Monday, October 29, 2012

Try these 5 ISP Certification Questions

Here are 5 ISP Certification Questions you can try. Right out of ISP Certification-The Industrial Security Professional Exam Manual.




106. Which agency has classification authority and can authorize release of COMSEC information
to a foreign person?
a. NSA
b. DIA
c. CIA
d. DoD
e. DOE




107. The FSO, COMSEC and alternate COMSEC custodian shall be briefed by the _____ or their
designee.
a. Government representative
b. KMP
c. FSO
d. COR
e. Outgoing custodian

108. Initial reports submitted to the FBI must be followed up by:
a. Telephone reports and submitted to CSA in writing
b. Written reports and a copy submitted to CSA
c. Face to Face reports and submitted to CSA in writing
d. A and b
e. All of the above

109. When sending a report for changes in cleared Key Management Personnel, what information
must be included:
a. Level of clearance and when cleared; date and place of birth; social security numbers; citizenship;
status of exclusion from access
b. Special accesses; citizenship; date of employment; date of birth and current address; date of
facility clearance
c. Date of employment; clearance level and date; citizenship; social security number; status of
exclusion from access
d. Special accesses; date and place of birth; social security number; date of employment; status of
exclusion from access
e. Special access, level of clearance, citizenship

110. The _____ is required to periodically review existing Security Classification Guidance and
issue revisions:
a. FSO
b. CSA
c. GCA
d. DoD
e. Secretary of Defense



Scroll Down for the answers


106. Which agency has classification authority and can authorize release of COMSEC information
to a foreign person?
a. NSA (NISPOM 5-507)
b. DIA
c. CIA
d. DoD
e. DOE

107. The FSO, COMSEC and alternate COMSEC custodian shall be briefed by the _____ or their
designee.
a. Government representative (NISPOM 9-404)
b. KMP
c. FSO
d. COR
e. Outgoing custodian

108. Initial reports submitted to the FBI must be followed up by:
a. Telephone reports and submitted to CSA in writing
b. Written reports and a copy submitted to CSA (NISPOM 1-301)
c. Face to Face reports and submitted to CSA in writing
d. A and b
e. All of the above

109. When sending a report for changes in cleared Key Management Personnel, what information
must be included:
a. Level of clearance and when cleared; date and place of birth; social security numbers; citizenship;
status of exclusion from access (NISPOM 1-302g)
b. Special accesses; citizenship; date of employment; date of birth and current address; date of
facility clearance
c. Date of employment; clearance level and date; citizenship; social security number; status of
exclusion from access
d. Special accesses; date and place of birth; social security number; date of employment; status of
exclusion from access
e. Special access, level of clearance, citizenship

110. The _____ is required to periodically review existing Security Classification Guidance and
issue revisions:
a. FSO
b. CSA
c. GCA (NISPOM 4-103b)
d. DoD
e. Secretary of Defense


How did you do? Are you ready for the exam? If you need more practice, consider ISP Certification-The Industrial Security Professional Exam Manual, ISP Test Tips, or any number of related books at www.redbikepublishing.com

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Friday, October 26, 2012

SETA and Annual Security Refresher Training


In the National Industrial Security Program Operating Manual (NISPOM) world, cleared contractors know to perform training to better equip cleared employees to protect classified information. This training comes under many different names and programs; annual security awareness training, annual refresher training, initial security training and required security briefings among others.  Some of the phrases are interchangeable. For example, where the NISPOM requires annual security refresher training, FSOs may conduct “annual refresher training” or similarly worded training events.

The point is, regardless of the event title, cleared contractors should conduct training to standards listed in NISPOM Chapter 3 and defend the training with proper documentation. The training execution is left to the contractor as long as the required elements are in place. As a refresher, these elements are:
1.       Reinforce topics provided during the initial security briefing
a.     A threat awareness briefing.
b.    A defensive security briefing.
c.     An overview of the security classification system.
d.     Employee reporting obligations and requirements.
e.     Security procedures and duties applicable to the employee's job.

