Monday, April 30, 2018

NISPOM Based Questions


Get your copy @ www.redbikepublishing.com


Here's how to use our study guide:

1. Use hard copy or download online version of NISPOM to search for answers.

http://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodm/522022M.pdf

2. Mark best answer for each choice.

3. Once complete, check your answers against the answer key below.


Taking practice tests is a great way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification. DSS has study material and tests available for those who enrol, NCMS has test study material as well.

Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM. It could help you pass the ISP and SPeD certification exams.
We've updated our manual for NISPOM Change 2. 


Have a go at some new questions. 




Try these questions to see how you do:
1.      Who can terminate an FCL?
a.            CSA
b.            Cleared contractor
c.             Anyone
d.            A and b
e.             All of the above


2.      Derivative Classification includes:
a.            Incorporated classified information
b.            Restated classified information
c.             Generate classified information in a new form
d.            All the above
e.             B and c


3.      To whom does a contractor initially submit classification challenges?
a.            GCA
b.            CSA
c.             FSO
d.            FBI
e.             GSA


Scroll Down for Answers




1.      Derivative Classification includes:
a.            Incorporated classified information
b.            Restated classified information
c.             Generate classified information in a new form
d.            All the above (NISPOM 4-102)
e.             B and c



2.      To whom does a contractor initially submit classification challenges?
a.            GCA (NISPOM 4-104)
b.            CSA
c.             FSO
d.            FBI
e.             GSA



3.      Methods of security training provided to cleared employees include:
a.            Initial security briefings, refresher, annual briefings
b.            Initial security briefings, annual, debriefings
c.             Initial security briefings, refresher training, debriefings (NISPOM 3-107 to 3-109)
d.            Annual, refresher, initial security briefings
e.             Initial security briefings, annual, refresher






So,  how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification,
DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.

According to reader comments and emails to the author, many who have bought this book, the ISP Test Tips, and used our techniques to augment their preparation have performed very well on the exam.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing .

Friday, April 27, 2018

Classified Holdings

As discussed in an earlier installation in the series covering the Self Inspection Handbook for NIST Contractors, the government depends on Cleared Defense Contractors (CDC) to operate security programs designed to protect classified information from receipt to disposition. This article addresses the safe and secure removal of classified information.

Question:

Are procedures established to review classified holdings on a recurring basis for the purpose of maintaining classified inventories to the minimum required for classified operations? 


Answer:

NISPOM 5-701. Contractors shall establish procedures for review of their classified holdings on a recurring basis to reduce these classified inventories to the minimum necessary for effective and efficient operations. Multiple copies, obsolete material, and classified waste shall be destroyed as soon as practical after it has served its purpose. Any appropriate downgrading and declassification actions shall be taken on a timely basis to reduce the volume and to lower the level of classified material being retained by the contractor.

The Facility Security Officer should establish a process to periodically review classified holdings to determine what is necessary and what can be removed. This supports the NISPOM guidance of properly disposing of classified information when no longer needed. Disposition could mean destruction where approved, returning classified information to the customer, or requesting approval to maintain classified information beyond the required contractual need.

There is an urgency to reducing classified holdings that include contract end dates, classification duration, and the possibility of running out of storage space. The FSO should be aware of any of the criteria for each contract so that they can stay ahead of the requirements.

Some FSOs have established weekly, monthly and quarterly reviews. The review frequency for classified information at the SECRET level and below is not specifically dictated by NISPOM, but could be required in the DD Form 254 for the classified contract. Where not specified, the FSO could set the frequency depending on the personnel available and the size and type of inventory.

Where classified storage involves a small amount of electronic or physical products, the inventory can be pretty simple. For large holdings the FSO could use a more complicated schedule to commit personnel and resources to a more complicated task. An inventory management system such as Sims Software can be employed to separate classified holdings by contract number, type of classified holding, etc. to determine a regular schedule.

The FSO should not make the classified holding decisions alone. They should involve program management personnel working on the classified contract to ensure there is a good justification for disposition decisions. For example, a document may appear to be no longer necessary or many copies may exist which could lead to an uneducated decision to remove it. However, those working on the contract may have a reasonable requirement to maintain it and should be consulted before a decision is made.

A good first step is to look for low hanging fruit and seemingly easy disposition candidates. The most obvious is loss of classified contract or loss of facility clearance (FCL). In these cases the classified information must be destroyed or returned. Classified documents that have multiple copies or records indicating lack of use might indicate items that can be removed. In an organization with large classified holdings, these low hanging opportunities could result in a significant holding reduction. However, always verify before making the final decision.

Another easy task is to review classified holdings related to contract completion dates. In most cases, CDCs are authorized to retain classified information for two years after contract end date. An FSO can build these contract completion date related classified information into the review schedule. Where classified documents can be returned or destroyed, they should be destroyed or returned as authorized and as soon as possible. However, justification should be provided based on the classification level and with a description of the exact need for retaining the classified information. For example, TOP SECRET information must be identified by specific document. SECRET and below can be identified by general subject matter and number of documents.

A final bit of low hanging fruit is classified material not received under a specific contract. This includes classified information received with bid, proposal, or quoted. These should be destroyed within 180 days of a contract submission withdrawal or contract not being awarded. It also includes classified information accumulated at classified meetings or secondary distribution center and should be destroyed or returned within a year of receipt.

The FSO should also coordinate the participation of subject matter experts who understand classification duration, derivative classification, and security awareness training to ensure the appropriate action is taken. Documents should be declassified, downgraded, and destroyed as required and on time.

Where classified contracts required storing and working with classified information, there may be opportunities to acquire, accumulate, or reproduce growing amounts of classified material. This growth is expected and necessary. Classified holdings can grow significantly during the contract period of performance and the FSO should put in steps to evaluate the growing material and maintain what is absolutely necessary and dispose of what is not required. A regularly scheduled evaluation is required in NISPOM and should be implemented.

