Thursday, August 25, 2011

Five ways to improve annual security refresher training



Give your cleared employees the training they need to be able to focus on how to protect their classified contracts. We all know that to check the block, the annual refresher training should complement the initial security training. But does it have to be the same presentations over and over? Engineers, supervisors, program manager and others are extremely intelligent and want to be challenged. Here aer some great suggested to help you do just that.

     1. Build on last year’s training. Many FSOs make the mistake of providing initial security briefing every year with here’s how to mark, lock it up in a security container, and on and on. This insults people’s intelligence and limits your effectiveness.  For example, you might demonstrate the importance of reporting by highlighting how reporting has helped reduce security violations or even streamlined a process.

     2. Make training relevant to the cleared employee’s mission. Things to consider are contract statements of work, DD Forms 254, mission statements, vision and etc. Make the training real to how the employee performs.

     3. Change the format, location, time and setting. There is no rule that says training has to be PowerPoint based or a lecture. Consider using working groups or workshops and invite cleared employees to solve security issues. Develop a scenario, provide the NISPOM guidelines and have the group come up with the solution. Workshops and panel discussions provide out of the box thinking. The FSO becomes a facilitator and not a lecturer.

     4. Bring in experts. You can invite fellow FSOs, speakers from professional organizations, consultants, counter-intelligence experts and etc to provide your training for you.

     5. Provide training based on organizational structures. Executives and KMPs want to know how security policy impacts classified contracts and the organization. Cleared employees want to know how to engage security in their performance on classified contracts. Supporting elements such as human resources, facilities and legal might have other concerns. Creating tailored training gets results.








For more security clearance ideas, books and more, visit http://www.redbikepublishing.com

Thursday, August 18, 2011

Forms You Might Need to Know About


These standard security forms are used in administering the security classification programs in Government. Industry members should contact their contracting agency for information on how to obtain these forms.
The majority of these items are available through the General Services Administration's (GSA) Federal Supply System. Some of the forms are available online at the GSA web site or can be obtained by calling
1(800) 525-8027.

*     SF-312 Classified Information Nondisclosure Agreement
The SF-312 is a contractual agreement between the U.S. Government and a cleared employee that must be executed as a condition of access to classified information. By signing the SF-312, the cleared employee agrees never to disclose classified information to an unauthorized person.
*     SF-700 Security Container Information
The SF-700 is a form that contains vital information about the security container in which it is located. This information includes location, container number, lock serial number, and contact information if the container is found open and unattended.
*     SF-701 Activity Security Checklist
The SF-701 is a checklist that is filled out at the end of each day to insure that classified materials are secured properly and allows for employee accountability in the event that irregularities are discovered.

*     SF-702 Security Container Check Sheet
The SF-702 provides a record of the names and times that persons have opened, closed and checked a particular container that holds classified information.
The following three cover sheets are placed on top of documents to clearly identify the classification level of the document and protect classified information from inadvertent disclosure.
*     SF-703 Top Secret Cover Sheet
*     SF-704 Secret Cover Sheet
*     SF-705 Confidential Cover Sheet
The following labels are placed on various forms of U.S. Government property (i.e. CDs, diskettes, computers, etc.) to clearly identify the classification level of the information located in or on that property.
*     SF-706 Top Secret Label
*     SF-707 Secret Label
*     SF-708 Confidential Label
*     SF-709 Classified Label
*     SF-710 Unclassified Label
 In a mixed environment in which classified and unclassified materials are being processed or stored, this label is used to identify media that contains unclassified information. It's function is to aid in distinguishing among those media that contain classified information in a mixed environment.
*     SF-711 Data Descriptor Label
Used to identify additional safeguarding controls pertaining to classified information that is stored or contained on various forms of media. 

For more information, visit the Industrial Security Oversight Office

Wednesday, August 17, 2011

Classified storage approval... Three Steps to Prepare Defense Contractors for Closed Areas

As a Facility Security Officer, you take the lead in creating a security program designed to protect classified information. You are at the cutting edge of your cleared contractor organization's capability of getting and keeping classified contracts. As such, you should also be the senior executive's right hand and have successfully established the required relationship to provide sage security council.

Some topics relevant to your organization might be:
Where are we heading?
What type of classified storage might this require?
What will be the cost and impact to the company?
How is my security program poised to support current and new contracts?

If a new or existing contract requires dedicated space to perform on and store classified information, a "Closed Area" may be required. A closed area is used to safeguard classified material of unusual "size, nature, or operational necessity, and cannot be adequately protected by the normal safeguards or stored during nonworking hours in approved containers" and NISPOM 5-306 provides minimal guidance on cleared contractor responsibilities and 5-800 provides construction information.

1.  Ensure you have a classified contract that approves classified storage and performance at the prospective closed area location.
You can find this information on the top right corner of the DD Form 254. There are two blocks there that indicate Facility Clearance Required and Level of Safeguarding Required. Block 11 should be marked with the Cleared Contractor's requirements in performance of the classified contract (store, receive only, fabricate, etc). Further instructions may be found in Blocks 13 and 14. If you have any questions, you should clear it up with the customer. Your responsibility as FSO is to ensure your company is capable of understanding the security requirements and performing as instructed. It is vital that your executives and customers are in complete synchronicity

2. Work with your Defense Security Services to ensure they understand the requirements and there are no surprises. 
DSS has oversight and as such, they will verify that your classified contract, storage capability, and security program will protect classified information.  As such, the cleared defense contractor, your organization will also have to produce and demonstrate storage and performance procedures before approval.

