Tuesday, June 24, 2014

ISP Certification and NISPOM Study Questions


Try your knowledge of the NISPOM and apply your experience as an industrial security professional with these challenging questions:

1.      The minimum investigation requirement for SECRET FRD is:
a.            NACLC
b.            XNAC
c.             SSBI
d.            NAC
e.             Polygraph
2.      Only contractors with access to RD and FRD can be designated as _____ employees as:
a.            FRD Classifiers
b.            RD Classifiers
c.             NRC Classifiers
d.            DOE Classifiers
e.             DoD Classifiers
3.      Cleared contractor employees must be briefed by the _____ prior to having access to CNWDI.
a.            CSA
b.            GCA
c.             DOE
d.            NRC
e.             FSO
4.      Accountability records for COSMIC TOP SECRET ATOMAL must be maintained for:
a.            10 years
b.            2 years
c.             5 years
d.            3 years
e.             4 years




**************No Peeking-Keep scrolling when ready for answers****************




1.      The minimum investigation requirement for SECRET FRD is:
a.            NACLC (NISPOM 9-104e)
2.      Only contractors with access to RD and FRD can be designated as _____ employees as:
b.            RD Classifiers (NISPOM 9-105b)
3.      Cleared contractor employees must be briefed by the _____ prior to having access to CNWDI.
e.             FSO (NISPOM 9-202)
4.      Accountability records for COSMIC TOP SECRET ATOMAL must be maintained for:
a.            10 years (NISPOM 10-717d)
 For more helpful hints and study resources, see Red Bike Publishing’s Unofficial Guide to ISP Certification and NISPOM Training ideas.


  

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Saturday, June 21, 2014

Self-Inspection of the Enterprise

As a continuation from the last article, let’s look at a few more security education questions. The last article discussed some time-proven practices to present and document NISPOM training for cleared employees. This article will look at required reports as security education will be reviewed during the scheduled DSS visit.

While answering these self-inspection questions, FSOs might consider interviewing cleared employees to gauge 
their 
understanding of requirements. The interview should also include opportunities for the employees to demonstrate how they execute policy. Knowledge of policy is not enough. FSOs should document a cleared employee’s response of what to do and how to perform when required as a means to demonstrate that knowledge. 

The following are some questions from the self-inspection handbook:

Are cleared employees debriefed at the time of a PCL’s termination, suspension, revocation, or upon termination of the FCL?

Just because a cleared employee is no longer provided access to classified information doesn’t mean all of their knowledge and experience is sanitized from their brains. It also doesn’t mean that they will completely understand what to do with that knowledge if challenged to reveal it. 

Knowledge is hard to control and even harder when the former employee is outside of the defense network. They are no longer under continuous evaluation and we don't know what the employee will do with all the great stuff stored in their head. The best thing an FSO can do is to debrief them, have them understand their continued responsibility to not disclose classified information and have them sign acknowledgement stating their understanding. FSOs should not leave this to chance. When at all possible, a face to face briefing is the best method.

Terminated employees can be a challenge. It’s very difficult to conduct a debrief interview with a person who feels wronged by the organization. But, it’s national security and classified information is at stake. FSOs should not be satisfied with an administrative actions, meaning, allowing an employee to leave without the actual face to face debriefing. This requires coordination with Human Resources and having them comprehend the importance of keeping the FSO abreast of hiring and firing actions. 

Document the debriefings with signatures and dates. This can be easily done by reminding them of their continued responsibility to protect classified information and having them sign and date.

Is there an effective procedure for submission of required reports to the FBI and to DSS? 

There are reports required of each office. However, the employees should understand that the first stop is the FSO. Not that the FSO should attempt to arbitrate issues, but many employers have policy stating that employees should not report company issues without the enterprise’s knowledge unless as a last resort. Many companies have policy dictating how to report information outside of the organization. There is no reason to violate this policy in most circumstances.

This reporting method should also be enforced for instances of:

Instances of fraud through the DoD Hotline-DSS inspects on the availability of posters in obvious areas. Bulletin boards make a great location as announcements are usually posted there. FSOs might also post them where required OSHA posters exist. Write up a map with all posters, flyers, pamphlets and other security education tools are available. Document their presence and show them to DSS during the review.

Cyber Intrusions-monitor and report all intrusions. Work out the analysis and reporting details with the IT and cyber professionals and ensure they know to report these intrusions. Document the events as well as when and what is reported.

Adverse information-Develop a culture where employees can report credible information about a cleared employee’s (including themselves) ability to protect classified information. Report and document all reports to demonstrate during the DSS audit.

Security Violations-save all reports of security violations and the results of investigations. For security violations that include loss, compromise or suspected compromise, these could include preliminary, initial, follow-up, final and culpability reports. Keep reports on file and any records of submissions to the cognizant security activity.

Suspicious contacts-cleared employees should understand to report any efforts to obtain illegal or unauthorized access to classified information or to compromise a cleared employee, contacts by a foreign intelligence officer from any country or information that a cleared employee may be targeted. Document training and any submitted reports.

Security awareness training includes checking on how the employees implement training as required by NISPOM. It’s one thing to show a presentation of required reports and debriefing employees. It’s another to have requirements woven into corporate policy and work instructions. Asking cleared employees to demonstrate their responsibilities or employing scenarios are great ways to check on knowledge. If actual events are reported to the FSO, they should be documented for review during the DSS visits.


                              

Sunday, June 15, 2014

Security Education for FSOs and Cleared Employees

As a recap from the last article, we can apply the “Elements of Inspection” that are common to ALL cleared companies participating in the NISP. There are a few more elements that might be applied at unique cleared facilities, but facility security officers in those situations can adapt these articles to those specific needs. According to DSS’ The Self-Inspection Handbook for NISP Contractors, the five elements are:

(A) Facility Security Clearance (FCL)
(B) Access Authorizations
(C) Security Education
(D) FOCI
(E) Classification

As in all cases, documentation is key. Here is an explanation of the requirements, what to look for and how to document.

FSO Training-As with all things leadership, the first place to start is at the top. The FSO should lead the way by ensuring their education is completed and documented as soon as possible. DSS provides FSO training and certification which can be found @ http://www.cdse.edu/toolkits/fsos/security-education.html

According to NISPOM paragraph 3-102 Training requirements shall be based on the facility's involvement with classified information and may include an FSO orientation course and for FSOs at facilities with safeguarding capability, an FSO Program Management Course. Training, if required, should be completed within 1 year of appointment to the position of FSO.

For many FSO’s assigned to larger defense contractors or are otherwise career security specialists, this requirement is not difficult. However, an FSO of a smaller organization being newly appointed to the position will have to consider time and resources necessary to free themselves up for the training.

Documentation: Keep all DSS certificates and transcripts.

Special Security Briefings/Debriefings-Again, starting at the top, the FSO should receive the initial required briefings from the Cognizant Security Office (CSO) (most cases Defense Security Services (DSS)). This initial briefing requirement carries with the authorization to flow down the briefings to authorized cleared contractors.

Documentation: Keep FSO and briefer signatures in a training file to present to DSS during the review.

Cleared Employees at other work locations-If cleared employees perform classified work at other locations, who will fulfill the security requirements? Some locations require residing cleared employees to take training at their worksites. Others require home organizations to provide the training. In some cased cleared employees must attend training provided by both host and home organization. Agreements should be in place to address the question and documentation available for proof of the training.

Documentation: Keep signature sheets, certificates or other items documenting who was trained, the date and type of training.

SF-312-Cleared employees should only sign the SF-312 when they are first awarded security clearances. FSOs should educate the employee with SF-312 training and ensure they understand what they are agreeing to. It’s not necessary to file fresh signatures each time a periodic reinvestigation is conducted or when an already cleared employee is hired by a new employer. However, these first signed SF-312s should be provided back to the cognizant security agency (CSA) signed by both subject and a witness.

If a subject refuses to sign the SF-312, this should be both documented on the 312 and reported to the CSA.

Documentation: Forward SF-312s and keep a record of when forwarded. Keep copy of SF-312 for records.

Initial Security Training-If an employee signs an SF-312, initial security training should be provided. This is different than what is provided in SF-312 training. Initial security training requires education in the following topics:

a. A threat awareness briefing.
b. A defensive security briefing.
c. An overview of the security classification system.
d. Employee reporting obligations and requirements.
e. Security procedures and duties applicable to the employee's job.

Documentation: Keep signature sheets, certificates or other items documenting who was trained, the date and type of training.

Security Refresher Training-FSOs should provide this training to cleared employees every year. The same initial security training topics are covered with the inclusion of any changes in security regulations since the last briefing. For newly cleared employees, this occurs after the first year of employment and is provided annually as long as the employee remains cleared.

Documentation: Keep signature sheets, certificates or other items documenting who was trained, the date and type of training.

As FSOs develop a self-inspection program, they should use the checklist as provided in The Self-Inspection Handbook for NISP Contractors. The checklist provides thought provoking questions that, when addressed, can better prepare the organization for the DSS annual review. Look for the next article featuring sample questions to ask cleared employees. These will make sure the enterprise understands and implements requirements in support of the security program.




Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".