Tuesday, February 17, 2015

NISPOM Based Study Questions for Security Certification



The following NISPOM Training is meant to augment your NCMS ISP Certification education, not replace it. Download NISPOM to your computer and try your experience against this open book practice test. So, here are some NISPOM based practice questions to help you prepare: 

1. Prior to having access to COMSEC, _____ must have a final PCL at the appropriate level for the material of the account:
a. FSO
b. COMSEC custodian
c. Alternate COMSEC custodian
d. All the above
e. None of the above


2. Disclosure authorizations may manifest by which of the following:
a. Export license
b. Technical assistance agreement
c. Letter of authorization or exemption to export requirements
d. Manufacturing license agreement
e. All the above

3. Which of the following is NOT required on a Visit Authorization Letter?
a. Contractors Name
b. Level of FCL
c. Name of person to be visited
d. Contractors Social Security Number
e. Contractors Telephone Number

4. Which situation does not require use of IS security controls as logon authenticators when each person has access to work station and security container?
a. When work stations are stand alone
b. When each person has proper clearance level but not need to know
c. As long as each person has need to know
d. As long as each person has appropriate level of clearance and need to know
e. As long as each person can access closed area

5. The contractor should have approval of the _____ prior to requesting export authorization.
a. Contracts manager
b. GCA
c. CSA
d. FSO
e. None of the above







Scroll down for answers:






1. Prior to having access to COMSEC, _____ must have a final PCL at the appropriate level for the material of the account:
a. FSO
b. COMSEC custodian
c. Alternate COMSEC custodian
d. All the above (NISPOM 9-402a)
e. None of the above


2. Disclosure authorizations may manifest by which of the following:
a. Export license
b. Technical assistance agreement
c. Letter of authorization or exemption to export requirements
d. Manufacturing license agreement
e. All the above (NISPOM 10-200)

3. Which of the following is NOT required on a Visit Authorization Letter?
a. Contractors Name
b. Level of FCL
c. Name of person to be visited
d. Contractors Social Security Number (NISPOM 6-104)
e. Contractors Telephone Number

4. Which situation does not require use of IS security controls as logon authenticators when each person has access to work station and security container?
a. When work stations are stand alone (NISPOM 8-303c)
b. When each person has proper clearance level but not need to know
c. As long as each person has need to know
d. As long as each person has appropriate level of clearance and need to know
e. As long as each person can access closed area

5. The contractor should have approval of the _____ prior to requesting export authorization.
a. Contracts manager
b. GCA (NISPOM 10-201)
c. CSA
d. FSO
e. None of the above

If you want more, see our book Red Bike Publishing's Unofficial Guide to ISP Certification only at http://www.redbikepublishing.com





