Security Executive Blog

  By: Jeffrey W. Bennett, SAPPC, SFPC, ISOC, ISP Many cleared employees conduct  derivative classification  in the performance of their contracts. Derivative classification can be conducted in the organization or at customer locations. Derivative classification includes, paraphrasing, incorporating, restating or regenerating classified information into a new form. Since contractors are not performing original classification, most of their work would involve using classified sources to create new classified products. Here's the important part, no training; no work. Executed National Industrial Security Program Operating Manual (NISPOM) training and documentation is the difference between performing on classified work and not being able to meet contractual requirements. Cleared contractors must plan to train cleared contractor employees who perform derivative classification responsibilities. The NISPOM outlines requirements for derivative classification train...

  By: Jeffrey W. Bennett, SAPPC, SFPC, ISOC, ISP FSOs and security specialists should understand the NISPOM requirements enough to guide their organizations through compliance issues. It takes a tremendous understanding of NISPOM and requirements to prepare for and pass the the annual security review. Additionally, defense contracts can require exquisite performance services and products testing even the most experienced. How does one gain an understanding of NISPOM? With revieing, training, testing and use. Cleared employees should have a copy of NISPOM, DD Forms 254, and other resources describing security requirements. The NISPOM provides the protection standards. How will one understand NISPOM if they don't read, study and apply? With practice, you can develop a keen understanding of NISPOM. If you are serious about advancing in your field, work on your knowledge of NISPOM. Who knows, it may also set you up to prepare for certification. First, download your copy of NISPOM....

By: Jeffrey W. Bennett, SAPPC, SFPC, ISOC, ISP    Today, we delve into an often overlooked yet crucial aspect of corporate security programs: the dynamics between the Senior Management Official (SMO) and the Facility Security Officer (FSO). This topic is an extremely important part of the  FSO's professional developmen t. This relationship is vital for maintaining not just basic security compliance but achieving greater recognition and trust from agencies like the Defense Counterintelligence and Security Agency (DCSA). As presented, there is a substantial opportunity for organizations to enhance their security posture by nurturing this professional relationship. Understanding the Roles The FSO is tasked with executing a cleared facility's security program, ensuring policies, procedures, and programs are in place to manage and protect classified information. Conversely, the SMO, a key management person, oversees the broader security compliance and isn't just a figureh...

  By: Jeffrey W. Bennett, SAPPC, SFPC, ISOC, ISP Demonstrating NISPOM compliance requires both an in-depth knowledge of NISPOM requirements and the ability to grasp administrative tasks. For example, the cleared company’s Senior Management Official (SMO) and Facility Security Officer (FSO) implement the NISPOM within their organization to address risk to classified information. While these leaders oversee and execute NISPOM requirements, there may be issues with demonstrating how they are meeting compliance. With a bit of organization, compliance can be easily demonstrated with the correct artifacts and documentation. In my newsletter, I tackle NISPOM compliance and lead with three pillars. One of which is a continuous study of NISPOM and application of FSO and  NISPOM professional development ; both critical to technically proficiency. The other resource is the  Self-Inspection Handbook for NISP Contractors , which covers all NISPOM topics. Using the handbook as a p...

  Welcome to the New Year. Like most of us, you might have some new years resolutions. Fitness, excellence, service and professional new years resolutions abound. If you made "becoming an FSO of excellence", "learning the NISPOM", "undertaking professional development", or other resolution, we hope you might start with us. These are three great books that go well together to teach NISPOM and help you meet your resolutions head on. NISPOM  - Of course it's the fundamentals and you should always have one at hand.  Get knowledge. How To Get Government Contracts and Classified Work  - Beyond fundamentals, this book describes FSO tasks, shows how to demonstrate compliance and helps you build your security program.  Apply your knowledge ISP and ISOC Master Exam Prep  - Sure, it was designed for certification, but it's actually a book loaded with hundreds of questions from the NISPOM.  Measure your knowledge. NISPOM Central Link to FSO Professional Develo...

  By: Jeffrey W. Bennett, SAPPC, SFPC, ISOC, ISP Have you noticed the lack of books for security specialists and FSO Professional Development? Sure, you can find books on security and loss prevention, but they do not tackle the tough NISPOM and FSO requirements. Many FSOs rely on professional organizations and other sources to provide the education they need. However, building a library of books is very difficult. Most information for FSOs remain in various online locations. However, an FSO library can include some low hanging fruit that you can download from DCSA and other government and professional organization websites. We recommend that you download the following as foundations to your FSO Library: NISPOM ITAR DoD Instruction 5200.48 Controlled Unclassified Information (CUI) 32 Code of Federal Regulations, Part 2002 Controlled Unclassified Information NIST Special Publication 800-53, Revision 5 Security and Privacy Controls for Federal Information Systems and Organization...