Here are 5 ISP Certification Questions you can try. Right out of ISP Certification-The Industrial Security Professional Exam Manual.
106. Which agency has classification authority and can authorize release of COMSEC information
to a foreign person?
a. NSA
b. DIA
c. CIA
d. DoD
e. DOE
107. The FSO, COMSEC and alternate COMSEC custodian shall be briefed by the _____ or their
designee.
a. Government representative
b. KMP
c. FSO
d. COR
e. Outgoing custodian
108. Initial reports submitted to the FBI must be followed up by:
a. Telephone reports and submitted to CSA in writing
b. Written reports and a copy submitted to CSA
c. Face to Face reports and submitted to CSA in writing
d. A and b
e. All of the above
109. When sending a report for changes in cleared Key Management Personnel, what information
must be included:
a. Level of clearance and when cleared; date and place of birth; social security numbers; citizenship;
status of exclusion from access
b. Special accesses; citizenship; date of employment; date of birth and current address; date of
facility clearance
c. Date of employment; clearance level and date; citizenship; social security number; status of
exclusion from access
d. Special accesses; date and place of birth; social security number; date of employment; status of
exclusion from access
e. Special access, level of clearance, citizenship
110. The _____ is required to periodically review existing Security Classification Guidance and
issue revisions:
a. FSO
b. CSA
c. GCA
d. DoD
e. Secretary of Defense
Scroll Down for the answers
106. Which agency has classification authority and can authorize release of COMSEC information
to a foreign person?
a. NSA (NISPOM 5-507)
b. DIA
c. CIA
d. DoD
e. DOE
107. The FSO, COMSEC and alternate COMSEC custodian shall be briefed by the _____ or their
designee.
a. Government representative (NISPOM 9-404)
b. KMP
c. FSO
d. COR
e. Outgoing custodian
108. Initial reports submitted to the FBI must be followed up by:
a. Telephone reports and submitted to CSA in writing
b. Written reports and a copy submitted to CSA (NISPOM 1-301)
c. Face to Face reports and submitted to CSA in writing
d. A and b
e. All of the above
109. When sending a report for changes in cleared Key Management Personnel, what information
must be included:
a. Level of clearance and when cleared; date and place of birth; social security numbers; citizenship;
status of exclusion from access (NISPOM 1-302g)
b. Special accesses; citizenship; date of employment; date of birth and current address; date of
facility clearance
c. Date of employment; clearance level and date; citizenship; social security number; status of
exclusion from access
d. Special accesses; date and place of birth; social security number; date of employment; status of
exclusion from access
e. Special access, level of clearance, citizenship
110. The _____ is required to periodically review existing Security Classification Guidance and
issue revisions:
a. FSO
b. CSA
c. GCA (NISPOM 4-103b)
d. DoD
e. Secretary of Defense
How did you do? Are you ready for the exam? If you need more practice, consider ISP Certification-The Industrial Security Professional Exam Manual, ISP Test Tips, or any number of related books at www.redbikepublishing.com
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing .
Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel".
Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training"
See Red Bike Publishing for print copies of:
Army Leadership,
The Ranger Handbook,
The Army Physical Readiness Manual,
Drill and Ceremonies,
The ITAR,and
The NISPOM
Information for the CIO, CSO, FSO, ISSO and other security professionals. Understanding NISPOM and ITAR compliance is tough. With over 12,000 cleared defense contractors, a majority of those don't have a security staff. We'll hope to help fill the gap. From security clearances to performing on classified contracts, you can find help here.
Monday, October 29, 2012
Friday, October 26, 2012
SETA and Annual Security Refresher Training
In the National Industrial Security Program Operating Manual
(NISPOM) world, cleared contractors know to perform training to better equip
cleared employees to protect classified information. This training comes under
many different names and programs; annual security awareness training, annual
refresher training, initial security training and required security briefings
among others. Some of the phrases are
interchangeable. For example, where the NISPOM requires annual security
refresher training, FSOs may conduct “annual refresher training” or similarly
worded training events.
The point is, regardless of the event title, cleared
contractors should conduct training to standards listed in NISPOM Chapter 3 and
defend the training with proper documentation. The training execution is left to
the contractor as long as the required elements are in place. As a refresher,
these elements are:
1.
Reinforce topics provided during the initial
security briefing
a.
A threat awareness briefing.
b.
A defensive security briefing.
c.
An overview of the security classification
system.
d.
Employee reporting obligations and
requirements.
e.
Security procedures and duties
applicable to the employee's job.
2.
Keep cleared employees informed of
appropriate changes in security regulations.
Here
is another effective and easy to implement training tool.
Employed effectively outside of NISPOM circles,
Security Education Training and Awareness (SETA) is training format used
primarily in IT and non DoD formats. This is a simple and easy to implement
training format that can be applied to NISPOM training.
Concerning the role of providing training, the facilitator
should ask the question? “What skills do I have to offer?” In other words, how does the trainer put
together a training program to educate engineers, human resources, program
managers and other cleared employees? How do they marry up the need to provide
skills, develop processes and put Administrative, Technical, and Functional
controls in place to implement a good security program?
Think SETA and employ it enterprise wide:
1.
Security-The program developed and implemented
to protect classified information
2.
Education- Determine what information the enterprise
requires to support the security program
3.
Training – Apply that education. Determine what
matters to make enterprise successful at protecting the classified information
4.
Awareness- What regulations and policies (national
and company levels) does the enterprise need to know?
The end state is to incorporate all of this into the NISPOM required training.
The training should include all elements identified in the NISPOM and applied
to all the business unit needs. One size doesn’t fit all where training is
concerned. The NISPOM requirements are a guide and allow the flexibility of
tailoring the training to meet individual and enterprise needs. Employing SETA
principles can lead to a more productive training session.
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM
Sunday, October 14, 2012
How do cleared contractors reproduce classified information?
John
has a TOP SECRET document that he needs to copy and provide to attendees at a
program meeting. He brings the issue to his program manager.
"Jane, I need to make copies of this document for the next critical design review. I think I'll need six copies, do you need some as well?" asks John.
Jane says, "No, but make sure you use the correct copier and store the copies in the TOP SECRET safe."
Just then the FSO walks by and overhears the conversation.
"Hi guys, are you talking about that TOP SECRET document? If so, you forgot one very critical step...."
Do you know what step the FSO is referring to?
Let's break this down to where we are on equal footing concerning the reproduction of classified material for all levels. Reproduction of any classified information should be kept to the minimum amount necessary. After all, we don't need to have our staff, resources, time and money tied up with protecting large volumes of unnecessary documents. It's just good business and national security practice to limit reproduction.
The reproduction of TOP SECRET information should not only be limited to the amount necessary, but related strictly to contract deliverables. In other words, in the above dialog the TOP SECRET document can only be reproduced for the critical design review if it is a deliverable or otherwise with the consent of the Government Contracting Activity. Of course the next logical step is to ensure that the reproduction is limited to the amount necessary.
Now, what else is a factor to consider EXCLUSIVE to TOP SECRET? Here is a hint; TSCO.
The TOP SECRET Control Officer (TSCO) is responsible for maintaining accountability for TOP SECRET information. NISPOM 5-603 spells out that contractors must maintain records of TS reproduction for 2 years. SECRET and CONFIDENTIAL information does not have this requirement (it is, however, a great idea to account for the reproduction of SECRET and CONFIDENTIAL information in an information management system)
The FSO in the above situation correctly guided John and Jane in the right direction. Though they were going to copy and store the TS properly, they had not considered coordination with the TSCO. Always ask for assistance from the TSCO so they can account for, mark, and add copies to the document control system.
"Jane, I need to make copies of this document for the next critical design review. I think I'll need six copies, do you need some as well?" asks John.
Jane says, "No, but make sure you use the correct copier and store the copies in the TOP SECRET safe."
Just then the FSO walks by and overhears the conversation.
"Hi guys, are you talking about that TOP SECRET document? If so, you forgot one very critical step...."
Do you know what step the FSO is referring to?
Let's break this down to where we are on equal footing concerning the reproduction of classified material for all levels. Reproduction of any classified information should be kept to the minimum amount necessary. After all, we don't need to have our staff, resources, time and money tied up with protecting large volumes of unnecessary documents. It's just good business and national security practice to limit reproduction.
The reproduction of TOP SECRET information should not only be limited to the amount necessary, but related strictly to contract deliverables. In other words, in the above dialog the TOP SECRET document can only be reproduced for the critical design review if it is a deliverable or otherwise with the consent of the Government Contracting Activity. Of course the next logical step is to ensure that the reproduction is limited to the amount necessary.
Now, what else is a factor to consider EXCLUSIVE to TOP SECRET? Here is a hint; TSCO.
The TOP SECRET Control Officer (TSCO) is responsible for maintaining accountability for TOP SECRET information. NISPOM 5-603 spells out that contractors must maintain records of TS reproduction for 2 years. SECRET and CONFIDENTIAL information does not have this requirement (it is, however, a great idea to account for the reproduction of SECRET and CONFIDENTIAL information in an information management system)
The FSO in the above situation correctly guided John and Jane in the right direction. Though they were going to copy and store the TS properly, they had not considered coordination with the TSCO. Always ask for assistance from the TSCO so they can account for, mark, and add copies to the document control system.
For more information about NISPOM Training, FSO Training or protecting classified contracts, visit www.redbikepublishing.com.
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM
Wednesday, October 10, 2012
Do You Have the New ITAR?
Recently the
DDTC published new unofficial ITAR with amendments. Over the years, changes
have been minor. However, recent changes (July 2012, but posted in Oct) have
added about 10 pages to the document. The minor changes include adding
countries and new treaty considerations. However the most significant change is
the 10 page supplement to part 126.
Here are some
of the more major changes.
1. Section 120.1 (c)
is completely
rewritten from:
(c) Eligibility. Only U.S. persons (as defined in
§120.15) and foreign governmental entities in the United States may be granted
licenses or other
approvals (other than retransfer approvals
sought pursuant to this subchapter). Foreign persons (as defined in
§120.16) other than governments are not eligible. U.S. persons who have been convicted of violating the criminal
statutes enumerated in §120.27, who have been debarred pursuant to part 127 or
128 of this subchapter, who are the subject of an indictment involving the
criminal statutes enumerated in §120.27, who are ineligible to contract with,
or to receive a license or other form
of authorization to import defense
articles or defense services from any agency
of the U.S. Government, who are ineligible to receive export licenses (or
other forms of authorization to export) from any agency of the U.S. Government,
who are subject to Department of State Suspension/Revocation under
§126.7(a)(1) through (a)(7) of this subchapter, or who are ineligible under
§127.7(c) of this subchapter are generally ineligible. Applications for licenses or
other approvals will be considered only if the applicant has registered
with the Directorate of Defense Trade Controls pursuant to
part 122 of this subchapter. All applications and requests for approval must be
signed by a U.S. person who has been
empowered by the registrant to sign such documents.
to:
(c)
Receipt of licenses and eligibility. (1) A U.S.
person may receive a license or other approval pursuant to this subchapter. A foreign
person may not
receive such a license or other approval, except
as follows:
(i)
A foreign governmental
entity in the United
States may receive an
export license or other export
approval;
(ii)
A foreign person may receive a reexport or retransfer approval;
and
(iii) A foreign person may receive a prior approval
for
brokering activities.
Requests
for
a license or other approval, other than
by
a person referred
to in paragraphs (c)(1)(i) and
(c)(1)(ii) of this
section,
will be considered only if the applicant has
registered with the Directorate of Defense Trade Controls pursuant to part 122 or 129 of this subchapter, as
appropriate.
(2)
Persons who have been
convicted of violating the
criminal statutes enumerated in §120.27 of this subchapter, who have been debarred
pursuant to part 127 or 128 of this subchapter, who are
subject to indictment
or are otherwise charged
(e.g., by information)
for violating the criminal statutes enumerated
in §120.27 of this subchapter, who are ineligible to contract
with, or to receive a license or other form
of authorization to import defense articles or defense
services from
any agency of the U.S.
Government, who are ineligible to receive an export license or other approval from any other agency of the U.S.
Government, or who are subject
to a Department of State policy of denial, suspension or
revocation under §126.7(a) of this subchapter,
or
to interim suspension under §127.8 of this
subchapter, are generally ineligible to be involved
in activities regulated
under this subchapter.
2. Part 120
Changes to Part 120 include new sections. Where the older
version goes to 120.32, the new ITAR continues to 120.39 and identifies changes
to NATO countries and new treaties.
3. Section 123.26
Completely
rewritten from:
§ 123.26
Recordkeeping requirement for
exemptions.
When an exemption is claimed for the export of unclassified technical data,
the exporter must maintain a record of each such export. The
business record should
include the following information: A description of the unclassified technical data, the name of the recipient end-user, the
date and time
of the export, and the method
of transmission.
To:
§
123.26 Recordkeeping for exemptions.
Any person engaging in any export, reexport, transfer,
or retransfer of a defense
article or defense service pursuant to
an exemption
must maintain records of each such
export, reexport,
transfer, or retransfer.
The
records shall, to the extent applicable to
the transaction
and consistent with the requirements of §123.22
of this subchapter, include the following information: A description of the defense article,
including technical data, or defense service;
the name and address of
the end-user and other available contact information
(e.g., telephone number and electronic mail
address); the name of the natural person responsible for the transaction;
the stated end-use of the defense article or defense service; the date of the transaction; the Electronic Export Information
(EEI) Internal
Transaction Number (ITN);
and the method of
transmission. The person
using
or acting in reliance upon the
exemption shall also
comply with any additional
recordkeeping requirements enumerated
in the text of the regulations concerning such exemption
(e.g., requirements specific to the
Defense Trade Cooperation
Treaties
in §126.16 and §126.17 of this subchapter).
[77 FR 16599, Mar.
21, 2012]
4. Part 126
The most significant change is in Part 126. There is a 10
page table of Exclusions by USML Category and Country (Canada, Australia and
United Kingdom. The table header follows:
Supplement No.
1 to Part 126*
|
||||
USML Category
|
Exclusion
|
(CA)
§126.5
|
[Reserved
for (AS)
§126.16]
|
(UK)
§126.17
|
Since many changes from year to year are not too dramatic,
there is usually no need to get a new ITAR. However, the 2012 changes that occurred
prior to fall are significant. If your copy of ITAR is not updated to reflect
changes of July 12, you might need to update. Red Bike Publishing published a
new ITAR updated in October 2012 available on Amazon.com. Do you have the
latest ITAR?
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM
Subscribe to:
Posts (Atom)