Tuesday, October 22, 2013

Try these ISP Certification Test Questions


1.      In the Protection Profile Table for Confidentiality, which Data Transmission is required for PL1?
a.            Trans 1 
b.            Trans 2
c.             Trans 3, 4
d.            Trans 5
e.             Trans 6

2.      Which entity is required to review and revise Contract Security Classification Specification when change occurs?
a.            CSO
b.            GCA 
c.             CSA
d.            FSO
e.             GSA

3.      Which are appropriate page markings for a document classified at the SECRET level?
a.            SECRET, TOP SECRET, SENSITIVE, CONFIDENTIAL
b.            CONFIDENTIAL, SECRET, UNCLASSIFIED 
c.             CONFIDENTIAL, FOUO, TOP SECRET
d.            UNCLASSIFIED, FOUO, SENSITIVE
e.             All the above






Scroll down for answers





1.      In the Protection Profile Table for Confidentiality, which Data Transmission is required for PL1?
a.            Trans 1 (NISPOM Chapter 8 Table 5)
b.            Trans 2
c.             Trans 3, 4
d.            Trans 5
e.             Trans 6

2.      Which entity is required to review and revise Contract Security Classification Specification when change occurs?
a.            CSO
b.            GCA (NISPOM 4-103b)
c.             CSA
d.            FSO
e.             GSA

3.      Which are appropriate page markings for a document classified at the SECRET level?
a.            SECRET, TOP SECRET, SENSITIVE, CONFIDENTIAL
b.            CONFIDENTIAL, SECRET, UNCLASSIFIED (NISPOM 4-204)
c.             CONFIDENTIAL, FOUO, TOP SECRET
d.            UNCLASSIFIED, FOUO, SENSITIVE
e.             All the above



Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Wednesday, October 16, 2013

New ITAR Guidelines

The unofficial ITAR has been updated. The three affected parts are: Part 120, Part 123 and Part 126. Some of the changes include paragraphs that were formerly categorized as "reserved". The changes equal 20 additional pages to a 5 x 6 book publication of the ITAR. That's pretty significant. In fact Part 126.16 is such a paragraph formerly marked as "reserved" and now is filled with 5500 words of text.

Let's take a look at the exemption to the Defense Trade Cooperation Treaty between the United States and Australia. This paragraph defines transfer, export, retransfer, reexport, Australian Community, United States Community and other relevant terms. It also explains which exports qualify for licensing exemptions. Though the information addresses transfer of export controlled items between the US and Australia, this article is written to  provide a rule of thumb in handling all cases of export controlled information, articles and services.

Paragraph 126.16 also addresses the export of Defense Articles both classified and unclassified. For example, it reminds us that "U.S.-origin classified defense articles or defense services may be exported only pursuant to a written request, directive, or contract from the U.S. Department of Defense that provides for the export of the classified defense article(s) or defense service(s)."

Paragraph 126.16 j. further identifies the required markings based on the classification level of the export and refers to the National Industrial Security Program Operating Manual (NISPOM).

The lesson here is for government and contractors to properly identify defense articles and information, proprietary data, classified information, technical data, where it resides. Without proper identification and protection, an unauthorized export could occur. The unauthorized activity could be mistakenly exporting an item as exempt from licensing where a license is actually required. Another example would be providing export controlled information in a briefing when non-US persons should be excluded from that briefing and so on.

To prevent unauthorized exports, follow the simple rule of thumb. The government identifies and properly marks the information as government owned, controlled, for official use only, critical technology and etc. The contractor is bound to heed the protection requirements. This includes contract sensitive, research and development, plans, drawings and other government program items. The contractor must also identify customer furnished equipment and treat any contract related items, by products and etc. with the same level of sensitivity as identified by the government and other contractors.

The next step would be selecting countermeasures such as: marking the items, limiting access to US persons, or even enforcing need to know should be established to limit any chance of unauthorized export, "deemed" or otherwise. Confusion over whether or not something is exportable, whether or not a license is required or the items are exempt is eliminated when employees can easily identify what is export controlled.


For a printed copy of ITAR and the NISPOM, visit www.redbikepublishing.com






 Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Thursday, October 10, 2013

The Standard Form (SF) 312 is revised

NISOM
The Standard Form (SF) 312 is revised

In July 2013 the SF 312, Classified Information Nondisclosure Agreement, was updated to reflect language from the 2011 Public Law 112-74, Financial Services and General Government Appropriations Act and 2012 Public Law 112-199, Whistle blower Protection Enhancement Act (WPEA).

The WPEA (law) lays out protection in place for those employees who report instances of fraud, waste and abuse and the language is being added to many forms include non-disclosure agreement. Cleared employees are required to report adverse information concerning themselves and other cleared employees. This adverse information is anything that would question a person’s loyalty and ability to protect classified material. Additionally, cleared employees should report any information concerning changes in protective measures at a cleared facility that would indicate classified information would not be adequately protected as originally intended.

So, why is the WPEA language included?

