at all times and know they represent the company. For safety, they might consider coordinating closely with their hosts to find the best places to eat and shop. The state department has a great website employees can visit to prepare for travel (www.state.gove). Anyone traveling abroad should familiarize themselves with the site and use it to become an informed international traveler.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

3 Important Uses of the DD Form 254

2011-10-03T18:27:00.000-05:00

In addition to the NISPOM, there is another critical piece of information for creating a lasting and significant security program and good classification management; the DD Form 254.
The Contract Security Classification Specification (DD Form 254) authorizes classified work performance and conveys the security classification specifications and guidelines for classification in the performance of a classified contract.

The DD Form 254 is provided to both the contractor and cognizant security offices when work is subcontracted to a supplier/vendor requiring access to or generation of classified material.
So why is this important to you?

It provides authorization for a contractor company to hold and or perform on classified contracts. The DD 254 justifies the need to access classified information and how and where the contractor is expected to perform. This justification also addresses the level of clearance at which the facility and employees should be approved.

It also provides the following information:
• The classification level the work will be performed.
• Any caveat access or any special briefing needed.
• Whether we can receive or generate classified information at our facility.
• Whether or not AIS processing is allowed.
• Exchange classified information/or visit another facility.
• Classify/declassify information and what Security Classification Guides will be used.
• Disposition of classified material involved with the contract
• Whether or subcontracting is authorized
• Any other requirements as set forth by the User Agency.

The 254 cuts through the fog of classification management, provides control and accountability of classified work and can be a foundation for security refresher training. It also serves as a basis for constructing a detailed and efficient security awareness program.

FSOs can better implement requirements of the 254 through the following steps.
1. Become familiar with the classified contract(s) and the requirements of the 254.
2. Know the contract numbers as well as what is allowed since each contract is unique.
3. Use contract or subcontract numbers in the Information Management System, while logging in classified documents, processing clearances, and preparing visit requests. Better yet, use this tool to become an expert on building and implementing a security program to protect classified information

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

Networking Skills

2011-10-03T18:25:00.000-05:00

Experience, commitment and practice are the best qualities to prepare the professional for the necessity of good old fashion networking. Networking is especially necessary in high trust and vulnerability industries like security where peers, colleagues and co-workers closely guard information.

A career in security is rewarding and challenging. The work is important, cleared contractor employers count on FSO skills to maintain classified contracts and national security depends on proper protection of classified information. The security professional requires a high degree of interaction as paths cross in training, collaboration or through contractual execution. Security professionals are traditionally somewhat guarded discussing business with new or otherwise unknown persons. Security professionals require time to develop trusting working relationships and getting to know important connections in a timely manner is important.

So, how do we accelerate this networking curve?

1. Foster relationships on the job. Get to know other employees and business unit managers in your organization. Develop trusting relationships that allow exchange of information. Other employees can help broadcast the security vision as you assist them with their individual and program needs.

2. Become active in professional organizations such as NCMS or ASIS. Security professionals have a lot of experience that is definitely worth sharing. There may be other FSOs having similar challenges and may be able to give fresh insight. You may find yourself helping others as well.

3. Become known by writing articles or teaching classes. Publishing in professional journals or teaching a “how to” seminar will get you recognized as an expert and trusted person.

4. Look for opportunities to network with each business leaders, police, firefighters, public safety, local and national government agencies and any other members of the community. The best way to protect our industry and our national resources is to use our force multipliers.

5. Consider joining committees, volunteering in the community, or sharing your expertise outside of your organization or career. For example, you could demonstrate how a non-profit organization can protect sensitive data.

It doesn't take much to network; just willingness to both help and to learn. What you contribute is invaluable and you are never too old to learn from others.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

2011-10-03T18:20:00.000-05:00

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

5 Steps to Hiring the Perfect Security Employee

2011-09-28T19:39:00.000-05:00

Your company is growing and you find yourself reassessing your security team needs. Or, you find yourself severely lacking the personnel required to effectively perform security functions. In either case, it is up to you to hire the perfect employee.

Find the perfect employee? Though a daunting task, it is important that you hire and build a team of excellent security managers. Never, ever settle for a warm body just to get the job done. Many of you know from experience the issues of hiring the wrong candidate bring about.

There are a few good observations about potential candidates that can further them into the hiring process. These are 5 considerations you should employ befire hiring a security team member.
1.  All qualified applicants must reflect the company culture. What kind of employee does the company value? You must know this before you begin the search process. If your company values initiative, make sure your prescreen selects thinkers who can execute security functions with limited supervision.

2. Know yourself and what you value. Obviously your values support the company culture, but here is where you use your “gut” to identify successful people. The successful person must also be mindful of the Government regulations required for the job. For example if your desire is to hire a document custodian, potential candidates should have an excellent knowledge of the National Industrial Security Program Operating Manual NISPOM. Your job is to filter technically proficient applicants with initiative to learn and execute security procedures. Then, recommend them for the interview.

3. Find these successful people? Network with your industry peers; don't forget your professional networks and organizations. Review your job announcement and make sure it specifically identifies the need and requirements. Do they need a security certification? What security clearance level is necessary? Do they need one now or can you initate one later? How much experience is necessary? Is there a requirement for college?

If qulification aren't spelled out, spend some time editing it. This will prevent wasted time reviewing unqualified resumes.

Word of mouth and networking is another great resource. You never know who might be looking for a career boosting job or different work experiences. Also, consider temporary agencies. They are a resource full of qualified potential applicants.

4. Conduct the interview. Alright, here is where you need to be the most prepared. Rehearse, rehearse, rehearse! Here is your first impression of the applicant and vice-versa. It is important to find out everything about this applicant and see if they will be a good fit to existing company culture and whether or not they have the minimum qualifications.

During the interview, tell the applicant about the job description and the company. Use this time to evaluate their posture, bearing and interest. Then use open ended questions to assess their capabilities. For company culture consider questions like:
     a. Describe at time you made a decision
     b. What security initiatives have you implemented and how were they received by management?
     c. Describe how to wrap classified material?
     d. Describe how you open a safe?
     e. What steps do you follow to send a visit request?
Be as specific as possible. Remember, you want to identify someone who supports company culture and is capable of either learning or performing the job.

5. Finally, once you have made a decision to hire, assimilate this person onto the team. On the first day, invest a few hours with your new hire to review company values, introduce to the team, and further outline the job requirements. Be quick to welcome this person and involve the rest of the team. Later, help foster relationships between coworkers. The best way is have them train and cross train. This builds cohesion and breaks down pre-existing barriers. Your team will communicate better and appreciate your decision to hire this applicant.

With practice and the right skills your journey to hiring the perfect candidate and building a great team will be rewarding. Know your company, your requirements, identify qualifications, rehearse and conduct the interview, then build your team.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

3 Ways FSOs can Have a More Effective Security Program

2011-09-21T16:38:00.003-05:00

The Facility Security Officer’s (FSO) successful program depends on developing relationships with employees, managers and executives to facilitate execution of company policies, necessary security awareness training, willful employee self-admittance of security infractions or change of status, and proactive action toward expired, existing and future classified contracts. Any of the above mentioned success measures is difficult to obtain in a changing employee and contract environment, but is simplified through employee and executive buy-in.

How to do this:

The following 3 points pave the way for a successful security program.

1. Gain executive, manager and work force buy-in. This can be accomplished by first demonstrating a sound understanding of company mission, classified contract requirements and providing sound security policy. Cross cultural buy-in is critical for integrating the security plan into all business units and company operations.

2. Become the “go to” person for all new security challenges. The FSO doesn’t need to be involved in every decision made by cleared employees. However, if it involves a procedural change or the degradation in security, contacting the FSO should be an automatic response. Become recognized as not only and expert at NISPOM compliance, but a part of the team. This will help ensure that all units within an enterprise notify the FSO of any change in disposition of classified material storage. This integrated system will trigger the contracts, program manager, business development and other units to coordinate with the FSO and keep the FSO informed of expired, current, and future contract opportunities and responsibilities.

3. Create a budget based on mission and NISPOM compliance. An obviously important task is to direct the security program to protect classified information. But this is not to be assumed at all costs. Even NISPOM identifies the need to apply using economically feasible solutions. The FSO’s task should be to have an award winning program while supporting the company’s primary mission; to make money. The FSO owes allegiance to protecting nation’s secrets, but will not be able to do so if the company profits go straight into the security budget. Do this by becoming a good steward of company resources and develop policy that corresponds with the mission.

More tips can be found in the book “DoD Security Clearance and Contracts Guidebook-What Defense Contractors Need to Know About Their Need to Know”

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

5 Effective Ways to Study For the ISP Certification Exam

2011-09-21T16:36:00.000-05:00

Out of the approximately 3500 NCMS members nearly 325 hold the ISP certification. The test is challenging and candidates are expected to score at least 75% for a passing grade.

Why Certify?
The ISP holder demonstrates a high level of knowledge. The certification is based on the NISPOM but also covers electives such as: COMSEC, OPSEC, and other topics.

This certified professional communicates to upper management that they are committed to the business, the industry and the protection of national interests. It puts the company in a stronger position while bidding on contracts and lends credibility to relationships with the oversight agency the Defense Security Services (DSS). Most of all, it gives the bearer confidence in their ability to apply their knowledge. As this certification program evolves, more and more employers will require the certification.

Preparing
Only those working in the National Industrial Security Program for at least 5 years are edible for the ISP Certification. Five years experience should make the professional more than capable of passing the exam. However, understanding how to study will make a difference in their success.

Targeted focus for thirty minutes to an hour a day for six months can make a huge difference. However, study methods for open book tests are a lot different than for closed book tests. For example, the ISP Certification allows you to use the NISPOM and other reference material during the exam. This requires a broader understanding of where to find information by topic. The DoD’s Security Professional education Development certification does not allow candidates to bring reference material. This requires more memorization and more depth of study. However, in both cases, the tests are tough and candidates need to study. The few minutes made a big difference.

