Tuesday, March 6, 2018

NISPOM Certification





If you are serious about advancing in your field, get security certification. 


Taking practice tests is a great way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification. DSS has study material and tests available for those who enrol, NCMS has test study material as well.

Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM. It could help you pass the ISP and SPeD certification exams.

We've updated our manual for NISPOM Change 2. Have a go at some new questions. 


Try these questions to see how you do:



1. For a NACLC, you must provide work experience for the past _____ years.

a. 10

b. 20

c. 7

d. 5

e. 3


2. How long does a security clearance remain in effect?

a. Forever

b. 5 years for TS

c. 10 years for S

d. As long as employed and expected to require access to classified information

e. B and C


3. Who conducts security clearance investigations for the DoD?

a. Each cleared contractor is required to pay for investigations

b. FBI

c. DSS

d. OPM

e. CAF






NOTE: Answers to the following are not provided in the NISPOM. Please refer to any DSS, JPAS, OPM, and other resources at your disposal.



1. For a NACLC, you must provide work experience for the past _____ years.

a. 10

b. 20

c. 7

d. 5

e. 3

2. How long does a security clearance remain in effect?

a. Forever

b. 5 years for TS

c. 10 years for S

d. As long as employed and expected to require access to classified information

e. B and C

3. Who conducts security clearance investigations for the DoD?

a. Each cleared contractor is required to pay for investigations

b. FBI

c. DSS

d. OPM

e. CAF



So,  how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification,
DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.

According to reader comments and emails to the author, many who have bought this book, the ISP Test Tips, and used our techniques to augment their preparation have performed very well on the exam.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Friday, March 2, 2018

Classified Reproduction


As discussed in an earlier installation in the series covering the Self Inspection Handbook for NIST Contractors, Defense Contractors depend heavily on reproducing, printing, or otherwise providing hard copy documents as contractual deliverables or work products. This installation focuses on the handling and protection of the reproduced classified information. The reproductions should be accomplished by highly trained cleared employees with the required need to know. Additionally, as available, technology should be used to detect, discourage, or prevent unauthorized classified output.


Question:

5-600 Is the reproduction of classified information accomplished only by properly cleared, authorized, and knowledgeable employees?

 Answer:


NISPOM 5-600. General. Contractors shall establish a control system to ensure that reproduction of classified material is held to the minimum consistent with contractual and operational requirements. Classified reproduction shall be accomplished by authorized personnel knowledgeable of the procedures. The use of technology that prevents, discourages, or detects the unauthorized reproduction of classified documents is encouraged.



The Facility Security Officer should ensure that all material entering the facility, including reproduced internally is positively controlled. This means being able to account for its existence by format and location. Contractors could practice this control with an Information or Inventory Management Service (IMS) such as SimsSoftware or simply track with a spreadsheet. This control helps maintain traceability and accountability the classified material by location (security container, closed area, SCIF) and format (software, document, hardware) while allowing prevention of unauthorized disclosure. One never knows what to protect if they are not aware of what exists.

The introduction of classified information controls should include reproduction. Once a document is copied, printed, or otherwise derived, it should be controlled. Classified information should only be reproduced in response to a contractual requirement such as in the performance of a deliverable. The FSO should be able to easily justify the duplication and maintain copies based on the justification.

 The FSO should make the determination of how many and who to authorize to perform the tasks. This can be based on contractual needs, workload or other valid reason. However, procedures should be established that identify authorized persons and train them how and when to copy classified information and how to protect it. Procedures should include detecting and deterring unauthorized reproduction, documenting copies, marking, storing and disseminating the classified information.


A real threat may exist when an employee copies classified information in uncontrolled environments. Limiting reproduction to authorized equipment and personnel only protects classified information reproduced by trustworthy employees. It does not protect against acts of espionage where employees access classified information and copy it at uncontrolled copiers, load them to unauthorized formats, fax them using unauthorized machines all in an effort to remove it from the company undetected. This may be prevented by requiring a login code on reproduction equipment, putting all reproduction equipment in access controlled areas, or using technology to control all copying functions. However, the ultimate protection resides with controlling who accesses classified information, when they access it and what they do with it.


Copy machines, scanners and other reproduction equipment should be identified and designated for classified information reproduction. Where possible technical measures should be applied to trace and log not only print commands, but also commands where electronic documents are transferred electronically or copied.  The FSO could also implement controls that include a list of authorized persons, access codes or other technology to prevent unauthorized personnel, procedures to govern the use and type of designated reproduction equipment.

Training should include classified reproduction policy, marking classified information, derivative classification training, and should emphasize that only trained and authorized personnel are the only ones prepared to and capable of reproducing classified information.


Reproduced classified information should only be done as a last resort. When copies are made, it generates the need to protect additional classified material that employs resources and functions of an IMS. Only authorized employees should make copies of classified material. These authorized employees should do so only after being properly trained according to NISPOM. Such NISPOM and security training includes identifying who is authorized, equipment authorized, horizontal protection of the copied information, classification markings, and where to store or how to dispose of the copies.

Validation:

  • Review the list of authorized employees. If one doesn’t exist, create one.


  • Employ an IMS to help trace and account for classified copies.

  • Trace all classified copies to determine origin and final disposition.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".