2.    Keep cleared employees informed of appropriate changes in security regulations.

Here is another effective and easy to implement training tool.
Employed effectively outside of NISPOM circles, Security Education Training and Awareness (SETA) is training format used primarily in IT and non DoD formats. This is a simple and easy to implement training format that can be applied to NISPOM training.
Concerning the role of providing training, the facilitator should ask the question? “What skills do I have to offer?”  In other words, how does the trainer put together a training program to educate engineers, human resources, program managers and other cleared employees? How do they marry up the need to provide skills, develop processes and put Administrative, Technical, and Functional controls in place to implement a good security program?
Think SETA and employ it enterprise wide:
1.      Security-The program developed and implemented to protect classified information
2.    Education- Determine what information the enterprise requires to support the security program
3.    Training – Apply that education. Determine what matters to make enterprise successful at protecting the classified information
4.    Awareness- What regulations and policies (national and company levels) does the enterprise need to know?
The end state is to incorporate all of this into the NISPOM required training. The training should include all elements identified in the NISPOM and applied to all the business unit needs. One size doesn’t fit all where training is concerned. The NISPOM requirements are a guide and allow the flexibility of tailoring the training to meet individual and enterprise needs. Employing SETA principles can lead to a more productive training session.

See more about training requirements in our books Insider's Guide to Security Clearances and DoD Security Clearances and Contracts Guidebook.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Sunday, October 14, 2012

How do cleared contractors reproduce classified information?


John has a TOP SECRET document that he needs to copy and provide to attendees at a program meeting. He brings the issue to his program manager.

"Jane, I need to make copies of this document for the next critical design review. I think I'll need six copies, do you need some as well?" asks John.

Jane says, "No, but make sure you use the correct copier and store the copies in the TOP SECRET safe."

Just then the FSO walks by and overhears the conversation.
"Hi guys, are you talking about that TOP SECRET document? If so, you forgot one very critical step...."

Do you know what step the FSO is referring to?

Let's break this down to where we are on equal footing concerning the reproduction of classified material for all levels. Reproduction of any classified information should be kept to the minimum amount necessary. After all, we don't need to have our staff, resources, time and money tied up with protecting large volumes of unnecessary documents. It's just good business and national security practice to limit reproduction.

The reproduction of TOP SECRET information should not only be limited to the amount necessary, but related strictly to contract deliverables.  In other words, in the above dialog the TOP SECRET document can only be reproduced for the critical design review if it is a deliverable or otherwise with the consent of the Government Contracting Activity. Of course the next logical step is to ensure that the reproduction is limited to the amount necessary.

Now, what else is a factor to consider EXCLUSIVE to TOP SECRET? Here is a hint; TSCO.

The TOP SECRET Control Officer (TSCO) is responsible for maintaining accountability for TOP SECRET information. NISPOM 5-603 spells out that contractors must maintain records of TS reproduction for 2 years. SECRET and CONFIDENTIAL information does not have this requirement (it is, however, a great idea to account for the reproduction of SECRET and CONFIDENTIAL information in an information management system)

The FSO in the above situation correctly guided John and Jane in the right direction. Though they were going to copy and store the TS properly, they had not considered coordination with the TSCO. Always ask for assistance from the TSCO so they can account for, mark, and add copies to the document control system.

For more information about NISPOM Training, FSO Training or protecting classified contracts, visit www.redbikepublishing.com.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Wednesday, October 10, 2012

Do You Have the New ITAR?