Test topics include Security Administration and Management, Document Security, Information Systems Security, Physical Security, Personnel Security, International Security, Classification, Security Education, and Audits and Self-Assessments. The broad scope of study provides a challenge as not every cleared contractor is experienced in all aspects of the NISPOM. But there are ways to prepare that will help pass the exam regardless of how much actual experience a candidate has for any of the topic areas. For example, you can pass all sections including NISPOM Chapter 8 topics without ever having had worked in the environment. An FSO or security manager at a company that only provides security cleared employees can pass the ISP Certification exam without ever having marked a classified document. How? By following these five study methods to gain a better understanding of NISPOM.

1. Determine which type of test you will take and study using those resources and REGISTER. This will cause the clock to start ticking and seal your commitment. I recommend taking the computer exam and using the electronic NISPOM with ISLs. The “ctrl f” function is a life saver as it will allow you to search the NISPOM by keyword and topic. For instance, if a question covers proper marking procedures, you can search the NISPOM using keywords such as “classification marking”, “marking”, or using actual keywords in the question.

2. Become familiar with the NISPOM. It’s not necessary to memorize the NISPOM. Just, become familiar with chapter titles and paragraph topics and understand their applicability. This will help if you cannot find the answer using the keyword search. Sometimes questions won’t contain keywords and you’ll have to rely on intuition, experience and book knowledge. It’s important to know that information systems security is in Chapter 8, security education is in Chapter 3, document security is in chapter 5 and etc. Knowing topics will save a tremendous amount of time searching the NISPOM

3. Form a study group. Contact your local chapter of NCMS and join an existing or form a new study group. Also, join the NCMS’ Exam Preparation Program. This is led by a team of ISP Mentors and includes conference calls, downloads and purchasing their study guide.

4. Work outside of your area of expertise. Security specialists working in a large organization might work in one small discipline such as document control, classified contracts, information system security, or program area. It may be possible to cross train in other security disciplines to become more familiar with wider ranging NISPOM requirements. If you the opportunity does not exist, consider asking FSOs in another company to train you on their procedures. This can form the basis of a working study group.

5. Take DSS courses. Concentrate on the nine core areas of the ISP Certification Exam. This will help you reinforce NISPOM requirements and where to find answers in the NISPOM concerning the subject matter.

There are many excuses not to take the exam: the cost, time involved, or fear of failure. Take the online test! If you can perform a search in a PDF file, you can pass the test. The exam gives 110 multiple choice questions and takes up to 120 minutes. There is a clock that keeps track of the time and the test times out automatically. How convenient.

If you take the online exam, I recommend using two monitors. Open the test in one monitor and the PDF version of the NISPOM in the other. Open the search function in the NISPOM and type key words from the test question to find the reference. It’s that simple, but takes some practice.

The following are websites that offer reference for the ISP test study. The first website offers 20 free practice questions, study tips and PDF files of the NISPOM.
http://www.redbikepublishing.com
ISP Certification Exam Manual
NISPOM

NCMS website:

I studied for six months, before I had the courage to take the test. I studied, documented my study methodology and began writing a book. I have a database of 440 questions (four practice tests and recommendations) that will definitely help guarantee your success.

Whether you’re employed in the security field as a government employee, contractor, loss prevention or IT, you need the competitive edge.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

A Little Humor-Not in the FSOs Job Description

2011-09-19T18:02:00.000-05:00

A Little Humor

Dear FSO,

I noticed that there is a strange glass container in the parking lot. It looked like someone was trying to make sun tea. Can you make a policy about this? It is really making our "facilities" look bad.

Signed
Tea me

***

Dear Tea,

According to NISPOM, Mail or shipments containing classified material shall be addressed to the Commander or approved classified mailing address of a Federal activity or to a cleared contractor using the name and classified mailing address of the facility. An individual's name shall not appear on the outer cover. This does not prevent the use of office code letters, numbers, or phrases in an attention line to aid in internal routing.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

Comix-Getting Ready for the DSS Inspection

2011-09-19T17:42:00.000-05:00

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

4 Measures to Prevent Unauthorized Export of Technical Data

2011-09-11T21:15:00.002-05:00

ITAR

Though not as sinister and espionage riddled as most savvy spy novels, export compliance is an issue that will get Defense contractors in trouble. Violating State Department regulations will bring the weight of the US Government on the offending company. According to the International Traffic In Arms Regulation, ITAR, “Any person who engages in the United States in the business of either manufacturing or exporting defense articles or furnishing defense services is required to register”. Cleared contractors must have a plan not only to protect classified information, but also to prevent the unauthorized transfer of technical information and data."

Unauthorized transfer of technical data can occur in a variety of ways. Keep in mind that exports can and do occur not only during shipments but when hosting foreign visitors, during meetings, trade shows, plant tours, chat-room discussions, published articles and many other means. You can even export technical items exposed on your desk or otherwise revealed when a foreign visitor tours the facilities.

Though not covered in ITAR think of the term “Deemed Export”, where transfer occurs in simple acts as briefings or providing presentations of technical data to non-US persons.

This includes sending or removing technical data out of the U.S. or transferring it to a non US person in the U.S. by such acts as:

• Disclosing (oral, email, written, video, or other visual disclosure) or transferring technical data to a foreign person whether in the U.S. or abroad
• Providing a service to, or for the benefit of a foreign person, whether in the U.S. or abroad

You can help prevent unauthorized disclosure by taking the following actions:

1. helping your company understand the requirement to register with the State Department (see requirements).

2. Remind decision makers the responsibility to protect technical data. You can do this by helping create a technology control plan (TCP). If your company is authorized to export or reveal technical data, understand the license or technology assistance agreement (TAA). Follow it to the letter. The TCP will ensure that only authorized persons have access to technical data.

3. Provide a briefing to employees that whether or not in the U.S. or visiting overseas, they should only discuss what is authorized by licenses and or TAAs.

4. Prior to travel with a laptop, either have the information technology (IT) department scrub or provide a clean computer free of all technical data not authorized by licenses

Do everything within your power to help others in your enterprise understand that no technical data or service should be given without proper approval. This means performing due diligence prior to receiving foreign visitor, sending business development to trade shows, and prior to working on teaming agreements with non US persons.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

2 Steps to Determining Need to Know

2011-09-08T13:57:00.000-05:00

Take a look at the following dramatization. A Facility Security Officer (FSO) is engaged in an inquiry to determine whether or not a security violation led to the loss, compromise or suspected compromise of classified information. A cleared employee had left classified information out on his desk. A cleared employee asked another cleared employee to “keep an eye” on a classified document while she left for lunch.

A short time later, the second employee was summoned to his bosses office to answer some questions. He left in a hurry, forgetting about the classified information on the desk. At first glance, the unattended classified information is the most obvious violation. However, once the inquiry concluded another issue became evident. The co-workers did not work on the same contract or share in any kind of project relationship. The first co-worker entrusted the safeguarding of classified information to an employee who held the proper security clearance, but who did not have need to know.

Holders of classified information should verify two things prior to releasing it to another party. They should determine the recipient’s active security clearance level whether or not they have a valid need to possess the classified information. Determining clearance level can be easily accomplished by the FSO, Personnel Security Officer or equivalent. They can access the Department of Defense’s Joint Personnel Adjudication System (JPAS) for that information. However, that’s just half of the requirement. To complete the process, the holder has to identify whether or not the recipient has need to know.

So, how does one determine need to know? Is it the FSO’s job? Is it the program manager’s job? Whose job is it? “Need to know” can be established using these 2 principals

1. Who determines need to know-Need to know is a determination exclusively made by the holder. Those in possession of classified information are responsible for the proper release or disclosure.

2. How to determine need to know- Verifying contract number, performance on a project or program, validation by a project manager, access roster and other methods can be used to determine need to know.

Security clearances should be kept to the minimum amount necessary to perform the classified work, access to that classified information must be kept to only those with a valid need to perform on the government work. JPAS or even security clearance verification cannot provide need to know. Just because one has a clearance doesn’t mean they should be authorized access. Need to know is based on a contractual or work performance basis.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership The Ranger Handbook The Army Physical Readiness Manual Drill and Ceremonies The ITAR The NISPOM

Five Ways For an FSO to Increase High Power Team Effectiveness

2011-09-02T19:42:00.001-05:00

Maybe you think you are alone, fighting the one person fight that many leaders face. However, you would be wrong to assume that the head of security is the only one responsible for the security program. For cleared defense contractors, the Facility Security Officer is in charge of the security program, but not the only one with a vested interest in protecting classified contracts. So how does the FSO create a teaming environment or create a program where everyone works together?

Through High Power Teams

High power teams (HPT) are the most effective types of entities. Where groups form, storm and norm, HPTs go further to create a body more capable than any individual. They do this by agreeing to rules and primarily keeping in mind that throughout any process or problem, it’s not about the individual, it’s about the group. This allows the organization to benefit as a whole as each member sacrifices their individual desires. The members do not lose or give up the individuality that makes them unique. It does not stifle individual creativity. What each individual sacrifices are selfish desires and the need for self importance.

High power teams (HPT) consists of a small number of people with complementary skills. Individual members of HPTs are committed to a common goal and hold themselves mutually accountable. This structure and assembly of individual core competencies, skills and capabilities create a superpower stronger than any one person could ever be.

The charter defines the standards the HPT will perform under. It provides the purpose vision, norms, goals, expectations and procedures. The charter is the rudder that keeps the group focused and forms the basis for group discipline and accountability. For example, if someone arrives late or makes fun of another member’s contribution, corrections can be made by referring to the charter. Additionally, if the group loses focus, the members can refer to the vision and goals.

