Tuesday, August 1, 2017

NISPOM FSO Certification

 By Jeffrey W. Bennett, ISP, SAPPC
Get your copy @ www.redbikepublishing.com



If you are serious about advancing in your field, get security certification. 

Taking practice tests is a great way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification. DSS has study material and tests available for those who enrol, NCMS has test study material as well.

Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM. It could help you pass the ISP and SPeD certification exams.

We've updated our manual for NISPOM Change 2. Have a go at some new questions. 

Try these questions to see how you do:

1.      A facility at which only one person is assigned shall establish procedures for _____notification after death or incapacitation

a.            CSA
b.            GCA
c.             Next of Kin
d.            FSO
e.             FBI

2.      Reports submitted to the _____ involve espionage, terrorism and sabotage.
a.            CIA
b.            FSO
c.             CSA
d.            ISSM
e.              FBI

3.      Which is a part of System and Services Acquisition Control Measure
a.            Develop Security Plans
b.            Assess and Determine Usefulness of IS Security Controls
​c.            Employ Software Usage
d.            Provide Supporting Utilities for IS
e.             Limit Access to Authorized Users

4.      Which marking DOES NOT properly reflect what should be applied to the “Downgrade To” line:
a.            Derived From
b.            Downgrade To On
c.             Declassify On
​d.             Classified  By
e.             None of the above










Scroll Down For Answers






1.      A facility at which only one person is assigned shall establish procedures for _____notification after death or incapacitation
a.            CSA (NISPOM 1-204)
b.            GCA
c.             Next of Kin
d.            FSO
e.             FBI

2.      Reports submitted to the _____ involve espionage, terrorism and sabotage.
a.            CIA
b.            FSO
c.             CSA
d.            ISSM
e.             FBI (NISPOM 1-300)

3.      Which is a part of System and Services Acquisition Control Measure
a.            Develop Security Plans
b.            Assess and Determine Usefulness of IS Security Controls
c.             Employ Software Usage (NISPOM 8-301)
d.            Provide Supporting Utilities for IS
e.             Limit Access to Authorized Users

4.      Which marking DOES NOT properly reflect what should be applied to the “Downgrade To” line:
a.            Derived From
b.            Downgrade To On
c.             Declassify On
d.            Classified By (NISPOM 4-208c)
e.             None of the above

So how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification,
DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.

According to reader comments and emails to the author, many who have bought this book, the ISP Test Tips, and used our techniques to augment their preparation have performed very well on the exam.



Is your Information Management System (IMS) capable



 Contractors are required to be able to retrieve and dispose of classified information within a reasonable amount of time. The government owns it, so contractually, the contractor should turn it over upon request. An information management system will help with that task.

Question:
Is your Information Management System (IMS) capable of facilitating the retrieval and disposition of classified material as required?

RESOURCE: ISL 2006-01 Information Management System under Industrial Security Letters at: http://www.cdse.edu/toolkits/fsos/safeguarding.html

Answer:

NISPOM 5-200. Policy.

Contractors shall establish an information management system to protect and control the classified information in their possession. Contractors shall ensure that classified information in their custody is used or retained only for a lawful and authorized U.S. Government purpose. The U.S. Government reserves the right to retrieve its classified material or to cause appropriate disposition of the material by the contractor. The information management system employed by the contractor shall be capable of facilitating such retrieval and disposition in a reasonable period of time.

 Where the Top Secret Control Official is required to keep records of TOP SECRET information, the information management systems for SECRET and below is not proscribed. The NISPOM guidance is for contractors to implement a control that allows for the acknowledgement of, tracing of, and disposition classified information that is possessed. The NISPOM does not require any specific format, just that there is something in place that performs a control type of function. What is the function? To be able to retrieve and report disposition of classified information in a reasonable time.

The control helps to ensure that classified information is used or retained for lawful and authorized U.S. Government services. This control helps enforce that. For example, a classified contract is awarded and according to the DD Form 254, the contractor is permitted to receive, generate, and store classified information as the SECRET level.

As classified information is received, generated, and stored, the acceptance, issuance, generation, existence, etc. should be acknowledged in a contractor supplied control. This can be accomplished through a software based solution such as SIMS Software or as simple as using an excel spreadsheet or piece of paper and a stubby pencil.

Now, suppose the contract ends and the government requires returning all classified information related to the contract with in a certain period of time. The contractor is required to return all classified information in a short suspense. If it’s just a few items, no problem, however, if the contractor has multiple security containers in multiple rooms or buildings, this could prove difficult without a dependable and accurate information management system.

There also is no requirement for any form of receipt and dispatch records. However, if a contractor has a large number of documents, such tools may be very helpful. A software program that allows the tracing and “accountability” of inventory could be a significant event while searching for classified information.

For example, suppose the classified information was received and put into a company security container in a central receiving area and logged into that location. A year later, the cleared employees on contract require the classified information to be moved into a newly constructed room with a new security container. A receipting or tracing action that follows the relocation of the document would allow the quick retrieval. Relying upon memory or forgetting to document the movement could result in a time consuming hunt.

Whichever method is used to enforce this control, the intent is for the contractor to demonstrate capability for timely retrieval of classified information wherever it’s and have the ability to dispose of classified information when required to do so.

Validation:

Practice retrieving documents to ensure system functions

Clearly demonstrate ability to retrieve classified information

Clearly demonstrate ability to relay disposition of destroyed classified information

Ensure cleared employees understand the information management system through training and briefings