3. Identify level of security.
For the storage of SECRET and above in a closed area, you will need to use supplemental protection during non-working hours and use approved locking devices for access control during working hours (see NISPOM 5-306). Access control can either be a cleared person making checks or an automated system. If you don't already have an area that meets approved construction requirements, you might have to make significant modifications to an existing room or completely build a new room. If so, consider taking pictures throughout the construction as you build so that you can demonstrate compliance. After construction is done, it will be hard to verify proper construction once construction is complete. At any rate, work closely with your DSS rep and Prime contractor or GCA.

That's it, these three steps should be addressed as a minimum before you invest critical resources to dedicate construct space for a "closed area". Closed areas help protect classified information that cannot be otherwise protected, but it costs money. Approval of closed areas may require further approval of open bin storage. 

For more information, check out our new book, DoD Security Clearances and Contracts Guidebook

Wednesday, August 10, 2011

Ask the FSO

Dear FSO,

I was wondering if you could have your folks move my desk for me. The executive assistant recommended that I contact you since you are the "facilities officer".
 *****
Move M. Emuch

Dear Move,

Chapter three of the NISPOM lists training requirements that all cleared employees must take. The FSO's challenge is to ensure that the cleared employees understand their requirements, understand the training, implement what they learned and of course sign the training record.

When you invest in security training your employees will benefit. Required training topics include NISPOM requirements:


 
  • Threat Awareness
  • Defensive Training (foreign travel briefing)
  • Overview of the Security Classification System
  • Employee Reporting Obligations and Requirements
  • Security Procedures and Duties Applicable to the Employee’s Job
  • Marking Classified Material
  • Safeguarding Classified Material
  • Control and Accountability
  • Storage and equipment
  • Transmission
  • Original Classification Authority
  • Performing on Classified Contracts

 

Ask the Security Manager (FSO)

Dear FSO,

I was wondering if you were going to contribute to the coffee fund. I noticed that you were participating, but I need to sign you up.

Coffee Joe,

Dear Coffee,

To have an effective security program it's important to have the organization buy into the security program from the top down. Having the most senior executive support and implement the security program into the entire company culture is key. The NISPOM also requires that the most senior officer of the company and the FSO to be cleared at the highest level of the facility clearance (FCL).

Saturday, August 6, 2011

Security in depth is a concept similar to peeling back the skin of an onion. Each layer you pull back reveals another layer. The more you peel back, the more layers remain. Eventually you wear it away, but it takes a while to get there.

According to Defense Security Service DSS security training, "Security-in-depth is a concept that employs security measures in levels or steps." 

This concept can be demonstrated in a walk through a virtual walk through a cleared facility. The cleared facility is approved to store secret information. As such, the only requirement is to keep the classified information in a General Services Administration GSA approved container or safe. 

Let's begin at the security container. The container provides the deter and detect capability necessary to protect the secret information, documents or hardware. It is difficult, but not impossible to break the container open, but once you do, it will be difficult to hide the damage. Therefore, you'll take a while to beat, tear, pry, explode and etc. While attempting, you will create a lot of noise dust and commotion.

As we back out, we can see that the door has a lock on it. This lock is another layer of protection. The protection can be more effective if a high security lock, bio scanner, bio reader, combination or other cipher lock is employed. 

As we move out even further, we might find additional layers such as alarms, card or badge readers, guard stations, closed caption television CCTV or other security measures are employed. Again, not necessary according to NISPOM but can be considered security in depth.

We can continue all the way outside of the building where we might find barriers to entry to include a receptionist, more card readers, scanners or bio readers. The parking lot may have additional lighting, jersey barriers or other ways to prevent unauthorized access.

The physical security measures create layers of protection, where different assets may require different levels of protection. As we demonstrated in earlier blogs and DoD Security Clearances and Contracts Guidebook, the best way to evaluate security in depth needs is to conduct a risk assessment. Use the assessment to integrate physical, IT and information security protection and protective systems.

Tuesday, August 2, 2011

How to get a defense security clearance



DoD Security Clearances

Can you keep a Secret?
Do You Know How to Get and Keep a Security Clearance?

Turn your passion for business into work for the government. Discover what you need to know about how to get a security clearance and perform on classified contracts.


Who this Book is For:

Have you seriously considered what it takes to get a security clearance you need to become a cleared contractor employee or build your business as a cleared defense contractor? My book answers the tough questions:

How do I get employed if I can’t get a clearance and…

….I can’t get a clearance unless I am employed.

The truth is, the government publishes information on how to get a clearance. However it’s not easily accessible nor is it easy to interpret.

You need a clearance to get hired. Your business needs a facility clearance to perform on classified contracts. However, you can’t get hired unless you have a clearance. Your business can’t perform on classified work unless it has a facility clearance.