Most Helpful Customer Reviews

5 of 5 people found the following review helpful
By Lisa M. Doman on November 18, 2008
Format: Paperback
Like many seasoned industrial security representatives, I feel like I know it all. I have been in this industry almost 25 years; I know where to look for answers, and I have my contacts. But one day it occurred to me just how much has changed during my career - enter the Internet, enter computer based training, enter instant security clearances (Interims), enter the JPAS/e-QIP interface, enter diminished contact with my cleared employees and visitors. Admitting that the contact with my cleared employees is not as intimate as it used to have to be, somehow I felt that I was loosing touch with my own skill set because of it. Jeffrey Bennett's book is very insightful into our industry, for he works with and supports, and motivates, this industry. You should consider buying the ISP Certification - The Industrial Security Professional Exam Manual, and spend 30 minutes with it each evening after work. Reinvigorate yourself. Give your imagination and professional growth some quiet stimulation. Remember. Refresh yourself. The best security education dollar you can spend, and not even leave home.
1 Comment  Was this review helpful to you?  YesNo
2 of 2 people found the following review helpful
By Jasmine C. on September 15, 2011
Format: Paperback
After receiving this book, I quickly skimmed through it prior to sitting down for a close study. My initial reaction was to wonder just how much information I could learn based on the fact that most of the book was dedicated to practice tests. When I finally took the time to sit down and read it, I was surprised at just how much information it contains. The book tells you how to prepare, to include learning all security disciplines, how to manage your time, and how to study the NISPOM. The practice tests are a great opportunity to time yourself, and help to identify areas of weakness. I truly recommend this book for anyone considering the ISP Certification... it is a great tool to have!
1 Comment  Was this review helpful to you?  YesNo
Format: Paperback
Written by a security consult of twenty-two years of experience in military intelligence, contracting and security, ISP Certification: The Industrial Security Professional Exam Manual is a instructional resource created to provide career security specialists with what they need to know to protect our nation's secrets. The text offers practical advice for security professionals and a working understanding of the NISPOM and Presidential Executive Orders implementing the National Industrial Security Program, but the heart of ISP Certification is its four practice tests designed to probe the depths of one's knowledge. An absolute "must-have" for anyone in federal positions requiring a thorough knowledge of security procedures, and highly recommended for the libraries of federal agencies.
Comment  Was this review helpful to you?  YesNo
1 of 1 people found the following review helpful
By Fred Twitty on May 8, 2010
Format: Paperback
As a retired US Army, Chief Warrant Officer Five (CW5), Counteringelligence Officer; former Special Agent, Defense Investigative Service (DIS); former Special Agent Defense Secuirty Service (DSS); former US Army Liaison Officer to Headquarters, Department of Defense (DoD), Alexandria, VA, Counterintelligence Division for Counterintelligence Issues, and former owner of a Small Veteran's Business, under a DoD contract to conduct Background Investigations for DoD Personnel Security Clearances, I consider this book to be brief and it makes the complex simple. This ISP Manual is a must for those preparing to take the ISP Certification Exam.
1 Comment  Was this review helpful to you?  YesNo
1 of 1 people found the following review helpful
By S. Koryta on June 8, 2010
Format: Paperback
Mr. Bennett once again has assisted me in my endeavors as a security and protection professional. His book not only assists in helping you prepare for the ISP certification, it provides first hand insight and mentoring on how to advance your career goals in this complex field. In using his study guide, one can get a real understanding of how the certification process is and study to overcome the challenges of taking the exam. The one recommendation I can say is to combine it with the pocket edition, so you can take and read while on the metro to work.
Comment  Was this review helpful to you?  YesNo
1 of 1 people found the following review helpful
By Diane Griffin on January 9, 2009
Format: Paperback
As a seasoned security professional, I found the Industrial Security Professional Exam Manual to be very clear, brief and consise.

The ISP manual is a must read for anyone anticipating taking the ISP exam. Whether you are a seasoned security professional or a newbie to the world of security, this book is a keeper.

Thank you for putting out such a Great Book

Diane Griffin
President/CEO
Security First & Associates LLC


 Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Security Bad Habits #1

Let's take a look at bad security habits and how to avoid them. We'll take on one at a time.
# 1. Not marking working papers. 

You might think it's okay to mark them later. You might be on a roll and can't stop for details. Whatever, stop making excuses and mark them immediately. You'll be glad you did.

Here's how to do it right

Working papers containing classified information shall be:

  • dated when created-Do this immediately, don't wait. Pretty soon you may find your security container filled with working papers and you have no idea of classification level or how old they are, and you've run out of time to mark them properly before you have to explain to DSS.
  • marked with the highest classification of any information contained in them-if the working papers are a result of classified experiments, research, or some other data, refer to the appropriate classification guidance, DD Form 254, contract or source and find out the classification level, what is classified, and why.
  • protected at that level-lock it up in the appropriate container, set alarms, put on cover sheet, enforce security clearance and need to know.
  •  destroyed when no longer needed - if you don't need it, get rid of it. Clear out that GSA Approved Container, open storage shelf, or vault. There is no reason to keep classified information once its usefulness is over.

No longer working papers when:

Your own decision

If you decide to keep the working papers, mark and protect them as you would a finished classified document. Deciding to keep a working paper is easy to figure out, just identify it as something needed in permanent storage and mark it accordingly. 