While the charter provides the fundamentals other dynamics provide the groups personality and incredible effectiveness. Typically, all groups go through a forming, storming, norming, and performing, but that’s where a group’s effectiveness ends. There is a distinct difference between groups and teams.

Teams build on the four stages by engaging collective performance, positive environment, holding individuals and the entire group accountable for charter guidelines and taking advantage of complementary skills. This again increases effectiveness and provides results associated with the capabilities of the HPT.

Anyone can form an HTP and especially so for highly effective formal and informal leader. Let’s for the sake of relativity, consider a Facility Security officers, command security managers or other security specialist. In other words, how can an HPT help?

Start with the charter. A leader can form an HPT from all business units. Since the FSO is responsible for creating a security program to protect classified information, they may either suggest or take the lead and form the group. Once in the group, the individuals begin to discuss the vision, norms and etc. Such topics to tackle might include policy, security violations, refresher training, emergency operations planning, and communication for starters. A multi organizational HPT can bring depth and breadth to a stagnant security program.

The difficulty for some leaders will be to sacrifice their will and turn over problems for a group to solve. That’s natural, but one of the benefits is that security is now part of the organization’s DNA and not just “overhead” or a “necessary evil”. The effective group will have capabilities beyond just the one leader. The tradeoff is perfect and the results impressive.

Here are recommendations for forming an HPT:

Engage-Invite interested parties-canvas your corporation and determine who might be interested in joining this group. You may need to build security allies who might help you recruit effective individuals
Focus-Develop a game plan and respect other members time. You can increase effectiveness with a charter as described above
Accountability-Have meeting minutes and document your work and products. Be sure to capture all important decisions and who will act on them. When the group assigns responsibilities to individuals, they tend to come through
Followup-Let the group know you appreciate their efforts. Better yet, assign credit to your group members and ensure the executives and department heads (if they aren’t part of the group) understand who the members are and to buy in on decisions.
Have fun-This is a time to allow creativity. Work within the confines of governing regulations and corporate policy, but allow out of the box thinking.

Five ways to improve annual security refresher training

2011-08-25T18:29:00.000-05:00

Give your cleared employees the training they need to be able to focus on how to protect their classified contracts. We all know that to check the block, the annual refresher training should complement the initial security training. But does it have to be the same presentations over and over? Engineers, supervisors, program manager and others are extremely intelligent and want to be challenged. Here aer some great suggested to help you do just that.

1. Build on last year’s training. Many FSOs make the mistake of providing initial security briefing every year with here’s how to mark, lock it up in a security container, and on and on. This insults people’s intelligence and limits your effectiveness. For example, you might demonstrate the importance of reporting by highlighting how reporting has helped reduce security violations or even streamlined a process.

2. Make training relevant to the cleared employee’s mission. Things to consider are contract statements of work, DD Forms 254, mission statements, vision and etc. Make the training real to how the employee performs.

3. Change the format, location, time and setting. There is no rule that says training has to be PowerPoint based or a lecture. Consider using working groups or workshops and invite cleared employees to solve security issues. Develop a scenario, provide the NISPOM guidelines and have the group come up with the solution. Workshops and panel discussions provide out of the box thinking. The FSO becomes a facilitator and not a lecturer.

4. Bring in experts. You can invite fellow FSOs, speakers from professional organizations, consultants, counter-intelligence experts and etc to provide your training for you.

5. Provide training based on organizational structures. Executives and KMPs want to know how security policy impacts classified contracts and the organization. Cleared employees want to know how to engage security in their performance on classified contracts. Supporting elements such as human resources, facilities and legal might have other concerns. Creating tailored training gets results.

For more security clearance ideas, books and more, visit http://www.redbikepublishing.com

Comix

2011-08-19T22:38:00.003-05:00

Free Downloads — Red Bike Publishing

2011-08-19T12:48:00.000-05:00

Complimentary Downloads of Forms Cleared Defense Contractors and Facility Security Officers need.

All forms are referred to in DoD Contracts and Security Clearances Guidebook and can be downloaded straight to your computer.

Forms You Might Need to Know About

2011-08-18T18:57:00.001-05:00

These standard security forms are used in administering the security classification programs in Government. Industry members should contact their contracting agency for information on how to obtain these forms.

The majority of these items are available through the General Services Administration's (GSA) Federal Supply System. Some of the forms are available online at the GSA web site or can be obtained by calling

1(800) 525-8027.

* SF-312 Classified Information Nondisclosure Agreement

The SF-312 is a contractual agreement between the U.S. Government and a cleared employee that must be executed as a condition of access to classified information. By signing the SF-312, the cleared employee agrees never to disclose classified information to an unauthorized person.

* SF-700 Security Container Information

The SF-700 is a form that contains vital information about the security container in which it is located. This information includes location, container number, lock serial number, and contact information if the container is found open and unattended.

* SF-701 Activity Security Checklist

The SF-701 is a checklist that is filled out at the end of each day to insure that classified materials are secured properly and allows for employee accountability in the event that irregularities are discovered.

* SF-702 Security Container Check Sheet

The SF-702 provides a record of the names and times that persons have opened, closed and checked a particular container that holds classified information.

The following three cover sheets are placed on top of documents to clearly identify the classification level of the document and protect classified information from inadvertent disclosure.

* SF-703 Top Secret Cover Sheet

* SF-704 Secret Cover Sheet

* SF-705 Confidential Cover Sheet

The following labels are placed on various forms of U.S. Government property (i.e. CDs, diskettes, computers, etc.) to clearly identify the classification level of the information located in or on that property.

* SF-706 Top Secret Label

* SF-707 Secret Label

* SF-708 Confidential Label

* SF-709 Classified Label

* SF-710 Unclassified Label

In a mixed environment in which classified and unclassified materials are being processed or stored, this label is used to identify media that contains unclassified information. It's function is to aid in distinguishing among those media that contain classified information in a mixed environment.

* SF-711 Data Descriptor Label

Used to identify additional safeguarding controls pertaining to classified information that is stored or contained on various forms of media.

For more information, visit the Industrial Security Oversight Office

Classified storage approval... Three Steps to Prepare Defense Contractors for Closed Areas

2011-08-17T17:16:00.000-05:00

As a Facility Security Officer, you take the lead in creating a security program designed to protect classified information. You are at the cutting edge of your cleared contractor organization's capability of getting and keeping classified contracts. As such, you should also be the senior executive's right hand and have successfully established the required relationship to provide sage security council.

Some topics relevant to your organization might be:

Where are we heading?

What type of classified storage might this require?

What will be the cost and impact to the company?

How is my security program poised to support current and new contracts?

If a new or existing contract requires dedicated space to perform on and store classified information, a "Closed Area" may be required. A closed area is used to safeguard classified material of unusual "size, nature, or operational necessity, and cannot be adequately protected by the normal safeguards or stored during nonworking hours in approved containers" and NISPOM 5-306 provides minimal guidance on cleared contractor responsibilities and 5-800 provides construction information.

1. Ensure you have a classified contract that approves classified storage and performance at the prospective closed area location.

You can find this information on the top right corner of the DD Form 254. There are two blocks there that indicate Facility Clearance Required and Level of Safeguarding Required. Block 11 should be marked with the Cleared Contractor's requirements in performance of the classified contract (store, receive only, fabricate, etc). Further instructions may be found in Blocks 13 and 14. If you have any questions, you should clear it up with the customer. Your responsibility as FSO is to ensure your company is capable of understanding the security requirements and performing as instructed. It is vital that your executives and customers are in complete synchronicity

2. Work with your Defense Security Services to ensure they understand the requirements and there are no surprises.

DSS has oversight and as such, they will verify that your classified contract, storage capability, and security program will protect classified information. As such, the cleared defense contractor, your organization will also have to produce and demonstrate storage and performance procedures before approval.

3. Identify level of security.

For the storage of SECRET and above in a closed area, you will need to use supplemental protection during non-working hours and use approved locking devices for access control during working hours (see NISPOM 5-306). Access control can either be a cleared person making checks or an automated system. If you don't already have an area that meets approved construction requirements, you might have to make significant modifications to an existing room or completely build a new room. If so, consider taking pictures throughout the construction as you build so that you can demonstrate compliance. After construction is done, it will be hard to verify proper construction once construction is complete. At any rate, work closely with your DSS rep and Prime contractor or GCA.

That's it, these three steps should be addressed as a minimum before you invest critical resources to dedicate construct space for a "closed area". Closed areas help protect classified information that cannot be otherwise protected, but it costs money. Approval of closed areas may require further approval of open bin storage.

For more information, check out our new book, DoD Security Clearances and Contracts Guidebook

Security COmix

2011-08-13T10:17:00.001-05:00

Ask the FSO

2011-08-10T17:14:00.000-05:00

Dear FSO,

I was wondering if you could have your folks move my desk for me. The executive assistant recommended that I contact you since you are the "facilities officer".

*****

Move M. Emuch

Dear Move,

Chapter three of the NISPOM lists training requirements that all cleared employees must take. The FSO's challenge is to ensure that the cleared employees understand their requirements, understand the training, implement what they learned and of course sign the training record.

When you invest in security training your employees will benefit. Required training topics include NISPOM requirements:

Threat Awareness
Defensive Training (foreign travel briefing)
Overview of the Security Classification System
Employee Reporting Obligations and Requirements
Security Procedures and Duties Applicable to the Employee’s Job
Marking Classified Material
Safeguarding Classified Material
Control and Accountability
Storage and equipment
Transmission
Original Classification Authority
Performing on Classified Contracts

Ask the Security Manager (FSO)

2011-08-10T17:08:00.000-05:00

Dear FSO,

I was wondering if you were going to contribute to the coffee fund. I noticed that you were participating, but I need to sign you up.

