Classified information should only be reproduced in response to a contractual requirement such as in the performance of a deliverable. Reproduction should not be made as a matter of convenience as it puts classified information at unnecessary risk and it requires dedicated resources. The FSO can enforce resource discipline with:
1. Creating processes and procedures identifying reproduction only as necessary and using only approved equipment
2. Ensuring only trained and authorized personnel are able to reproduce classified information.
3. Identifying office equipment, copy machines, scanners and other reproduction equipment for classified information reproduction. All other enterprise equipment should be off limits to classified reproduction.
This can be accomplished through signs identifying authorized equipment as “Approved for Classified Production at the _______ level”. Other equipment would be identified as “Not authorized for the reproduction of classified information”.
4. Considering the type of equipment the company purchases, leases or rents. When service contracts expire, repairs are needed, equipment is to be replaced or other transactions replacing or removing the equipment occur, the hard drive or memory should be destroyed or wiped in an approved manner to remove all stored classified information. DSS can help determine this approved method and guidance is available in Chapter 8 of the NISPOM.
Copying classified information is serious business. The FSO has a big role and should make the determination of how many and who to authorize. Decisions can be based on contractual needs, workload or other valid reason. However, procedures should be established that identify authorized persons and train them how and when to copy classified information and how to protect it. Procedures should include detecting and deterring unauthorized reproduction of classified information, documenting copies according to the IMS procedures, marking, storing and disseminating the classified information.
For more details, see Chapter 7 of DoD Security Clearances and Contracts Guidebook
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM
Information for the CIO, CSO, FSO, ISSO and other security professionals. Understanding NISPOM and ITAR compliance is tough. With over 12,000 cleared defense contractors, a majority of those don't have a security staff. We'll hope to help fill the gap. From security clearances to performing on classified contracts, you can find help here.
No comments:
Post a Comment