NISPOM |
This
article continues the series covering the Self-Inspection Handbook
For NISP Contractors
and guidance found in the National Industrial Security Program Operating Manual
(NISPOM) Incorporating
Change 2.
The
transmission of classified information is an important concern. Classified information
should be controlled as it enters and leaves each facility. Each facility that
has a CAGE Code should have it’s own transmission process meeting NISPOM
requirements. How is yours doing? Lets find out.
Question:
Are
procedures established for proper receipt and inspection of classified
transmittals?
Here’s
what NISPOM says on
the subject. Our narrative follows:
5-202. Receiving Classified Material. Procedures
shall be established to ensure that classified material, regardless of delivery
method, is received directly by authorized personnel. The material shall be
examined for evidence of tampering and the classified contents shall be checked
against the receipt. Discrepancies in the contents of a package or absence of a
receipt for TOP SECRET and SECRET material shall
be reported promptly to the sender.
How
to apply the NISPOM (some of this article is from the book DoD
Security Clearance and Contracts Guidebook)
Receipt by authorized personnel
The
FSO should ensure all arriving classified information is inspected and received
into accountability by authorized personnel. Many cleared contractors establish
a centralized classified information holding where all classified is processed
in and out of the facility and is managed like a library. Others have
classified information dispersed throughout the facility where needed. Either
way works depending on how it is managed. Regardless of where classified
information is stored, it must be properly received by the authorized cleared
employees.
What The material shall be examined for
evidence of tampering and the classified contents shall be checked against the
receipt.
Classified
information should arrive in the same condition it was shipped in and contain
the exact information as it left with. Due diligence is necessary to ensure
that classified information has not been compromised, is related to a contract,
and is properly marked.
Inspecting
or examining the received material begins with looking at the outside package
and looking for condition. Regardless of transmission methods of physical items
(mail, courier, overnight, hand carry and etc.) classified material should be
double wrapped. Each layer serves to protect the classified material from
inadvertent and unauthorized disclosure and should be properly addressed.
Anything ripped or seemingly re-taped should be further investigated.
Detailed Inspection Requirements
Regardless
of transmission methods, the recipient should examine the outer wrapping for
evidence of tampering or to compromise of classified material. Classified material
should be double wrapped with two independent layers of protection. Each layer should
consists of opaque material such as an envelope, paper, box or other strong
wrapping material.
The
receiver should look for evidence of tearing, ripping, re-wrapping or some
other means of unauthorized access to the material. Then review the shipping
label for a classified mailing address and return address. There should be no
classification markings on the outer layer of the item as classification
markings on the outside of a package are a security violation.
The
inner layer should be inspected the same way as the outer layer for evidence of
tampering or unauthorized disclosure (Figure 1).
However, the inside wrapping should contain the full address of the recipient as
well as classification markings on the top, bottom, front and back, and sides (Figure 2). TOP SECRET and SECRET material should have
a packing list or receipt. Receipts are not necessary with the shipment of
CONFIDENTIAL material. If a receipt is included, the receiver should sign it and
return it to the sender.
The
receiver should then check the receipt against the contents to ensure the items
are listed correctly and accounted for. The properly filled out receipt should
list the sender, the addressee, and correctly identify the contents by an
unclassified title and appropriate quantity. Since the receipt may be filed for
administrative and compliance purposes, the inspector should ensure it contains
no classified information.
Figure 2 Properly marked classified package (inner wrapper) |
The
receiver should compare the classification marking on the contents with the
wrapper and the receipt to once again verify the classification level and
prevent unauthorized disclosure.
Discrepancies
in the contents of a package or absence of a receipt for TOP SECRET and SECRET
material shall be reported promptly to the sender.
Any problems resulting from the
examination and inspection should be addressed with the sender. Both should
determine whether or not a security incident exists or other explanation.
Sometimes packages are ripped, poorly wrapped, or damaged during shipment. The
parties should make that determination.
If the
shipment is in order, the receipt shall be signed and returned to the sender.
If a receipt is included with CONFIDENTIAL material, it shall be signed and
returned to the sender.
Once
all the checks and verifications are complete, the receiver can then sign a
copy of the receipt and return to the sender, thus closing the loop on the
sender’s accounting responsibilities.
VALIDATION:
Capture names of employees authorized to
inspect and transmit classified information.
Record of authorized employee securitytraining.
Keep a pedigree of all transmitted
classified information from receipt to final disposition. This is a receipt log
that explains the lifecycle of classified information as received, stored,
transmitted or destroyed.
Present
classified transmission procedures if written.
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".
No comments:
Post a Comment