Coffee Joe,

Dear Coffee,

To have an effective security program it's important to have the organization buy into the security program from the top down. Having the most senior executive support and implement the security program into the entire company culture is key. The NISPOM also requires that the most senior officer of the company and the FSO to be cleared at the highest level of the facility clearance (FCL).

2011-08-06T17:00:00.000-05:00

Security in depth is a concept similar to peeling back the skin of an onion. Each layer you pull back reveals another layer. The more you peel back, the more layers remain. Eventually you wear it away, but it takes a while to get there.

According to Defense Security Service DSS security training, "Security-in-depth is a concept that employs security measures in levels or steps."

This concept can be demonstrated in a walk through a virtual walk through a cleared facility. The cleared facility is approved to store secret information. As such, the only requirement is to keep the classified information in a General Services Administration GSA approved container or safe.

Let's begin at the security container. The container provides the deter and detect capability necessary to protect the secret information, documents or hardware. It is difficult, but not impossible to break the container open, but once you do, it will be difficult to hide the damage. Therefore, you'll take a while to beat, tear, pry, explode and etc. While attempting, you will create a lot of noise dust and commotion.

As we back out, we can see that the door has a lock on it. This lock is another layer of protection. The protection can be more effective if a high security lock, bio scanner, bio reader, combination or other cipher lock is employed.

As we move out even further, we might find additional layers such as alarms, card or badge readers, guard stations, closed caption television CCTV or other security measures are employed. Again, not necessary according to NISPOM but can be considered security in depth.

We can continue all the way outside of the building where we might find barriers to entry to include a receptionist, more card readers, scanners or bio readers. The parking lot may have additional lighting, jersey barriers or other ways to prevent unauthorized access.

The physical security measures create layers of protection, where different assets may require different levels of protection. As we demonstrated in earlier blogs and DoD Security Clearances and Contracts Guidebook, the best way to evaluate security in depth needs is to conduct a risk assessment. Use the assessment to integrate physical, IT and information security protection and protective systems.

How to get a defense security clearance

2011-08-02T20:46:00.003-05:00

DoD Security Clearances

Can you keep a Secret?

Do You Know How to Get and Keep a Security Clearance?

Turn your passion for business into work for the government. Discover what you need to know about how to get a security clearance and perform on classified contracts.

Who this Book is For:

Have you seriously considered what it takes to get a security clearance you need to become a cleared contractor employee or build your business as a cleared defense contractor? My book answers the tough questions:

How do I get employed if I can’t get a clearance and…

….I can’t get a clearance unless I am employed.

The truth is, the government publishes information on how to get a clearance. However it’s not easily accessible nor is it easy to interpret.

You need a clearance to get hired. Your business needs a facility clearance to perform on classified contracts. However, you can’t get hired unless you have a clearance. Your business can’t perform on classified work unless it has a facility clearance.

Confused yet?

Perhaps you are one of the many who have questions about getting a security clearance. Maybe you are interested either as an employee or business owner in getting a security clearance, but don’t know how to get started.

A little clarity from the bureaucracy

My name is Jeff Bennett and I am board certified to protect classified information. I teach the Industrial Security Management Course at University Of Alabama Huntsville and am the author of the “go to” book DoD Security Clearance and Contracts Guidebook-What Defense Contractors Need to Know About Their Need to Know. After 25 years in the Army and industrial security business, you can say that “I’ve been there and done that”.

I wrote this book with you in mind. I specifically address the requirements of defense contractors operating under the Department of Defense oversight. The Insider’s Guide to Security Clearancestakes you through the security clearance process.

Other than government regulations, there are few published books addressing security clearances. Insider’s Guide to Security Clearances provides answers to what it takes to get a clearance or prepare for work on classified contracts.

It will assist the college student studying industrial security or homeland security, upstart companies looking for work, and new industrial security employees with understanding the fundamental demands of a career in Industrial Security.

Having been tasked with the mission to research all that I could about Security Clearances and the Facility Security Officer (FSO) position at a government contracting firm, it was difficult to find resources on the topic that were available for the up-and-coming FSO. In this book, Mr Bennett gives clear and concise answers to help guide the way for those that haven’t been in the industry for long or at all. And with the Kindle edition, it was easy to have the book with me for reference whenever I needed help with knowing which forms to use, what acronyms stand for, and what is the next step in the Security Clearance process. I highly recommend this and other RedBike Publishing books on the subject – they are quite helpful for those new to the industry and those that are refreshing their studies. Amazon.com Review

What you should know:

Employees and defense contractors seeking a security clearance are often uninformed on how to get them. Some think that security clearances can be granted to allow them to be more employable. Businesses compete for classified contracts to be more competitive. However, security clearances are granted only on a contract and legitimate government work that requires access to classified information.

Don’t just take my word for it, check out the interview

How to get a security clearance

Benefits of owning Insider’s Guide to Security Clearances

Understand what it means to be a cleared contractor

Organize and get your facility clearance faster

Keep your security clearance

Who the most important employee is

Perform on classified contracts

Insider’s Guide to Security Clearances is divided into chapters with you in mind. The way our book differs from other security clearance books resides in following chapters describing what to do once a clearance is granted. We can’t promise to help you get a clearance. Getting a security clearance depends on whether or not you or your business is trustworthy and you have products or services needed by the government or another contractor. This book only provides an overall view that is covered in more detail in the National Industrial Security Program Operating Manual(NISPOM) and the book, DoD Security Clearance and Contracts Guidebook-What Defense Contractors Need to Know About Their Need to Know, both available from Red Bike Publishing.

I’ve organized this book with chapters walking the reader through registering as a defense contractor, the facility security clearance and personnel security clearance process, the required appointed positions, the National Industrial Security Program and how to protect classified information. For example, once a facility clearance is granted, a Facility Security Officer (FSO) must be appointed to manage the security of classified information and contracts. This book addresses the general FSO duties that may be assumed by the business owner or an appointed cleared employee. It also lets the non business owner reader know what to expect once they get their security clearance.

Insider’s Guide to Security Clearances teaches you the security clearance process. I can’t guarantee that you will get a security clearance, but my book will lead you through the process. All coordination for the security clearance process should be conducted through the government, Defense Security Services and a Facility Security Officer.

All this for only $7.95

Here is the abbreviated Table of Contents

Chapter 1 How the Security Clearance Process Works

How Defense Contractors can Get Facility Security Clearances

Oversight of classified contracts

Chapter 2 Personnel Security Clearances (PCL)

How Personnel Security Clearances are Granted

The Continuous Evaluation Process

The Adjudicative Process

What happens when the security clearance is granted

What you can do when a security clearance is denied

What to while waiting for the investigation and adjudication

Chapter 3 The Industrial Security Program

A National Level View of Protecting the Nation’s Secrets

How the U.S. Government assigns classification levels 33

Protection of Classified Information

Chapter 4 Managing the Security of Classified Contracts

Identifying Customer Requirements

Interpreting Requirements in the DD Form 254 and NISPOM

FSO Training

Briefings

Annual refresher training

Reporting Security Violations

Career Advancement Opportunities

Becoming a cleared contractor

Helpful Websites

You can buy from Red Bike Publishing or Amazon.com

If you choose to buy from us, you can pay by credit card or paypal by selecting the “Add to Cart” button:

1. Click the “Add to Cart” button.

2. You will be taken to PayPal’s website and should see this product listed. On this page you must login with your PayPal account OR press the “Continue” button to enter your credit or debit billing information. You do not need to have a PayPal account to purchase.

3. Please read carefully and follow all of PayPal’s instructions for completing your transaction.

4. After you finish your transaction, you will be directed back to the product. If the page does not load after 5 seconds, please click the provided redirect link given by PayPal.

5. If you have any problems with the transaction, please contact us immediately at editor@redbikepublishing.com

Noone is making you, so why become ISP Certified

2011-07-22T15:29:00.001-05:00

There is a lot of debate about professional certification. Currently, the drive and motivation for facility security officers (FSO) and security specialists to become Industrial Security Professional (ISP) certified is still determined by them. There are few real requirements for security professionals to devote time, money and other valuable resource necessary to getting the ISP certification. NCMS is performing the monumental task of creating a credible and viable certification program, but the industry as a whole does not seem to buy in to the benefits. There are few job announcements and job positions that actually require the ISP Certification.

The Department of Defense has not recognized the ISP certification as a requirement, but has instead created a certification for their security employees called Security Professional Education Development Program (SPeD) (pronounced speed). Some agencies do require the CISSP, but none have specifically called out the ISP Certification.

Since contracts, regulations and jobs don’t require those protection classified information to have the ISP certification, why would anyone want to pursue such an aggressive campaign to learn NISPOM topics? Here are five of the many reasons a professional would seek certification:

Become more attractive as an employee-If a certification requirement does not exist, the employee could work out an agreement with their supervisor. The supervisor would agree to challenge all employees to study for and take the ISP Certification exam. Once they pass, they would be eligible for promotions and raises if they remain in good standing.
Become more attractive while bidding for contracts-A company with ISPs can leverage that they have “employees board certified to protect classified information.”
Prepare for better opportunities-An ISP Certification can set one employee above the rest. Sometimes being the best may not be enough; you have to prove it. Knowledge, skills and abilities are believable and proven with board certification. Though certification may not be a requirement, it can give you that extra push during evaluations, raises or job interviews.
Help others-According to NCMS, ISPs can serve as mentors and ISP Certification Exam proctors. The ISP also gives credibility for those of you who like to teach and train within your profession. Being certified opens doors for you to be a mentor and proctor and help others become certified.
Consult-Speaking of proof and credibility, many of you are consultants, or have plans to become consultants. If you write, teach, consult, demonstrate or represent industrial security to clients and customers, the three letters ISP behind your name will cause your audiences to pay attention.

