This article
continues the series covering the Self-Inspection Handbook For NISP Contractors and guidance found in the National
Industrial Security Program Operating Manual (NISPOM)
Incorporating Change 2.
Prior to sending
classified information via commercial carriers, the holder of the classified
information should gain approval of the intent to ship and the method of
shipment. Once the approval is gained,
the shipper should properly prepare the product and coordinate the shipment
with the government, shipper, and receiver.
Question:
Do your cleared employees understand their safeguarding
responsibilities?
Answer:
NISPOM 5-100.
General.
Contractors shall be responsible for safeguarding classified
information in their custody or under their control. This includes classified
material controls that govern procedures or capabilities that deny, deter, and
detect any unauthorized attempt to gain access to classified information.
NISPOM
Chapter 5 is a large section that attempts to provide information to protect
classified information by format (written document, electronic document,
hardware item, information system, etc.) and location (open storage, computer,
in transit, at work, etc). Chapter 5 addresses protection of classified
information during reception, storage, transmission, destruction, physical
security, and more. This protection involves marking, physical security
specifications, oral communication, access, hand carrying, need to know, and
other measures to prevent unauthorized access.
While other NISP Handbook sections address format and location
of classified information, Section Q focuses on controls that are in place to
trace and account for classified information at the cleared facility. This safeguarding
question addresses a theme that is undercurrent to the entire Chapter 5; the
administrative and technical controls in place to document and detect status of
classified information. Though some of these controls were covered in other
NISP Handbook questions, they are re-visited here to demonstrate a specific
security function.
The question again is general and will be further unpacked
in in specific application as we work our way through Section Q. The point with
this article is to explain the controls at a high level and dig deeper in
consecutive articles. The cleared employees should understand how to answer the
question in the context of information management system and perimeter controls
available to ensure classified information is received, only authorized persons
gain access, and any unauthorized attempts to gain access is detected.
Validation:
Policy and procedure in place that describe information
management and perimeter controls
Employee acknowledgement of security training and understanding of classified material controls
Provide written authorization for hand carrier to transport
classified information
Develop tracking system to ensure receipts are returned in a
timely manner
Provide proof of hand carrier or escort briefing
Review and compare signatures of couriers who have attended training and briefings
No comments:
Post a Comment