Recently the DDTC published new unofficial ITAR with amendments. Over the years, changes have been minor. However, recent changes (July 2012, but posted in Oct) have added about 10 pages to the document. The minor changes include adding countries and new treaty considerations. However the most significant change is the 10 page supplement to part 126.
Here are some of the more major changes.
1.  Section 120.1 (c)
is completely rewritten from:
(c) Eligibility. Only U.S. persons (as defined in §120.15) and foreign governmental entities in the United States may be granted licenses or other approvals (other than retransfer approvals sought pursuant to this subchapter). Foreign persons (as defined in §120.16) other than governments are not eligible. U.S. persons who have been convicted of violating the criminal statutes enumerated in §120.27, who have been debarred pursuant to part 127 or 128 of this subchapter, who are the subject of an indictment involving the criminal statutes enumerated in §120.27, who are ineligible to contract with, or to receive a license or other form of authorization to import defense articles or defense services from any agency of the U.S. Government, who are ineligible to receive export licenses (or other forms of authorization to export) from any agency of the U.S. Government, who are subject to Department of State Suspension/Revocation under §126.7(a)(1) through (a)(7) of this subchapter, or who are ineligible under §127.7(c) of this subchapter are generally ineligible. Applications for licenses or other approvals will be considered only if the applicant has registered with the Directorate of Defense Trade Controls pursuant to part 122 of this subchapter. All applications and requests for approval must be signed by a U.S. person who has been empowered by the registrant to sign such documents.
to:
(c) Receipt of licenses and eligibility. (1) A U.S. person may receive a license or other approval pursuant to this subchapter. A foreign person may not receive such a license or other approval, except as follows:
(i) A foreign governmental entity in the United States may receive an export license or other export approval;
(ii) A foreign person may receive a reexport or retransfer approval; and
(iii) A foreign person may receive a prior approval for brokering activities.
Requests for a license or other approval, other than by a person referred to in paragraphs (c)(1)(i) and (c)(1)(ii) of this section, will be considered only if the applicant has registered with the Directorate of Defense Trade Controls pursuant to part 122 or 129 of this subchapter, as appropriate.
(2) Persons who have been convicted of violating the criminal statutes enumerated in §120.27 of this subchapter, who have been debarred pursuant to part 127 or 128 of this subchapter, who are subject to indictment or are otherwise charged (e.g., by information) for violating the criminal statutes enumerated in §120.27 of this subchapter, who are ineligible to contract with, or to receive a license or other form of authorization to import defense articles or defense services from any agency of the U.S. Government, who are ineligible to receive an export license or other approval from any other agency of the U.S. Government, or who are subject to a Department of State policy of denial, suspension or revocation under §126.7(a) of this subchapter, or to interim suspension under §127.8 of this subchapter, are generally ineligible to be involved in activities regulated under this subchapter.
2.  Part 120
Changes to Part 120 include new sections. Where the older version goes to 120.32, the new ITAR continues to 120.39 and identifies changes to NATO countries and new treaties.

3.  Section 123.26

Completely rewritten from:

§ 123.26 Recordkeeping requirement for exemptions.

When an exemption is claimed for the export of unclassified technical data, the exporter must maintain a record of each such export. The business record should include the following information: A description of the unclassified technical data, the name of the recipient end-user, the date and time of the export, and the method of transmission.
To:
§ 123.26 Recordkeeping for exemptions.
Any person engaging in any export, reexport, transfer, or retransfer of a defense article or defense service pursuant to an exemption must maintain records of each such export, reexport, transfer, or retransfer. The records shall, to the extent applicable to the transaction and consistent with the requirements of §123.22 of this subchapter, include the following information: A description of the defense article, including technical data, or defense service; the name and address of the end-user and other available contact information (e.g., telephone number and electronic mail address); the name of the natural person responsible for the transaction; the stated end-use of the defense article or defense service; the date of the transaction; the Electronic Export Information (EEI) Internal Transaction Number (ITN); and the method of transmission. The person using or acting in reliance upon the exemption shall also comply with any additional recordkeeping requirements enumerated in the text of the regulations concerning such exemption (e.g., requirements specific to the Defense Trade Cooperation Treaties in §126.16 and §126.17 of this subchapter).
[77 FR 16599, Mar. 21, 2012]
4.  Part 126
The most significant change is in Part 126. There is a 10 page table of Exclusions by USML Category and Country (Canada, Australia and United Kingdom. The table header follows:

Supplement No. 1 to Part 126*
USML Category
Exclusion
(CA)
§126.5
[Reserved for (AS)
§126.16]
(UK)
§126.17

Since many changes from year to year are not too dramatic, there is usually no need to get a new ITAR. However, the 2012 changes that occurred prior to fall are significant. If your copy of ITAR is not updated to reflect changes of July 12, you might need to update. Red Bike Publishing published a new ITAR updated in October 2012 available on Amazon.com. Do you have the latest ITAR?


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM