Cover designed by Jeffrey W. Bennett. NISPOM available at Red Bike Publishing |
Why is the
CLASSIFIED BY: Line so important? Let’s put it in perspective. Someone is
responsible for classification decisions and that person may be accountable for
their actions. This is also the person who can provide insight into security
violation investigations and etc. The impact; this is the person to go to for
research into the classification as well as who is accountable for
classification decisions good or bad. Let’s face it; someone has to answer for
their decisions. That’s why developing a process for deriving classified
information is so important.
So, we know the
requirements in the BY line, all we now need is a tool or process to identify
how to identify source documents for derivative classification. First, what
tool do we have available to research derivative classification? According to
DoD Security Clearance and Contracts guidebook, the NISPOM addresses
the requirement to account for TOP SECRET information. Well what about SECRET and CONFIDENTIAL? They
should probably be tracked as well. If not, how do you know what you have and
how many there are? Better yet, without a cataloging system, how can derivative
classifiers complete the picture of what they carried over as classified and
what the source documents, security classification guides (SCG) and DD Forms 254 are
available. Additionally, NISPOM also
requires the cleared
defense contractor to provide classified information within a reasonable
amount of time for a variety of reasons.
1. Reference
tools-One important tool in the process is the information management system
(IMS). An IMS can be a commercial software system available such as
SIMSSoftware or something more simple such as a Microsoft Excel Spreadsheet
listing all the assets and where they are located. The derivative
classification process can be easily tied into the IMS as a point of research
into source documents, SCGs, and DD Forms 254. The IMS can be researched to
provide the source documents as the reason for classification, and answer the
DERIVED FROM, DOWNGRADE ON and DECLASSIFY ON elements.
2. Training tools-Before cleared employees can
perform derivative classification, they must be trained. NISPOM lays out training
requirements. It’s up to you to provide that training. Without the
training, cleared employees won’t know how to perform their jobs. Additionally,
without training they aren’t authorized to perform the derivative
classification. So, how will they, write reports, design products, assemble end
items, perform test, modeling and simulations involving information deemed
classified by a classification authority?
3. Compilation
tools-One plus one equals elevendy. Sometimes the sum of the parts is greater
than the whole. Compiling unclassified elements or information may lead to a
classified product. How will you know? The subject matter experts do understand
and assembling a working group to analyze the DD Form 254, SCG, classified
source documents and other information
from tool 1 should be required. Invite the government and contractor project
managers, engineers, scientists, security professionals, etc into a solutions
working group to identify unclassified elements that may be classified or
classified elements that may warrant higher classification by compilation.
4. Identify export
controlled information- this tool may seem out of place, but it leads to the
final tool. Before we go to the final tool, consider items that may be export
controlled. Again, security managers may not be able to identify this and will
refer to a working group. The group can examine technologies and determine by
their nature whether or not they are export controlled based on State (ITAR) or Commerce EAR Department
requirements. You explain the rules and the subject matter experts can identify
tests, components, documents and etc that contain export controlled
information. Then, teach them to document and protect it.
5. Information
Product Guide-Assemble all the tools into a reference document listing elements
or entire compilations of relevant SCGs, DD Forms 254, source documents
(catalog or names only), end items and export controlled information. This is
for reference for both programs and security and will provide basis for smart
decisions.
6. Develop Public
Release Process-This is an enterprise function using program, leadership,
security, contracts, business development and HR as a minimum. In smaller
companies the same people may perform multiple critical functions. Use the
product from tool 5 to reference a process where speeches, presentations, articles,
products, and anything considered for public release is reviewed and documented
as decisions are made.
The CLASSIFIED BY: Line is an important part of documenting derivative classification. However, to do so properly, you need the right tools. Use these six tools to ensure training and performance that exceeds standards.
Derivative classifier training is available at
http://www.redbikepublishing.com/training/nispom-derivative-classifier-training/
Derivative classifier training is available at
http://www.redbikepublishing.com/training/nispom-derivative-classifier-training/
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. Jeff is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".
No comments:
Post a Comment