If you are waiting for someone to make you get certified, then keep waiting. Trends show that security certification is not going to be required anytime soon. However, if you want to be among the few industrial security professionals get your ISP Certification. Demonstrate that you are among professionals board certified to protect classified information.

Cleared Contractors and Annual Security Awareness Training

2011-07-20T14:55:00.000-05:00

Cleared contractors are required to brief their cleared employees every year. It’s easy when there is a Facility Security Officer (FSO) on site. However, companies consisting of one to a few hundred employees may have FSOs designated in addition to regular duties. COOs, engineers, CFOs, HR and other professionals don’t have time to create and execute training while performing on contract.

That’s where Red Bike Publishing can help.

An FSO can spend several hours designing training. At $35.00 per manager work hour, that could end up costing at least $150.00, not including the costs associated with brining the FSO off a contract. Our low cost, high value training package allows you to concentrate on your core competencies while we provide your required training. Our NISPOM Training contains requirements for the Annual Security Awareness and Initial Security Training. Just download our slides and lead the discussion, the notes are already filled out and ready to read.

FSOs have a huge responsibility to protect classified information. As such, these FSOs may be owners, engineers, human resources or appointed employees with other additional duties. If you are an appointed FSO with other duties, you might be just too busy to create a training program. Red Bike Publishing can help. We’ve created an easy to use presentation that you can download and present. Notes are available straight from the NISPOM. You can read them word for word or you can tailor the presentation to meet your organizational needs. This presentation will help you meet the National Industrial Security Program (NISPOM) and Defense Security Services (DSS) Requirements. Take a look at the sample presentations on the side of the page.

NISPOM Initial Security Training /Refresher Security Training.

The main presentation is great for initial training or for refresher annual security awareness training required of all cleared employees. (NISPOM 3-103 and 3-104).

When you invest with this training program you will receive a link for the main presentation and a quarterly email link for the topical training. Topics include NISPOM requirements:

Threat Awareness
Defensive Training (foreign travel briefing)
Overview of the Security Classification System
Employee Reporting Obligations and Requirements
Security Procedures and Duties Applicable to the Employee’s Job
Marking Classified Material
Safeguarding Classified Material
Control and Accountability
Storage and equipment
Transmission
Original Classification Authority
Performing on Classified Contracts

DoD Security Clearances and Contracts

2011-07-19T21:43:00.000-05:00

We know it’s tough to focus on both creating a company to last and performing under strict government guidelines. Getting classified contracts, requesting security clearances and remaining compliant are all vital to a cleared contractor’s success. But…

Just one mistake can cost a defense contractor current and future contracts.

Until now, there has been no one place to find everything you need to know about security clearances. Many defense contractors and employees don’t understand how to get their clearances and compete for classified work. The DoD Security Clearance and Contracts Guidebook brings together information from Presidential Executive Orders, National Industrial Security Program Operating Manual (NISPOM), International Traffic in Arms Regulation (ITAR) and other regulations to demonstrate how to establish and maintain a successful security program. Whether you are part of a business or an employee, this book will demonstrate both the security clearance process and how to perform on classified contracts.

What can be more important than protecting our Nation’s secrets? Situations and questions throughout the book are designed to help improve understanding of the NISPOM. In fact, many Facility Security Officers and industrial security professionals face similar situations as they help to safeguard our nation’s secrets.

This book can also help prepare the reader for the Industrial Security Professional (ISP) certification exam or the SPeD security certification exam.

The DoD Security Clearance and Contracts Guidebook helps cleared contractors understand the security clearance process and develop award winning security programs to win and keep classified contracts. It is a good companion for all seasoned and novice defense contractors, Facility Security Officers (FSO) and the college student.
With the DoD Security Clearance and Contracts Guidebook, Defense contractors now have a resource to confidently pursue classified contracts. This book is complete with:

•Step by step guide demonstrating how to meet requirements for security clearances

•Description of senior leader responsibilities in security cleared facilities

•Comprehensive list 0f Cleared contractor administrative responsibilities

•Method for reducing costs associated with protecting classified information and NISPOM requirements

•Description of award winning FSO qualities

DoD Security Clearance and Contracts Guidebook demonstrates how cleared contractors can protect program information through:

•Building award winning security programs

•Understanding international operations

•Improving Defense Security Services (DSS) inspection results

•Winning the Cogswell award

DoD Security Clearance and Contracts Guidebook contains expansive discussion on how security professionals and FSOs can:

•Build skills as a security specialist or FSO

•Gain access to valuable resources for security programs

•Prepare for the ISP Certification exam

Students will:

•Improve understanding of national security

•Learn new career opportunities

•Have a valuable resource for homeland security studies

Do cleared employees of cleared defense contractors know who the FSO is?

2011-07-04T13:24:00.000-05:00

“I’d like you to move my desk from the window to the inside wall. I keep getting a glare on my computer screen.” Our friendly executive assistant said to me.

“Wow, thanks for the vote of confidence. However, I’m not as strong as I look and don’t think I should tackle that project alone. Have you sent a request to facilities?” I replied.

“Well that’s what I thought I was doing. Aren’t you the Facility Officer?”

That was a humbling but eye opening experience from my first three months on the job as a Facility Security Officer (FSO) at a small cleared defense contractor. At the time, we only had one contract and very little classified work. However, as small as we were I still had to establish a security system to protect classified information. A major part of the job was institutionalizing my position so that everyone understood the role of the FSO.

I wasn’t above helping. Sometimes everyone had to pitch in to take on multiple responsibilities to keep the ship on course. I could move desks, make coffee, write reports, manage safety, exports compliance and execute a wealth of additional duties. The point was that she did not understand the role of a Facility Security Officer, and that was my fault.

So, how does an FSO “institutionalize” their position and security program? Here are a few recommendations:

Be technically proficient in security tasks as they relate to your company and NISPOM. Understand the DD Form 254 and how your cleared employees are expected to perform on classified contracts. If the DD Form 254 approves performance of classified work onsite, then you might need to know how to receive, store, ship, destroy and etc. If there is no classified performance on site, then you might need to be focused on security clearances. Read the 254 and statements of work and become very familiar with customer requirements.
Attend executive level meetings. This may be a new concept for your company. In some cases, they may view the FSO only as an administrator of security clearances. If so, work on changing the perception and showing value as the executive responsible for classified contracts. If you are currently not involved or invited, get a calendar. Notify the assistant or meeting holder to request and invitation. At first, you might attend and let people get used to seeing your presence. If you have questions or comments, make a note and contact that person after the meeting. Establish credibility as a concerned company officer and the senior officer of classified contracts security. The end goal is to attend regularly and contribute to company decisions, especially where classified contracts are involved.
Attend all company events and network. Get to know executives and employees on neutral ground. Have fun and inject yourself into the team. Break down the “us vs. them” mentality. The FSO and security department is part of the team.
Be the authority. Hold annual security awareness training, put out newsletter, provide security statistics, keep your company informed on national industrial security issues, work inter-departmentally while developing policy (safety, facilities, HR, program management, etc) as policy affects everyone.

These recommendations are not all inclusive. The point is to project the position of FSO as a company asset. Your job isn’t to raise awareness of you, but of your position. It is about protecting your company’s ability to compete for and maintain classified contracts and cleared employees. When successful executives will value your input and responsibilities as an FSO.

Risk Management and NISPOM

2011-07-01T12:42:00.001-05:00

The risk assessment helps FSOs focus countermeasures to protect classified information from actual identifiable threats by probability. Risk management helps the FSO determine how to protect the classified information above and beyond the NISPOM guidance. The same approach should be used in determining which parts of the NISPOM apply to an FSO’s facility. For example, a non possessing facility that performs classified work at another facility should not focus security efforts on protecting classified processing.

However, they should focus their efforts on NISPOM chapters 1, 2, 3 and 6 parts of chapter 5 and Appendices A and C; the parts of NISPOM that apply to ALL cleared contractors.
The NISPOM’s first chapter is dedicated to general industrial security concerns. The chapter is divided into three sections which provide the introduction, general and reporting requirements.
Chapter two is divided into three sections that cover facility clearances, personnel clearances and foreign ownership control and influence (FOCI) information. In this chapter FSOs can find instructions on how facility clearances are awarded and learn reasons to process personnel clearances and when to do so. Finally, it discusses the factors and procedures to apply when a company is partially or fully under foreign control.
Chapter three instructs how to conduct security training and briefings. It gives detail to what type of training is required and the necessary topics to train.
Chapter five gives proper methods of safeguarding classified information. It provides general safeguarding practices such as oral communication, perimeter controls and emergency procedures.
Chapter six distinguishes between classified visits and meetings and provides information how how each is conducted.
Appendix A. Cognizant Security Office Information-lists contact information for the CSOs for the four CSAs under the NISP.
Appendix C. Definitions Provides an alphabetical list of key industrial security definitions. Some terms and phrases have a unique meaning in the context of the NISP.
FSOs can use a simple question and answer session to determine which addtional chapters apply to their cleared facilities. These questions are based on the cleared contractor’s DD Forms 254. If the answer to any of the following is yes, the FSO can refer to the corresponding NISPOM chapter or section.

Does the cleared facility provide classification markings? See NISPOM chapter 4
Does the cleared facility store, disseminate, or destroy classified information? See NISPOM chapter 5
Is the cleared facility a prime contractor with classified subcontracts? See NISPOM chapter 7
Does the cleared contractor process classified information using an information system? See NISPOM chapter 8
Does the cleared facility have contracts that involve special handling such as Restricted Data (RD), Formerly Restricted Data (FRD), Critical Nuclear Weapon Design Information (CNWDI), Intelligence information or Communications Security (COMSEC) information. See NISPOM chapter 9
Do cleared employees perform international operations, store foreign government information or transfer classified information to foreign entities? See NISPOM chapter 10
Does the cleared facility have contracts that include TEMPEST, Defense Technical Information Center (DTIC) or involved in independent research and development (IR&D) efforts that involve classified information? See NISPOM chapter 11

FSOs should become familiar with the NISPOM. However trying to implement parts of NISPOM that do not apply to the types of classified contracts involved may waste effort and resources. Leading purposeful and efficient security begins with an assessment of both risk and identifying applicable parts of the NISPOM.

