Security Executive Blog

Just five short years ago several changes came out almost simultaneously. The changes challenged the thinking of many security specialists because the ideas were so new. The proactive employees put plans into place that made the changes easier to implement within their organizations. The others found themselves implementing the changes at the last minute. I cannot imagine working without the Joint Personnel Adjudication System (JPAS). However, when it first came out the protest was pretty loud. One of the many objections identified using JPAS to submit visit authorization requests instead faxing personal identifiable information to a hosting cleared facility. I heard one FSO comment that “need to know” could not be properly controlled by such an impersonal system. Though unfounded, such objections still needed to be met. T o prepare industry for the new process, Defense Security Services and professional organizations such as NCMS (Society of Industrial Security Professionals)...

According to E.O. 12869, no one can have access to classified information unless they have been determined eligible for a security clearance and have “need to know”. Access is a determination made by an expert based on the results of a proper investigation. This eligibility is easy to determine after the U.S. Government provides the notification of a granted security clearance or upon validation of an approved cognizant security agency database. When an employee is granted a CONFIDENTIAL, SECRET or TOP SECRET clearance they are eligible for access to classified information at the level of clearance and below. However, the rest of the story concerns “need-to-know”. Need to know is a determination made by the possessor of classified information. This cleared employee not only has to determine that recipients of the information have the proper clearance, but that the cleared person is authorized to perform classified work based on a true government requirement. Just as security c...

Identification is a critical part of our business. Those who possess classified information cannot just disclose it to anyone who asks; verification is necessary to ensure that those who are authorized to receive such information are who they say they are. Sometimes identification is made visually through recognition of a friend, colleague or co-worker. More often than not the visual recognition is backed up with technology. Many contractor and government organizations and agencies have internal identification systems using software and hardware designed to recognize biological and electronic information. There are many configurations of card reading technology. Some use picture badges unique to organizations coupled with small chips providing a code for entry into access controlled areas. At any given time you can identify such employees by the card dangling at the end of a lanyard. Perhaps even some are laden with multiple cards pushing the lanyard’s published tensile st...