A secret is diluted by the square of the number of those who have heard it-Robert Half
This article continues the series
covering of the Defense Security Service (DSS) Self Inspection Handbook for
NISP Contractors. Now we'll review the National Industrial Security Program Operating
Manual (NISPOM),
Paragraph 5-303. This is another installation from the handbook under the topic
of M. Classified Storage
Are
supplemental controls in place for storage of SECRET material in Closed Areas?
The NISPOM states:
5-303. SECRET Storage. SECRET material shall be
stored in a GSA-approved security container, an approved vault, or closed area. Supplemental controls
are required for storage in closed areas.
While
those in the know understand what supplemental controls are and how to find
them, the NISPOM in general does not identify or discuss supplemental controls
until later in Paragraph 5-307 and in more detail in Section 9. A scan of the
NISPOM table of contents should help. Another good idea is to download the
electronic NISPOM and conduct a word search.
Supplemental Controls
Supplemental
controls are intrusion detection systems (IDS) or an approved guard force.
These controls are required for SECRET stored in closed areas and all TOP
SECRET information. However, the NISPOM does not require supplemental controls standards
for SECRET stored in GSA approved container when the CSA has determined that
the GSA-approved security container or approved vault is located in an area of
the facility with security-in-depth.
Closed Areas
Closed
areas are great for storing bulk information that may not fit in a security
container. As mentioned earlier, in situations where SECRET material is stored
in a closed area without a GSA approved container, it does require supplemental
protection. These closed areas require access control either with an ever present,
cleared employee checking a roster or through a supplanting access control
system such as biometrics, access card, pin number, and retina scan readers. The
NISPOM does say that supplemental protection is not necessary at the time when
the work area is occupied. It makes sense as cleared employees would be
tripping IDS every time they breathed.
According
to DoD Security Clearance and Contracts Guidebook, closed areas are a
more permanent solution for possessing facilities and when classified items are
difficult to store in a GSA approved container. When unique sizes and shapes do
not fit into conventional GSA container storage capability, the FSO should seek
approval from DSS for open shelf or bin storage.
Physical
security measures employed in a closed area prevents unauthorized access at any
time. Reinforced doors, windows and other access points should be installed to
prevent anyone from easily breaking in or going around current security
precautions. DSS approves new construction, modifications, and repairs of
closed areas.
Though
closed areas are built to standard, approved by the cognizant security agency,
and inspected, they cannot be assumed theft proof. Supplemental controls close
the loop on security during off duty times.
Validation:
1. Written
security policy for application of NISPOM Paragraph 5 Section 9 with Intrusion
Detection Systems.
2. IDS
records, incidents and results
3. Written
policy for the use of Security Guards if in use
4.
Document Security Guard Patrol Schedule and Results
5. Copy of
properly completed Alarm System Description Form
6.
Cognizant Security Agency approval for open bin storage
7. Security training includes use of
supplemental controls
8.
Supplemental control policy
No comments:
Post a Comment