Security Clearances and the Real Deal

2011-07-01T12:23:00.001-05:00

"Jeff, I need to submit a security clearance request. What do I need to do?" one of our employees asked.

"First of all, you need justification. Can you tell me a little why you need a clearance? We can get started that way."

"Sure, I'd like to have a clearance to apply for a new job. Let's just keep that last part to ourselves."

"No problem, I won't tell people you are job hunting, but I won't be able to process a clearance for you," I responded. I tried really hard not to laugh.

“Really?” he asked incredulously.

Security clearances should only be requested for employees who have a valid reason, such as fulfilling actual classified work. Requesting clearances for the sake of having a clearance is no good reason to initiate a security clearance request.

Some other bad security clearance ideas include:

To be able to enter a secure area for convenience
To be more competitive
Because everyone else does
To get access to a military customer
To get a raise

The National Industrials Security Program Operating Manual NISPOM is clear about keeping security clearances to the minimum amount necessary to efficiently perform on a classified contract.

A good way to justify clearances is to develop a company policy which includes a security clearance verification form. I developed one such form that helped put the ownership (of security decisions) on the manager and first level executives. You can use the form below to improve your security clearance verification program.

This form requires a supervisor’s nomination of an employee for security clearance. It can also be used for the periodic review. Here’s how it works, the supervisor identifies the employee who needs a clearance and the clearance level. They also provide justification for the clearance. Once complete, they obtain signatures from key management personnel and turn in the signed form to the FSO. The FSO can file the form for DSS inspections.

ISP Certification Test Questions

2011-06-13T19:40:00.001-05:00

From ISP Certification
Exam Manual

Sample Test Questions
Before taking your ISP Certification Exam, why not test drive a few questions. You can find more at http://www.redbikepublishing.com

1. Which of the following are eligibility requirements for an FCL?
a. The company must be an organization of at least 25 people
b. The company must have potential for classified access
c. The company must have a reputation for integrity
d. The company must make its bottom line for three consecutive quarters
e. The company is the only one who can perform the work

2. When can a contractor disclose classified information to another contractor?

a. Furtherance of contract
b. Furtherance of business development
c. When directed by FSO
d. When directed by CSA
e. Just as long as other contractor is cleared

3. Unless restricted by GCA, SECRET material may be reproduced as follows

EXCEPT:
a. In performance of a prime contract
b. In performance of subcontract in furtherance of prime contract
c. Upon closure of contract
d. In preparation of patent applications
e. In preparation of bid to a Federal Agency

4. The types of international visit requests include all the following EXCEPT:

a. One-time
b. Recurring
c. Initial
d. Extended
e. Emergency

5. U.S. contractor visits to Portugal require _____ days advance notice.

a. 20
b. 15
c. 10
d. 21
e. 14

TEST 1 ANSWERS-LONG VERSION

1. Which of the following are eligibility requirements for an FCL?

c. The company must have a reputation for integrity (NISPOM 2-102c)

2. When can a contractor disclose classified information to another contractor?

a. Furtherance of contract (NISPOM 5-509)

3. Unless restricted by GCA, SECRET material may be reproduced as follows

EXCEPT:
c. Upon closure of contract (NISPOM 5-601b)

4. The types of international visit requests include all the following EXCEPT:

c. Initial (NISPOM 10-502)

5. U.S. contractor visits to Portugal require _____ days advance notice.
d. 21 (NISPOM Appendix B)

Why not earn the NCMS ISP Certification

2011-06-13T19:32:00.001-05:00

The ISP

The Industrial Security Professional (ISP) Certification is sponsored by NCMS (Society of Industrial Security Professionals), a professional organization of industrial security members specializing in protecting classified information. This group of professionals works in an industry operating under the NISP. To achieve the goal of providing education and professionalism, NCMS has developed the ISP Certification. The ISP bearer demonstrates a high level of knowledge in topics involving safeguarding classified information. The certification is based on the NISPOM but also covers the following electives: communications security (COMSEC), operations security (OPSEC), Intellectual Property and Counter-Intelligence.

Currently, only approximately 8% of NCMS members hold the ISP certification. In July 2005 there were only 75 ISPs and as of this publication the number has increased to over 290.

As with most professional certifications, earning the ISP certification is recognized as a major accomplishment. Again, there are only a few people world-wide who have earned the certification. The ISP does indeed distinguish the bearer from those not certified and there is emphasis within NCMS to elect ISP Certified national and local chapter leaders. Because of the intense study involved, the certification demonstrates willingness for self-improvement and dedication to the profession. The ISP also communicates to management that the professional is committed to the business, the industry and the furtherance of national security. Employees with certifications help put their companies in a stronger negotiation position while bidding on contracts and lend credibility to relationships with the oversight agency, Defense Security Services (DSS). Most of all, it gives the recipient confidence in the knowledge base and the ability to apply the knowledge to make vital decisions.

As this certification program evolves, more and more employers will recognize the certified industrial security professional during job interviews. In addition, the ISP certification could make the difference between which applicant gets the FacilitySecurity Officer (FSO) job offer and which security administrator gets the promotion.

For Government employees and military personnel, the ISP certification communicates to supervisors, the promotion board, and others that the certification holder is committed to the protection of national secrets. It equips the security manager with the knowledge and skills to perform critical tasks as well as relate well with civilian counterpart requirements. Most of all, it gives the bearer confidence in their ability to apply their knowledge. As this certification program evolves, it is expected that more and more employers will require the certification.

Commit

There are many reasons to step out and take the test. From career development to the satisfaction of accomplishment and prestige, the ISP certification fulfills many desires and goals. However there may be many more excuses not to take it. Some excuses include the expense, time involved, embarrassment of failure and just plain fear.

If you follow the principles set forth in this book you will improve your chances of passing, creating your professional legacy, improving your standing, increasing your salary and rising to the top in your chosen field. To find out more about this article and the book ISP Certification-The Industrial Security Professional Exam Manual, visit http://www.redbikepublishing.com

Review Questions from Chapter 11 "DoD Security Clearances and Contracts Guidebook"

2011-05-29T15:26:00.001-05:00

If you are a defence contractor, cleared contractor or cleared employee, try these questions. Want more, see http://www.redbikepublishing.com

1. The vice president of business development has just brought up the wonderful opportunity of selling an all weather capability the company produces for medical evacuation flights to a foreign owned company.

a. Suppose this item needs a license prior to export. Describe the first step an organization would take in consideration of a possible export.

b. If the item is to be delivered to a foreign company just down the street, will export requirements still apply?

2. You are travelling as an authorized courier to deliver a package that contains classified information at the CONFIDENTIAL level. Upon arrival, the foreign government customs agent wants to take custody of the package. You present your credentials and attempt to talk her out of the idea. She informs you that as a representative of the foreign government, she is authorized to accept the delivery. Is she correct? Why or why not?

3. As an FSO, you have many responsibilities including approving classified visits. A program manager enters your office and informs you that his foreign customer wants to send an employee to perform at your location on a classified project. The program manager requests that you draw up a sample visit request form that the foreign company can use to submit a visit request. Is this the proper request procedure? Why or why not?

4. In the same situation as question three, the visit has been authorized through appropriate channels. Since your cleared facility handles many classified contracts, you want to ensure the visitor does not gain access to classified and unclassified items not authorized for export. What will you produce to ensure the visitor and company employees remain in compliance with export laws?

a. Which agency has jurisdiction over commercial and dual-use items?

b. Which regulation covers commercial and dual-use items?

c. Which regulation governs the export of defense articles?

5. Your organization has an opportunity to perform a modification of a foreign government weapons platform. You will not be selling an item, but modifying the platform for a radio mount. If awarded the contract, your company will send a team to the foreign country to perform the services over the next few years. What type of request will you submit? Who is the approving agency?

From "DoD Security Clearance and Contracts Guidebook" Not to Readers

2011-05-29T15:14:00.001-05:00

The defense industry is booming and cleared contractors are benefiting. Those who know how to execute classified contracts are in demand. Additionally, the Departments of Defense, Department of Energy, the Nuclear Regulatory Commission, Central Intelligence Agency and many other Federal and supporting contractors are in great need of experienced and qualified security specialists, managers and Facility Security Officers. As the industry becomes more demanding and positions more competitive, today’s security specialists need to be on top of their game.

Go beyond the Presidential Executive Orders and the National Industrial Security Program Operating Manual. Being technically proficient is great, but building an award winning security program gets you noticed. Make the move from being an administrator to becoming the "go to" security manager. Learn everything you can to better understand what it takes to get security clearances and move to the next step of protecting classified information.

Training Topics for Cleared Contractor FSOs

2011-05-07T08:40:00.000-05:00

Our Newest Book

New cleared contractors should understand that the Defense Security Service (DSS) provides initial training and special briefings to their appointed Facility Security Officer (FSO). This training is invaluable as the new FSO will have a chance to learn about their responsibilities. Sometimes the new FSO will be learning for the first time exactly what is expected of them. After training, the FSO is then authorized to present the training to the organization's cleared employees. According to NISPOM, the FSO is also required to attend the DSS mandated FSO Program Management Course within one year of appointment. This means that cleared contractors should be prepared to send a designated FSO to the DSS Academy for the training, or take the training on line. Either way, the FSO must be certified.
DSS provides new courses designed for FSOs of possessing and non-possessing facilities. FSOs should coordinate with their DSS representative to determine the training that’s right for their situation. The training is designed to prepare the FSO to implement and direct a NISPOM based security program in their cleared contractor facility including, but not limited to the following topics:

Protecting classified material – The proper receipt, accountability, storage, dissemination and destruction of classified material.

