Friday, May 24, 2013

Why is the CLASSIFIED BY: Line so important?

Cover designed by Jeffrey W. Bennett.
NISPOM available at Red Bike Publishing

Why is the CLASSIFIED BY: Line so important? Let’s put it in perspective. Someone is responsible for classification decisions and that person may be accountable for their actions. This is also the person who can provide insight into security violation investigations and etc. The impact; this is the person to go to for research into the classification as well as who is accountable for classification decisions good or bad. Let’s face it; someone has to answer for their decisions. That’s why developing a process for deriving classified information is so important.

So, we know the requirements in the BY line, all we now need is a tool or process to identify how to identify source documents for derivative classification. First, what tool do we have available to research derivative classification? According to DoD Security Clearance and Contracts guidebook, the NISPOM addresses the requirement to account for TOP SECRET information.  Well what about SECRET and CONFIDENTIAL? They should probably be tracked as well. If not, how do you know what you have and how many there are? Better yet, without a cataloging system, how can derivative classifiers complete the picture of what they carried over as classified and what the source documents, security classification guides (SCG) and DD Forms 254 are available.  Additionally, NISPOM also requires the cleared defense contractor to provide classified information within a reasonable amount of time for a variety of reasons.

1. Reference tools-One important tool in the process is the information management system (IMS). An IMS can be a commercial software system available such as SIMSSoftware or something more simple such as a Microsoft Excel Spreadsheet listing all the assets and where they are located. The derivative classification process can be easily tied into the IMS as a point of research into source documents, SCGs, and DD Forms 254. The IMS can be researched to provide the source documents as the reason for classification, and answer the DERIVED FROM, DOWNGRADE ON and DECLASSIFY ON elements.

2.  Training tools-Before cleared employees can perform derivative classification, they must be trained. NISPOM lays out training requirements. It’s up to you to provide that training. Without the training, cleared employees won’t know how to perform their jobs. Additionally, without training they aren’t authorized to perform the derivative classification. So, how will they, write reports, design products, assemble end items, perform test, modeling and simulations involving information deemed classified by a classification authority?

3. Compilation tools-One plus one equals elevendy. Sometimes the sum of the parts is greater than the whole. Compiling unclassified elements or information may lead to a classified product. How will you know? The subject matter experts do understand and assembling a working group to analyze the DD Form 254, SCG, classified source documents and other  information from tool 1 should be required. Invite the government and contractor project managers, engineers, scientists, security professionals, etc into a solutions working group to identify unclassified elements that may be classified or classified elements that may warrant higher classification by compilation.

4. Identify export controlled information- this tool may seem out of place, but it leads to the final tool. Before we go to the final tool, consider items that may be export controlled. Again, security managers may not be able to identify this and will refer to a working group. The group can examine technologies and determine by their nature whether or not they are export controlled based on State (ITAR) or Commerce EAR Department requirements. You explain the rules and the subject matter experts can identify tests, components, documents and etc that contain export controlled information. Then, teach them to document and protect it.

5. Information Product Guide-Assemble all the tools into a reference document listing elements or entire compilations of relevant SCGs, DD Forms 254, source documents (catalog or names only), end items and export controlled information. This is for reference for both programs and security and will provide basis for smart decisions.

6. Develop Public Release Process-This is an enterprise function using program, leadership, security, contracts, business development and HR as a minimum. In smaller companies the same people may perform multiple critical functions. Use the product from tool 5 to reference a process where speeches, presentations, articles, products, and anything considered for public release is reviewed and documented as decisions are made.

The CLASSIFIED BY: Line is an important part of documenting derivative classification. However, to do so properly, you need the right tools. Use these six tools to ensure training and performance that exceeds standards.

Derivative classifier training is available at 
http://www.redbikepublishing.com/training/nispom-derivative-classifier-training/


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training,  and recommends export compliance and intellectual property protection countermeasures. Jeff is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

No comments: