As a recap from the last article, we can apply the “Elements of Inspection” that are common to ALL cleared companies participating in the NISP. There are a few more elements that might be applied at unique cleared facilities, but facility security officers in those situations can adapt these articles to those specific needs. According to DSS’ The Self-Inspection Handbook for NISP Contractors, the five elements are:
(A) Facility Security Clearance (FCL)
(B) Access Authorizations
(C) Security Education
(D) FOCI(E) Classification
As in all cases, documentation is key. Here is an explanation of the requirements, what to look for and how to document.
FSO Training-As with all things leadership, the first place to start is at the top. The FSO should lead the way by ensuring their education is completed and documented as soon as possible. DSS provides FSO training and certification which can be found @ http://www.cdse.edu/toolkits/fsos/security-education.html
According to NISPOM paragraph 3-102 Training requirements shall be based on the facility's involvement with classified information and may include an FSO orientation course and for FSOs at facilities with safeguarding capability, an FSO Program Management Course. Training, if required, should be completed within 1 year of appointment to the position of FSO.
For many FSO’s assigned to larger defense contractors or are otherwise career security specialists, this requirement is not difficult. However, an FSO of a smaller organization being newly appointed to the position will have to consider time and resources necessary to free themselves up for the training.
Documentation: Keep all DSS certificates and transcripts.
Special Security Briefings/Debriefings-Again, starting at the top, the FSO should receive the initial required briefings from the Cognizant Security Office (CSO) (most cases Defense Security Services (DSS)). This initial briefing requirement carries with the authorization to flow down the briefings to authorized cleared contractors.
Documentation: Keep FSO and briefer signatures in a training file to present to DSS during the review.
Cleared Employees at other work locations-If cleared employees perform classified work at other locations, who will fulfill the security requirements? Some locations require residing cleared employees to take training at their worksites. Others require home organizations to provide the training. In some cased cleared employees must attend training provided by both host and home organization. Agreements should be in place to address the question and documentation available for proof of the training.
Documentation: Keep signature sheets, certificates or other items documenting who was trained, the date and type of training.
SF-312-Cleared employees should only sign the SF-312 when they are first awarded security clearances. FSOs should educate the employee with SF-312 training and ensure they understand what they are agreeing to. It’s not necessary to file fresh signatures each time a periodic reinvestigation is conducted or when an already cleared employee is hired by a new employer. However, these first signed SF-312s should be provided back to the cognizant security agency (CSA) signed by both subject and a witness.
If a subject refuses to sign the SF-312, this should be both documented on the 312 and reported to the CSA.
Documentation: Forward SF-312s and keep a record of when forwarded. Keep copy of SF-312 for records.
Initial Security Training-If an employee signs an SF-312, initial security training should be provided. This is different than what is provided in SF-312 training. Initial security training requires education in the following topics:
a. A threat awareness briefing.
b. A defensive security briefing.
c. An overview of the security classification system.
d. Employee reporting obligations and requirements.
e. Security procedures and duties applicable to the employee's job.
Documentation: Keep signature sheets, certificates or other items documenting who was trained, the date and type of training.
Security Refresher Training-FSOs should provide this training to cleared employees every year. The same initial security training topics are covered with the inclusion of any changes in security regulations since the last briefing. For newly cleared employees, this occurs after the first year of employment and is provided annually as long as the employee remains cleared.
Documentation: Keep signature sheets, certificates or other items documenting who was trained, the date and type of training.
As FSOs develop a self-inspection program, they should use the checklist as provided in The Self-Inspection Handbook for NISP Contractors. The checklist provides thought provoking questions that, when addressed, can better prepare the organization for the DSS annual review. Look for the next article featuring sample questions to ask cleared employees. These will make sure the enterprise understands and implements requirements in support of the security program.
(A) Facility Security Clearance (FCL)
(B) Access Authorizations
(C) Security Education
(D) FOCI(E) Classification
As in all cases, documentation is key. Here is an explanation of the requirements, what to look for and how to document.
FSO Training-As with all things leadership, the first place to start is at the top. The FSO should lead the way by ensuring their education is completed and documented as soon as possible. DSS provides FSO training and certification which can be found @ http://www.cdse.edu/toolkits/fsos/security-education.html
According to NISPOM paragraph 3-102 Training requirements shall be based on the facility's involvement with classified information and may include an FSO orientation course and for FSOs at facilities with safeguarding capability, an FSO Program Management Course. Training, if required, should be completed within 1 year of appointment to the position of FSO.
For many FSO’s assigned to larger defense contractors or are otherwise career security specialists, this requirement is not difficult. However, an FSO of a smaller organization being newly appointed to the position will have to consider time and resources necessary to free themselves up for the training.
Documentation: Keep all DSS certificates and transcripts.
Special Security Briefings/Debriefings-Again, starting at the top, the FSO should receive the initial required briefings from the Cognizant Security Office (CSO) (most cases Defense Security Services (DSS)). This initial briefing requirement carries with the authorization to flow down the briefings to authorized cleared contractors.
Documentation: Keep FSO and briefer signatures in a training file to present to DSS during the review.
Cleared Employees at other work locations-If cleared employees perform classified work at other locations, who will fulfill the security requirements? Some locations require residing cleared employees to take training at their worksites. Others require home organizations to provide the training. In some cased cleared employees must attend training provided by both host and home organization. Agreements should be in place to address the question and documentation available for proof of the training.
Documentation: Keep signature sheets, certificates or other items documenting who was trained, the date and type of training.
SF-312-Cleared employees should only sign the SF-312 when they are first awarded security clearances. FSOs should educate the employee with SF-312 training and ensure they understand what they are agreeing to. It’s not necessary to file fresh signatures each time a periodic reinvestigation is conducted or when an already cleared employee is hired by a new employer. However, these first signed SF-312s should be provided back to the cognizant security agency (CSA) signed by both subject and a witness.
If a subject refuses to sign the SF-312, this should be both documented on the 312 and reported to the CSA.
Documentation: Forward SF-312s and keep a record of when forwarded. Keep copy of SF-312 for records.
Initial Security Training-If an employee signs an SF-312, initial security training should be provided. This is different than what is provided in SF-312 training. Initial security training requires education in the following topics:
a. A threat awareness briefing.
b. A defensive security briefing.
c. An overview of the security classification system.
d. Employee reporting obligations and requirements.
e. Security procedures and duties applicable to the employee's job.
Documentation: Keep signature sheets, certificates or other items documenting who was trained, the date and type of training.
Security Refresher Training-FSOs should provide this training to cleared employees every year. The same initial security training topics are covered with the inclusion of any changes in security regulations since the last briefing. For newly cleared employees, this occurs after the first year of employment and is provided annually as long as the employee remains cleared.
Documentation: Keep signature sheets, certificates or other items documenting who was trained, the date and type of training.
As FSOs develop a self-inspection program, they should use the checklist as provided in The Self-Inspection Handbook for NISP Contractors. The checklist provides thought provoking questions that, when addressed, can better prepare the organization for the DSS annual review. Look for the next article featuring sample questions to ask cleared employees. These will make sure the enterprise understands and implements requirements in support of the security program.
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".
No comments:
Post a Comment