Reporting adverse information is a requirement of all cleared employees who observe questionable practices concerning an employee’s ability to protect classified information. Though a daunting task, reporting this information is an expectation levied on cleared employees. Adverse information reporting is part of the continuous evaluation process and used to determine whether or not a cleared person is still trustworthy of having access to classified information.

The WPEA language might seem out of scope for a document requiring the continuous protection of classified information. However, this language is not a warning to employees reminding them of an obligation, but a legal requirement for employers to protect employees who report instances of fraud, waste and abuse. This reporting applies to derivative information reporting, classification challenges and etc. Fraud, waste and abuse issues can be reported on processes, machinery, costs and etc used within a national security structure. An employee can better report what might be classified information concerning fraud, waste and abuse within the classified channels. Without this language, an employee may not know how report such instances.

So now what?

Include this language while providing NISPOM training. Train your employees on the SF 312, security awareness, security refresher and other training. Need ideas, check this out.



The revised SF 312 dated 7-2013 is posted in the General Services Administration (GSA) forms library on their website and can be directly downloaded here. There is no requirement to resign and execute a new SF 312, previously executed forms are still valid.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

marcus evans ITAR Compliance WEST Conference

Executives from the Aerospace, Defense, Satellite and Similar Industries to Share Best Practices and Lessons Learned at the marcus evans ITAR Compliance WEST Conference 

Navigating the Complexities of the Changing Compliance Structure through Improved Operational Communication, Language Interpretation and Jurisdictional Understanding 

San Diego, CA– September 27, 2013– marcus evans, the world’s largest event management group, will host the ITAR Compliance WEST Conference, November 18-20, 2013 in San Diego, CA. Executives across the Aerospace, Defense, Satellite and similar industries will share their thoughts and practices for compliance with the ever-evolving export regulations. DRS Technologies, Raytheon, Northrop Grumman, Virgin Galactic, Lockheed Martin Space Systems Company, Maxim Integrated and many other will be discussing their challenges and efforts with past and future upcoming reforms efforts.

October 15, 2013, new rules are expected to go into effect changing the current status of exports. Positive steps have been made to increase efficiency and ease the impact of these recent and ever changing regulations and the marcus evans ITAR Compliance WEST Conference will tackle the latest obstacles and pressing issues in the industry while highlighting how organizations stay competitive in today’s global atmosphere. 

Attending this marcus evans conference will enable executives to: 
- Manage the transition from ITAR to EAR and review recent changes to the Export Control Reform Initiative 

- Develop new compliance structure methods and data sharing techniques - Grasp new definitions and language found in the recently released regulations 

- Review prior violations and corrections and identify best practices 

- Explore upcoming regulation releases and what the future holds for ITAR Compliance

For more information on this conference or to get a complete list of speakers or sessions, please visit http://www.marcusevans-conferences-northamerican.com/ICW2013_PRelease or email Tyler Kelch, Media & PR Coordinator, tylerke@marcusevansch.com

About marcus evans 

marcus evans conferences annually produce over 2,000 high quality events designed to provide key strategic business information, best practice and networking opportunities for senior industry decision-makers. Our global reach is utilized to attract over 30,000 speakers annually, ensuring niche focused subject matter presented directly by practitioners and a diversity of information to assist our clients in adopting best practice in all business disciplines.



Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Wednesday, October 2, 2013

How to get ready for the DSS Inspection

NISPOM
As mentioned in an earlier article, NISPOM Change 1 requires Derivative Classification Training and Record keeping Guidance. This guidance requires that the cleared contractor provide cleared personnel with initial Derivative Classification Training and follow up and at least once every 2 years. The training topics are vital to the cleared contractor performing on classified contracts.  Properly trained employees reduce the risk of unauthorized disclosure of classified information.

Currently this training can be put in place at the cleared contractor’s initiative. The sooner training is implemented the better. The Defense Security Services will be publishing an Industrial Security Letter (ISL) that provides instruction for conducting training including a “trained by” date to meet the requirements of the recent NISPOM changes. Why not begin the training now and be prepared for success before DSS gives the deadline for conducting training. Remember, if not trained, cleared employees cannot perform on classified work requiring derivative classification. That’s a lot of missed.

Remember that DSS is in the business of auditing. They are more than capable of both helping a company succeed with good training and working relationships, but they are also just as equipped to find security violations. Failure to protect classified information is a security violation. Failures are often caused by mismarked materials.

For example, after reviewing requirements of a DD Form 254 and statement of work, the industrial security representative discovers that derivative classification work has been occurring since the contract award a year prior. However, training records indicate that the derivative classification training had only been conducted in the last two weeks (while preparing for the inspection).  It wouldn’t be hard to deduce that there is a possible security violation and perhaps a review of classified inventory is in order.

So, how can you prepare to meet this challenge? 

Cleared contractors can refer to NISPOM paragraph 4-102 and develop training based on the directed subjects. Document that training and schedule follow-up training in two years. A good practice is to provide a copy of the training with training signatures or certificates. That way DSS can determine who was trained and whether or not the derivative classification training conformed to NISPOM Change 1.

No time to write training?

You can find training though professional organizations, at the DSS website or here




Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".