Security Executive Blog

National Industrial Security Program (NISP) Enhancement Category 6 is: Classified Material Controls/Physical Security. DSS can quantify a cleared contractor’s ability to track classified information throughout its lifecycle, implement countermeasures to deny access to sensitive information, and provide accountability of all classified information through this process. The FSO’s ability to demonstrate such capability is impactful and can help DSS determine whether or not the cleared facility is going “above and beyond NISPOM requirements.  Below are three ways an FSO can demonstrate going above and beyond the NISPOM requirements: 1.  Track location and disposition of classified information-This can be done on the cheap or with a decent Information Management System (IMS) such as software provided by vendors like SIMSSoftware . The point is for the FSO to not only know what they know about classified information moving within and without of the cleared facility, but to also de...

Category 5 of the NISP Enhancement Program is titled: Self Inspection. Here, a cleared contractor's FSO documents a self inspection as part of a continuous security program evaluation. This is simply a health check of the established security program designed to safeguard classified information. The Defense Security Services (DSS) recommends that the cleared contractor’s Facility Security Officer (FSO) share the inspection results with their industrial security representative to keep communication open as well as address any issues that might be resolved prior to the scheduled DSS annual review. The self inspection should be designed to evaluate all National Industrial Security Program Operating Manual ( NISPOM ) areas the cleared contractor operates under. At a minimum, each facility should inspect its compliance with NISPOM Chapters 1-5 and parts of Chapter 6. These chapters cover general security, personnel and facility clearances, FSO roles and responsibilities, required tra...

Category 3 of the NISP Enhancement covers Security Education: Information/Product Sharing Within the Community.  This focuses on the FSO providing security education peers and other FSOs outside of their organization. This is a security community event where contractors and government managers can learn from each other. Think Society of Industrial Security, American Society of Industrial Security, or other professional organization level event. Or it can be a smaller venue. Either way, involve others outside of your organization. This demonstrates contribution to the community, a pursuit of improving national security, and helps quantify going above and beyond. For example, an FSO uses their facility, creates an agenda and executes a security conference or training event. Or, committees can be formed to share the tasks. Education of this magnitude has tremendous value as the security community learns from experiences and examples of their peers and applies them at their own organ...

Category 3 of the NISP Enhancement continues with Security Education. This category addresses internal security staff professionalization. Specifically, it measures whether or not security staff training exceeds NISPOM  training and DSS FSO certification requirements to include obtaining on-going professional certifications and incorporating the knowledge through the organic security program. There are currently several certifications and training available to the security professional, including some recommendations by DSS: Industrial Security Professional ( ISP) FSOs could set the ISP Certification as a goal and encourage staff employees to achieve. When employees study for the ISP Certification, they learn: how to read and apply the NISPOM, the importance of forming professional relationships with cleared employees, how the cleared contractor and the DSS representatives interact, and much more. DSS also understands the importance of individuals...