Confused yet?

Perhaps you are one of the many who have questions about getting a security clearance. Maybe you are interested either as an employee or business owner in getting a security clearance, but don’t know how to get started.

A little clarity from the bureaucracy

My name is Jeff Bennett and I am board certified to protect classified information. I teach the Industrial Security Management Course at University Of Alabama Huntsville and am the author of the “go to” book DoD Security Clearance and Contracts Guidebook-What Defense Contractors Need to Know About Their Need to Know. After 25 years in the Army and industrial security business, you can say that “I’ve been there and done that”.

I wrote this book with you in mind. I specifically address the requirements of defense contractors operating under the Department of Defense oversight. The Insider’s Guide to Security Clearancestakes you through the security clearance process.

Other than government regulations, there are few published books addressing security clearances. Insider’s Guide to Security Clearances provides answers to what it takes to get a clearance or prepare for work on classified contracts.

It will assist the college student studying industrial security or homeland security, upstart companies looking for work, and new industrial security employees with understanding the fundamental demands of a career in Industrial Security.

Having been tasked with the mission to research all that I could about Security Clearances and the Facility Security Officer (FSO) position at a government contracting firm, it was difficult to find resources on the topic that were available for the up-and-coming FSO. In this book, Mr Bennett gives clear and concise answers to help guide the way for those that haven’t been in the industry for long or at all. And with the Kindle edition, it was easy to have the book with me for reference whenever I needed help with knowing which forms to use, what acronyms stand for, and what is the next step in the Security Clearance process. I highly recommend this and other RedBike Publishing books on the subject – they are quite helpful for those new to the industry and those that are refreshing their studies. Amazon.com Review

What you should know:

Employees and defense contractors seeking a security clearance are often uninformed on how to get them. Some think that security clearances can be granted to allow them to be more employable. Businesses compete for classified contracts to be more competitive. However, security clearances are granted only on a contract and legitimate government work that requires access to classified information.

Don’t just take my word for it, check out the interview

How to get a security clearance



Benefits of owning Insider’s Guide to Security Clearances
Understand what it means to be a cleared contractor
Organize and get your facility clearance faster
Keep your security clearance
Who the most important employee is
Perform on classified contracts

Insider’s Guide to Security Clearances is divided into chapters with you in mind. The way our book differs from other security clearance books resides in following chapters describing what to do once a clearance is granted. We can’t promise to help you get a clearance. Getting a security clearance depends on whether or not you or your business is trustworthy and you have products or services needed by the government or another contractor. This book only provides an overall view that is covered in more detail in the National Industrial Security Program Operating Manual(NISPOM) and the book, DoD Security Clearance and Contracts Guidebook-What Defense Contractors Need to Know About Their Need to Know, both available from Red Bike Publishing.

I’ve organized this book with chapters walking the reader through registering as a defense contractor, the facility security clearance and personnel security clearance process, the required appointed positions, the National Industrial Security Program and how to protect classified information. For example, once a facility clearance is granted, a Facility Security Officer (FSO) must be appointed to manage the security of classified information and contracts. This book addresses the general FSO duties that may be assumed by the business owner or an appointed cleared employee. It also lets the non business owner reader know what to expect once they get their security clearance.

Insider’s Guide to Security Clearances teaches you the security clearance process. I can’t guarantee that you will get a security clearance, but my book will lead you through the process. All coordination for the security clearance process should be conducted through the government, Defense Security Services and a Facility Security Officer.

All this for only $7.95

Here is the abbreviated Table of Contents

Chapter 1 How the Security Clearance Process Works
How Defense Contractors can Get Facility Security Clearances
Oversight of classified contracts

Chapter 2 Personnel Security Clearances (PCL)
How Personnel Security Clearances are Granted
The Continuous Evaluation Process
The Adjudicative Process
What happens when the security clearance is granted
What you can do when a security clearance is denied
What to while waiting for the investigation and adjudication

Chapter 3 The Industrial Security Program
A National Level View of Protecting the Nation’s Secrets
How the U.S. Government assigns classification levels 33
Protection of Classified Information

Chapter 4 Managing the Security of Classified Contracts
Identifying Customer Requirements
Interpreting Requirements in the DD Form 254 and NISPOM
FSO Training
Briefings
Annual refresher training
Reporting Security Violations
Career Advancement Opportunities
Becoming a cleared contractor
Helpful Websites

You can buy from Red Bike Publishing or Amazon.com
If you choose to buy from us, you can pay by credit card or paypal by selecting the “Add to Cart” button:
1. Click the “Add to Cart” button.
2. You will be taken to PayPal’s website and should see this product listed. On this page you must login with your PayPal account OR press the “Continue” button to enter your credit or debit billing information. You do not need to have a PayPal account to purchase.
3. Please read carefully and follow all of PayPal’s instructions for completing your transaction.
4. After you finish your transaction, you will be directed back to the product. If the page does not load after 5 seconds, please click the provided redirect link given by PayPal.
5. If you have any problems with the transaction, please contact us immediately at editor@redbikepublishing.com
View Cart