This section continues our discussion of the DSS’ The Self-Inspection Handbook for NISP Contractors. Now we are in Section M Classified Storage. So, here is the question:
5-101 Do your cleared employees know where they can and
can't hold classified discussions?
According to NISPOM 5-101. Safeguarding Oral Discussions.
Contractors shall ensure that all cleared personnel are aware of the
prohibition against discussing classified information over unsecured
telephones, in public conveyances or places, or in any other manner that
permits interception by unauthorized persons.
There are at least two points that the FSO should
address. The first is to ensure all cleared employees are aware of when and
where classified discussions are and are not permitted. This awareness can be
presented in any of the following formats. If possible, the FSO should
implement as many as apply:
- New employee orientation/Initial Security Briefing/Annualsecurity awareness training-FSO's should incorporate contractor specific training to ensure the cleared employees understand where and when classified contractors are allowed and the circumstances that must be met prior to the discussions being allowed. This training should include designated areas, rooms, sections or other locations where conversations, presentations, telephones, and any other discussions should take place. The training should also include how to prepare the areas for the proper level of discussion to include any necessary VARs, COMSEC, or necessary information system support.
- Posters-Posters serve as reminders to reserve classified conversations for designated or dedicated locations.
- Pamphlets or flyers-Post these in obvious places as part of continuing security training and education. These flyers and pamphlets can convey a lot of significant information that will support your annual security awareness training.
- Multi-media-broadcast your security message to the cleared employees through ocial media, websites, internal television channel, etc.
VALIDATION: The best way to demonstrate compliance to NISPOM requirements is to document actions and show examples. This can be done with:
- cleared employee signature
- facility maps identifying designated and dedicated classified discussion areas
- locations where pamphlets and flyers are posted
- how many were posted,
- copies of presentations and training
Presenting and documenting topics, signatures and copies of any method of presenting the message are great metrics to demonstrate validation.
Consider visiting Red Bike Publishing for training that you can download and present to cleared employees as well as present to DSS during the annual review.
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".
No comments:
Post a Comment