Overcome by events

Some events may take over that decision requiring automatic treatment of working papers as a classified document. In this case, they have just become overcome by events (OBE). Whether deliberate decisions to keep or just plain OBE, there are additional classification marking considerations in the NISPOM

Such OBE cases include when working papers are:

  • released outside of the facility-If this classified information is needed at another organization for a meeting or other reason, mark and treat it as permanent classified document.
  •  retained for more than 180 days from the date of the origin-You might not want to keep it forever, but if you keep it more than 180 days it's OBE; mark it as a permanent document. 
  • e-mailed within or  released outside the originating activity. Email = OBE. If it leaves the information system it resides on via email, then mark it as a permanent document.


Bottom line; If you need it, keep it. Just make sure that it officially becomes part of your classified inventory. If OBE, treat it as a permanent document.

More bad habit fighting examples coming. If you would like to contribute example bad habits for this blog or newsletter, send it over.

For more ways to overcome bad habits, see our book: DOD Security Clearance and Contracts Guidebook.



                                                                 

Monday, February 2, 2015

Public Disclosure of Information Pertinent to a Classified Contract

By applying the five “Elements of Inspection” that are common to ALL cleared companies participating in the NISP, and the additional elements that might be applied at unique cleared facilities, facility security officers can control the opportunity a bit better. As a reminder, the DSS’ The Self-Inspection Handbook for NISP Contractors identifies five elements common to all cleared facilities are:

(A) Facility Security Clearance (FCL)
(B) Access Authorizations
(C) Security Education
(D) FOCI
(E) Classification

Using the DSS publication as the intended guidebook, FSOs can glean important information and ideas for applying the elements to their own facilities. This guidance just doesn’t get the cleared contractor ready for the inspection, but when applied, it solidifies a sound and proven security program.

The following article covers public disclosure of information pertinent to a classified contract. This is one area where a contractor can get jammed up unless addressed properly. Understanding how to request permission for public disclosure of this information is as important as protecting the information itself.

So, let’s begin with the topic in the self-inspection handbook.

Was approval of the Government Contracting Activity obtained prior to public disclosure of information pertaining to a classified contract?

I was advising a public relations unit for a small cleared defense contractor. This was a crack team that worked relentlessly on business development to keep the company profitable and employees at work. However, what they did not understand was the nuances of disclosing information pertinent to a classified contract. What they were good at is explaining how well the company performed on contracts. What they did not understand is that some of the information should not be disclosed without prior approval of the government customer. The government customer was very frustrated with the cleared defense contractor when the issue was raised.

Some information is good for both contractor and government agencies. Unless otherwise specified by the government customer, the contractor can freely publish the fact that a contract has been received, the subject matter of the contract, the method or type of contract, and total dollar amount of the contract unless that information reveals classified information. Additional information includes publishing decisions to hire additional employees or terminate existing employees.

This is all very general information and does not include intimate details about program efforts and capabilities. This general information is usually shared on websites, brochures, briefings, radio announcements and other media. Again, it’s good for business and there is no issue with disclosing the information. Keep in mind that information released specifically for a presentation, briefing, or conference must be considered open disclosure unless a classified setting or limited audience (export controls in place) is approved. Otherwise, if the information is considered too sensitive to put on a website, it should not be shared without approval.

In those situations where public disclosure is desired and approval necessary, it is important to document any GCA approval for public disclosure of unclassified information pertaining to a classified contract. The specific requirements should be found in the DD Form 254 and any directed specifications by the GCA.

According to NISPOM 5-511, the following should be implemented:

· Submit requests through the activity specified in the DD Form 254.

· Each request shall indicate the approximate date the contractor intends to release the information for public disclosure and identify the media to be used for the initial release.

· A copy of each approved request for release shall be retained for a period of one inspection cycle for review by DSS.

· All information developed subsequent to the initial approval shall also be cleared by the appropriate office prior to public disclosure.

A good practice is to use the above bullets as a checklist. Gain approval and document the approval ensuring the above requirements are met. File the approval with the required information and be prepared to demonstrate approval during the next DSS review.


For more information about meeting NISPOM and DSS requirements, see DoD Security Clearance and Contracts Guidebook.