Required training – This instruction helps the FSO establish an ongoing training program designed to create an environment of security conscious cleared employees.

Personnel security clearances – The FSO gains an understanding of the personnel security clearance request procedure, briefing techniques and maintenance of personnel clearances.

Facility clearance – The FSO learns how FCLs are established and which records and activities are required to maintain the FCL.

Foreign Ownership Control and Influence (FOCI) - Organizations analyze foreign investments, sales and ownership on a regular basis using the Certificate Pertaining to Foreign Interests (SF 328). FSOs learn to interact with management and provide guidance and direction in preventing a foreign entity from unauthorized access to or controlling work involving classified and export controlled information.

Exports compliance and international operations –FSOs receive instruction on how to prevent unauthorized disclosure of critical technology, classified and export controlled information.

Restricted areas – The restricted area is established to control temporary access to classified material.

Closed areas – Space is approved to store and work with classified material. This involves approved construction and limited accesses controls to prevent unauthorized disclosure during and after work hours.

Contract security classification specification (DD Form 254) –The cleared contractor is allowed access to classified contracts based on the DD Form 254. The FSO would learns how the DD Form 254 is constructed and how to provide input to better meet security requirements.

Security classification guides (SCG) – As the DD Form 254 provides authorization to execute a classified contract, the SCG provides the “how to” instruction.

Security administration and records keeping – This teaches the maintenance of facility and personnel security clearance information as well as all other accountability. The FSO is expected to provide information on personnel clearances, original documentation of their facility clearance and demonstrate classified information accountability during the DSS annual security inspection.

Sub contracting – When approved to subcontract classified work, the prime contractor will provide a DD Form 254 to the subcontractor.

The academy issues a certificate which should be filed for presentation during security audits. The FSO training should not end with this course. Career enhancing training is available through various security and management courses. More in depth online and residence training is available in each above mentioned topic. Other agencies may offer more training certification in special access programs, COMSEC, and intelligence protection. Other training is available in colleges, professional organizations, vendor websites, through books like this and within the security community.

Why I wrote ISP Certification-The Industrial Security Professional Exam Manual

2011-04-26T18:35:00.000-05:00

Excerpt from the tentatively titled book "Get Rich in a Niche-Writing and Publishing for Small Industries"

A familiar saying, “Necessity is the Mother of Invention” describes that a need comes before a product. Someone recognized a lack of a product or item and without successfully finding satisfaction, they invented a product themselves. Many become wealthy and famous providing what they themselves found the world to lack. I have helped other professionals by providing practice tests and boosting the confidence of others who desire a security certification. Before I took my certification exam, I looked around for leadership. I found a small study group, however, it was up to me to study for and pass the examination. Because there was lots of encouragement, but not much leadership in the area, I began to invent my own study program.

Many of my ideas were not conventional in the specialized security market. However, I had learned from college, previous military and life experience, how to set goals and establish a way to reach those goals. With a lack of publication in the area, I went about touching, experiencing, and researching everything I could about the certification. I volunteered for extra jobs at work (related to the certification) and took notes of my progress.

I also read reviews of the test and articles about who passed the test and what they did to study. Most who had failed had done so because they ran out of time. Since the certification exam has a two hour time limit for 110 questions, I knew that my priority was to find the answers quickly. When the day came, I took the test and finished in plenty of time. I realized that I held a key to passing the test and knew that I could share it with others. Where others ran out of time, I found a way to beat the clock. My book continues to not only encourage others to take the exam, but to pass. The reviews on Amazon.com testify to my unconventional approach to the test taking. My premise is that the professionals already know the material, and I can show them how to organize studying to successfully pass the test.

And that’s the point. There was a problem and I knew I had the solution. Others continue to write to me as well as post positive comments about my book. To date, I still have no serious competition, but others are arriving to the market. I just have to stay on top. My publications allow professionals to focus on their careers, knowing I will provide quality niche related publications.

Industrial Security Newsletter - iContact Community

2011-04-16T13:10:00.000-05:00

Our Newsletter

Great Articles on Improtant NISPOM Topics:

Clean Desk Policy
Information Management Systems
Reproducing Classified Information
Upcoming Security Books

Check the NISPOM newsletter Industrial Security Newsletter - iContact Community

Clean Desk Policy

2011-04-08T08:27:00.000-05:00

NISPOM is for all cleared employees

Simple Solutions

Simple acts such as maintaining a clean desk policy has helped reduce security violations. In this situation, an employee removes everything from the tops of their working surfaces or desks except for the classified material. That simple practice could make a busy employee more aware that any articles on the desk requires extra diligence and must never be left unattended. When no longer needed, classified information should be locked up in a security container or closed area. If a desk is empty, the cleared employee can also assume that there are no classified items out. This discipline creates an environment that reduces the chances of the employee leaving a classified item vulnerable to compromise if they forget to secure it prior to taking a break or leaving for the day. Also useful is the posting of a desk tent and door hanger with an important reminder that classified items are left out. As the employee leaves their work area, they will encounter the warnings on their desk or door handle.

Information Management Systems

2011-04-07T18:16:00.000-05:00

Commerically available IMS use information technology to create a detailed database that helps FSOs track classified material through many dispositions from receipt, inventory requirements and final disposition. Some produce receipts, tie to a barcode scanner, report statistical data that can help determine use and much more. For example, if an inventory reveals missing classified information, the database can provide valuable information to help reconstruct the classified information’s history.

Databases can be tied to scanner software. Barcodes can be printed and applied to classified items for scanning. If an item is destroyed, shipped, filed, loaned or returned, it can be scanned and the status updated. These databases provide reports identifying when and where the barcode on the classified document was scanned and the last disposition. The FSO can use the technology to research dates, methods of receipt, contract number, assigned document number, assigned barcode, title, classification, copy number, location, and name of the receiver as follows:

Date of Receipt or Generation-This information is recorded to indicate the day the document arrived. It can be used as the countdown date for an inventory requirement or as a timeline or search method in case an employee needs to retrieve it. If a document cannot be easily traced, those conducting the inventory can use the date in reference to narrowing down search locations or options
How Received-Did the classified item arrive through USPS mail, overnight delivery, courier, hand carry, electronic means, derived from other research, printed or duplicated? This information is important to the FSO for use during DSS’s annual review.
Contract Number-Contract numbers are important in situations where a contractor may have hundreds of classified contracts including directions that the material classified at certain levels must be stored separately. This added column can assist with determining need to know, quick retrieval of receipts, records or the classified item itself. Additionally, the FSO can pull documents by contract number to return to customer during contract closeout.
Document Number-Cleared contractors operating an IMS can generate an internal document number for classified information entering the company.
Barcode-The barcode is an excellent tool for document filing, retrieval, inventory and internal tracking for cleared contractors with large inventories of classified information.
Unclassified Title-Unclassified titles should be used. If a receipt arrives with a classified title, the receipt will have to be protected as classified. If an unclassified title is not possible or desired, arrangements will have to be made to protect all records and receipts with the classified information annotated. The classified title cannot be put on an unclassified database.
Classification Level-Data with the classification identified helps during the retrieval process. Classified information with the additional designations or caveats of: FGI, NOFORN, INTEL, NATO and others should be filed separately according to regulations and contract requirements.
Copy Number-Copy numbers are used for multiple copies of existing classified material. For example, five copies of the same type of classified document could arrive or be duplicated on site. For example, XYZ Contractor number’s their documents sequentially. Document number 35601-02 is the 35,601st document entered into the system. Additionally, the -02 identifies it as the second copy of that document.
Location or Disposition-The exact location of classified material helps with the easy retrieval. To log a document into accountability with no location is fine for companies possessing a limited amount of documents. Those contractors or agencies with multiple documents and possible locations will want to identify the assignment for quick retrieval. An additional data field can be used to input shelf, GSA container, room or building number.

FSOs may also want to track the use of classified information checked out of a central location. This is similar to what a library does. Tracking the check out dates can help reconstruct where and when a document is used to find lost documents, help enforce need to know and provide better document control.

Studying for the ISP Certification?

2011-04-05T17:41:00.000-05:00

ISP Certification... Study Manual

Isn’t it Time You Earned the Industrial Security Professional (ISP) Certification?

If you are going to the NCMS National Convention in New Orleans, why not take our book with you. Red Bike Publishing has all of your ISP Certification and security reading covered. ISP Certification-The Industrial Security Professional Exam Manual

“(Your Name Here), ISP”—Imagine what certification can do for you!

If you are serious about advancing in your field, get this book. Learn the secrets to becoming influential, earning credibility and studying for the ISP Certification. Secret number one, you are a technical expert and know the business of protecting classified information. Let us help you prepare for the test. Our book helps you prepare for both your career and the ISP Certification Exam. Keep reading for sample questions.

NCMS has an excellent and successful study course known as the ISP Exam Preparation Program (EPP). We recommend that candidates check out the EPP and consider it as part of their study program. Consider visiting the NCMS national website for more information about the ISP Certification, qualifications and study groups.

Using our books to augment your ISP exam preparation will also help you be better prepared for the exam. Our book is the only one available for the ISP Certification and offers 440 practice questions. Our author teaches insightful study tips designed to show you how to: form study groups, network, seek out opportunities at work, learn your way around the NISPOM and has four exam length practice tests. It’s true, those who have bought our books and used our techniques to augment their preparation have performed very well. See our testimonials page for their stories.

