We are continuing our analysis of the DSS’ The Self-Inspection Handbook for NISP Contractors to determine requirements and best practices for meeting them.
Since Section M has multiple inspection points, we have broken them up into individual articles. This update addresses using warning signs and inspections to ensure authorized introduction and removal of classified information.
Question 5-103: Are signs posted at all entries and exits warning that anyone entering or departing is subject to an inspection of their personal effects?
Security through Denial, Deterrence, and Detection
This
notification is designed to both serve as a warning or deterrent to
unauthorized introduction or removal of classified information. The actual
inspection of personal effects serve denial and detection purposes.
These
inspections and postings of signs should occur in strategic locations. The FSO
should consider using them where they make the most sense, where they support
classified contracts, and where they enhance job performance and not become a
burden to the enterprise or national industrial security program. For example,
the inspections should occur where access to classified material is more likely
and not where access to classified material is not likely or remote at the very
least. The inspections should occur in such a manner as to not impede traffic flow or classified performance.
Additionally,
these inspections should be random and limited to business items and not
personal items such as purses, wallets or undergarments. In all cases, coordinate with human resources and seek legal advice before implementing the program.
The Danger
The uncontrolled
introduction of classified information can cause security violations and
compromise of classified material.
The FSO should
create company policy demonstrating how classified material is introduced and
removed properly from the company and train cleared employees on the
procedures. The intent is to establish an environment where all employees have
a clear understanding of policy.
For example, the
FSO can ensure that classified
deliveries are to be made through the cleared contractor’s security
department and not directly to the cleared employees. One trigger
point to plan the reception of classified information is upon notification of a
classified visit request.
Best Practices
At a minimum, ensure inspection signs are posted at all employee and visitor entries and exits. This broad scope captures the entire building access and egress possibilities where classified information can be introduced or removed.
Next, filter the flow of visitors. A follow on method of controlling the introduction of classified information is to restrict or direct the flow of visitor traffic into and out of the cleared facility. Cleared facilities may have multiple entry points and visitors should have access to only designated entry points. To help with maintaining control of the classified environment, FSO’s can employ information technology or human controls to direct pedestrian traffic into their facility. Access controls with biometric, pin card or data card access provide an excellent opportunity to flow all traffic through an authorized area.
Next, filter the flow of visitors. A follow on method of controlling the introduction of classified information is to restrict or direct the flow of visitor traffic into and out of the cleared facility. Cleared facilities may have multiple entry points and visitors should have access to only designated entry points. To help with maintaining control of the classified environment, FSO’s can employ information technology or human controls to direct pedestrian traffic into their facility. Access controls with biometric, pin card or data card access provide an excellent opportunity to flow all traffic through an authorized area.
When budget does
not permit the purchase or subscription to expensive information technology,
high security hardware such as door locks and crash bars are adequate to
prevent entry into unauthorized doors.
When controls
are in place, pedestrian traffic should file through a reception area where
visitors are received warmly and reminded to check in with the security or
reception desk for all classified deliveries. Document Compliance and Best Practices
The VALIDATION
should include, but are not limited to corporate policy letters, inventory of
where inspection signs are posted, transcripts or slides from security awareness
training, attendance rosters from training.
Authorized
classified material should flow unimpeded to and from where classified work is
performed. Security efforts should facilitate the authorized introduction of
classified information, while denying, deterring, and detecting unauthorized
attempts at introduction or removal. FSOs should ensure a strong security
posture and train the force to work within the required environment.
For more information, see DoD Security Clearance and Contracts Guidebook.
For more information, see DoD Security Clearance and Contracts Guidebook.
No comments:
Post a Comment