Disclaimer from Upcoming DoD Security Clearances And Contracts Guidebook

2011-04-03T13:36:00.000-05:00

Get it here

Here is the disclaimer from our upcoming book. Just a little flavor of what you can expect. Please forward for others who might be interested

This book is designed to give defense contractors insight into the National Industrial Security Program. Our intention is to help defense contractors understand what is required of them should they become cleared facilities working on classified contracts. Any security and compliance related issues that an organization may face should be pursued with the Cognizant Security Agency (CSA), Government Contracting Activity (GCA) or other Federal agencies and legal activities.

This book is meant to compliment the federal regulations and executive orders bringing about the National Industrial Security Program. It is also designed to help the reader draw from experience and suggests ways to improve security programs. Those who are new to the field can use this as a guide, but should consult their CSA. We have made every effort to make this book as accurate and complete as possible. It has been written by an ISP Certified author and has been reviewed and edited by some of the most experienced Facility Security Officers , defense contractors and ISP’s in the business.

Not every defense contractor is the same. Classified contracts further differentiate requirements. Each contractor may have a unique mission based on skill sets and core competencies. Each contract has unique requirements based on product and service needs. Defense contractors working on classified contracts will have further defined roles based on requirements listed in the Contract Security Classification Specification (DD Form 254) and contract clauses and language. Specifically, cleared contractors have unique security requirements based on the DD Form 254 identifying the clearance level and classified storage level. The following are two examples out of many possible scenarios:

Example 1: A defense contractor is required to have a Facility Security Clearance (FCL) of TOP SECRET while having a classified storage level of TOP SECRET. In this case they can expect to have employees with TOP SECRET security clearances supporting contracts on site with TOP SECRET work and TOP SECRET information. In the course of their work they will store tens of thousands of classified items. Their security requirements are complex depending on the amount of classified items, level of classified information, amount of international contracts, and etc.

Example 2: In another example a contractor has a SECRET FCL and no authorization to store or perform classified work on site. They require the SECRET FCL for the sole purpose of providing employees with security clearances to perform work off site at a customer location. They will have no requirement for security containers or in-depth security to protect classified information on site.

The purpose of this book is not to provide exact solutions for each of thousands of possible scenarios. There are too many variables to be contained in any one book. It is written to inform and provide resources that the defense contractor can use to either seek additional expert help from the CSA, GCA, Prime Contractor or competent consultant. This book is written to reflect guidance from the National Industrial Security Program Operating Manual (NISPOM), but is not written to be used instead of the NISPOM. Additionally, there is guidance in the NISPOM not covered in this book. This book is written to familiarize and inform defense contractors with NISPOM requirements. The NISPOM is the manual cleared contractors should use to build their security programs to protect classified information. This book covers general areas most cleared contractors may encounter. It is meant to help the reader determine which parts of NISPOM apply, direct the reader to available resources and suggest general ways of implementing the NISPOM. The reader should always consult NISPOM, GCA, Prime Contractor and the CSO concerning policy and contract requirements.

Cleared and Certified - Wired Workplace

2011-04-02T13:52:00.001-05:00

Helpful resource for security clearances

Cleared and Certified - Wired Workplace Interesting news on salaries for cleared and certified employees. Cleared employees earn 12% more than their counterparts. Many in the DICE poll also claim certification has helped them earn a new position.

Five Good Points to Consider In the Reproduction of Classified Information

2011-03-31T20:19:00.000-05:00

Five Good Points to Consider In the Reproduction of Classified Information

1. Start at the beginning; establish controls to limit access to classified information. An Information management system, access control system or other means of controlling who accesses classified information, when they access it and what they do with it is the right place to start.

2. Establish policy controlling use of classified reproduction equipment. Copy machines, scanners and other reproduction equipment should be identified and designated for classified information reproduction. Additionally, all other enterprise equipment should be off limits to classified reproduction.

3. Control the use of unclassified reproduction equipment. This will help prevent security violations where authorized employees access classified information and copy it using public copiers, load them to unauthorized disks, fax them using unauthorized machines all in an effort to remove it from the company undetected.

4. The FSO should consider the type of equipment they purchase, lease or rent. When service contracts expire, repairs are needed, equipment is to be replaced or other transactions replacing or removing the equipment occur, the hard drive or memory should be destroyed or wiped in an approved manner to remove all stored classified information.

5. Afford copies the same level of protection as the original. Ensure the markings are legible and stand out. Also, assign document numbers to track the amount of copies made. For example, if a copy of a document assigned an internal document number 401is copied, the new number might be 401 copy1 or 401-01.

How Cleared Contractors Appoint Facility Security Officers

2011-03-22T17:54:00.001-05:00

Excerpt From Our Newest Book

Becoming a cleared defense contractor demands more than just a defense contractor getting a security clearance. It's more to do with, what to do once the clearance is awarded; specifically, protecting classified information. This protection involves physical, classified processing, and information security. It's more than just buying safes, installing access controls and getting employees security clearances. Primarily, the cleared contractor must appoint a Facility Security Officer (FSO) responsible for implementing a program to protect classified information.

To better answer frequently asked questions, I've written several times on the topic of selecting the right Facility Security Officer (FSO) qualifications. According to the National Industrial Security Program

Operating Manual (NISPOM), the FSO must be a US Citizen and be cleared to the level of the facility (security) clearance (FCL); period. This provides a lot of room for a cleared facility to figure out how to get the job done. However, in the book, DoD Security Clearances and Contract Guidebook-What Defense Contractors Need to Know About Their Need to Know, the author identifies what additional qualifications cleared contractors should recognize prior to appointing or hiring the FSO.

Primarily, the FSO should understand how to protect classified information as it relates to the cleared contract, organizational growth, enterprise goals, and NISPOM guidance. The FSO should be able to conduct a risk analysis, express the cost, benefits and impact of supporting a classified contract under the NISPOM requirements and incorporate an environment of cooperation and compliance within the enterprise. Finally, they must be able to influence and compel the senior leaders to make good decisions, support compliance and integrate security into the corporate culture. After all, security violations not only cause damage to national security, but could also impact the organization with loss of contracts. The FSO is pivotal to the successful execution of classified contracts.

In larger cleared contractor organizations the FSO is a full time job held by a department manager or higher level person. This FSO is supported by a staff of security specialists who may manage classified contract administration, safeguarding classified documents, process classified information on information systems, security clearances and other disciplines. The FSO oversees the entire security program as executed by the competent staff. In a best case scenario, they will report to the senior officer of the organization.

In small business the FSO may be the owner, chief officer, vice president or other senior leader picking up an additional responsibility. This is more of a situation of selecting the most knowledgeable, capable or competent and is usually the best choice. However, these people are already very busy trying to meet cost, scheduling and performance objectives. They may be able to implement and direct a security program to protect classified information, but not the day to day job functions that can pull them away from critical tasks. Jobs such as document control, visit authorization requests, security clearance requests and etc can be delegated to other competent, organized and less busy employees.

When competing for classified contracts, the winning company must be eligible to receive a security clearance. Prior to performing on the contract, they should have a security clearance in place and appoint an FSO. The FSO is responsible for the security program, but not necessarily solely responsible for executing the day to day activities. Just as FSOs in large organizations have a staff of employees, the FSO of small organizations should delegate day to day activities to competent cleared employees.

DoD Security Clearance and Contracts Guidebook — Red Bike Publishing

2011-03-12T20:45:00.001-06:00

DoD Security Clearance and Contracts Guidebook — Red Bike Publishing

Our Newest Book

DoD Security Clearance and Contracts Guidebook - What DoD Contractors Need to Know about Their Need to Know

Coming April-Pre-Order your copy now

This new book will demystify the security clearance process and help cleared contractors develop security programs to win and keep classified contracts. It is a good companion for all seasoned and novice defense contractors, Facility Security Officers (FSO) and the college student.

Defense contractors can confidently pursue classified contracts with:
•Step by step guide demonstrating how to meet requirements for security clearances
•Senior leader responsibilities in security cleared facilities
•Classified contracts administrative responsibilities
•Method for reducing costs associated with protecting classified information and NISPOM requirements
•Description of exceptional (FSO) qualities

Cleared contractors can protect program information through:
•Building award winning security programs
•Understanding international operations
•Improving Defense security services (DSS) inspection results
•Winning the Cogswell award

Security professionals and FSOs can:
•Build skills as a security specialist or FSO
•Gain access to valuable resources for security programs

College students can:
•Improve understanding of national security
•Learn new career opportunities
•Have a vauluable resoure for homeland security studies

Ready for pre-order, get yours today.

Pre-Order Paperback Version-$24.95
Pre-Order Hardcover Version-$34.95

Dice Holdings, Inc. - Press Release

2011-03-11T06:22:00.001-06:00

Learn about
Security Clearances

Those holding security clearances aren't as affected by the economy. Cleared defense contractors seem to be isolated against job related uncertainties experienced by otheres in the private sectors. This report issued by Dice Holdings, Inc. expresses the benefits of working with a security clearance.

Dice Holdings, Inc. - Press Release

ISP Certification

Also, if you have a clearance, consider the job security offered by certification. Security specialists can further protect themselves with ISP Certification.

Join our Team

2011-03-08T16:16:00.001-06:00

Now you can receive 10% payment by referring customers to Red Bike Publishing. Join our affiliates program and receive 10% of any product sold through the Red Bike Publishing online bookstore. Our products sell from $7.00 to $99.00. That means an earning potential of up to $9.00 for each item sold through our store. Why not enhance your website by offering quality security and compliance books through Red Bike Publishing.

How?
1. Simply visit http://www.redbikepublishing.com/affiliates/

2. Scroll to the bottom of the page and click the link in the yellow box that says “Click here to join Red bike Publishing's’ affiliate program”

3. Login or Register

4. Under “Manage Your Affiliate Account” click “Get Affiliate Code”

5. Select “Red Bike Publishing” as the merchant

6. Click the button “Get Affiliate Code”

7. Copy the link provided in the yellow box.

8. Add the link to your website.

That's it...we hope to see you on our team.