Steps for Evaluating classified holding:


1. Evaluate the contracts, work products, and DD Form 254s for classified storage requirements. Quantify those requirements.

2. Evaluate resources available to manage requirements and document who and what is required to manage classified storage.

3. Review classification duration and determine which classified material should be downgraded or declassified.

4. Review classified holdings to determine excess copies of existing documents.

5. Build a schedule for classified holding reviews and include security, subject matter experts, and those with need to know who can validate decisions.

Validation:


1. Demonstrate inventory on hand (information management system or other listing)

2. Provide list of classified contract subject matter experts and those able to validate classified disposition decisions (trained by FSO or representative)

3. Produce published review schedule

4. Provide disposition results (returns, destruction receipts and approvals

Adjudicative Guideline H: Drug Involvement

Adjudicative Guideline H: Drug Involvement is another concern that could lead to the denial or revocation of a security clearance. Drug involvement includes the abuse of illicit and legal drugs. However, a review of security clearance cases demonstrates that marijuana continues to be a concern for many applicants. Additionally, new state laws, public opinion, and attitudes may make it tempting for Americans to casually use marijuana and other drugs. 

Recently Colorado and other states have legalized the use of marijuana and some states also allow the use of medical marijuana. However, where national security is concerned, marijuana and the abuse of legal and illicit drugs for any reason can be cause for denial of a security clearance. 

Self-medicating 

An applicant was denied a clearance for marijuana as a source of “self-medication”. Applicant experienced back pain for a significant length of time and prescribed himself the benefit of marijuana to ease the pain. However, this marijuana use came to light due to an on the job injury and the subsequent drug test. Once busted, he went to rehab and discontinued the use. He argues that he has mitigated his earlier use with proof of rehabilitation, abstinence, and disassociation with drug-using individuals. 

However the judge examined all evidence and still had doubt about the applicant’s ability to make good decisions. The applicant only stopped because his use was discovered during the drug test and the rehab was required and not from self-referral. The judge’s findings were supported by the guidance: “Any doubt concerning personnel being considered for national security eligibility will be resolved in favor of the national security.”

Culturally savvy

Applicant stated that his marijuana use was part of his culture even though he had been in possession of a security clearance. However, the applicant stated that he had decided to discontinue the use of marijuana as a personal choice and should be granted the clearance. The applicant stated that the judge should understand that though he thought he had the right to use the drug, he had decided to abstain as a deliberate effort to serve the United States. The judge disagreed and his clearance was revoked.

I didn’t think it was significant


An applicant falsified a National Agency Questionnaire when he understated the full extent of his drug use, purchases, and sales. He falsely stated his infrequent use of marijuana only to state over the course of several interviews that he had indeed used marijuana more frequently and over a longer period of time. It wasn’t until a later interview that the applicant stated he used marijuana monthly over a period of years and up until a few days prior to his final interview. 
His rational was that he did not disclose his more extensive drug because he felt they were much less significant than his other past issues.  Additional considerations included use of mind altering mushrooms and the sale and purchase of drugs. The security clearance was denied.

Used it for 30 years

Applicant used marijuana for a period of more than 30 years. He also used cocaine once in his past.  He continued to use marijuana well into his work as a cleared defense contractor and stated that he would probably use it again. He has also admitted to purchasing marijuana, but had not used in six months. 

The judge denied the clearance and concluded that his continuing drug abuse is clearly of present security significance.

Lots of drugs


An applicant continued to use marijuana over an extended period of his adult life. He used the drug repeatedly and did so by stating that he ignored the fact that it was indeed illegal. Not only had he ignore the fact that marijuana was illegal and that use would disqualify him for national security jobs, but he was uncertain about future use. He had not used marijuana in a two year period, and stated that he feels sure he might not use it again.

Because of his long history of marijuana use, and occasional hallucinogenic mushroom consumption, it was impossible for the judge to think his last statement to be credible. As far as  mitigating the risk under Guideline H, the record is silent. He has not demonstrated the good judgment, reliability and trustworthiness required of those requesting access to the nation’s secrets. The judge concluded that the applicant cannot be considered trustworthy. 

Risk Mitigated

An applicant used cocaine on a number of occasions and four additional times ten years later. However, three years have passed since his last use.  He states that he will never use cocaine again. Since his abstinence, he has received many recommendations from supervisors, co-workers, and friends who know him well and have vouched for his reliability, integrity, and honesty. He had received counseling for his drug use and has otherwise sufficiently demonstrated that the drug use was indeed in the past and that he would never use again. His security clearance was granted.

Just Say No

There are many reasons for drug use include cultural acceptance, lack of respect of regulations, youthful indiscretion and self-prescribed pain relief. Those who have been denied security clearances exhibit poor self-control, lack of good judgement, or just show lack of willingness to follow to rules and regulations. Drug involvement can raise questions about loyalty, reliability, and ability to protect classified information.

Thursday, April 5, 2018

NISPOM Based Questions

Get your copy @ www.redbikepublishing.com


If you are serious about advancing in your field, get security certification. 

Taking practice tests is a great way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification. DSS has study material and tests available for those who enrol, NCMS has test study material as well.

Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM. It could help you pass the ISP and SPeD certification exams.

We've updated our manual for NISPOM Change 2. Have a go at some new questions. 
Try these questions to see how you do:



1. How many days must the employee begin work after a PCL is granted according to the commitment for employment?
a. 60 days
b. 30 days
c. 180 days
d. 90 days
e. 56 days

2. Approved methods of recording training include:
a. Newsletter
b. Distribution lists
c. Sign-in sheets
d. Upon discretion of FSO
e. All the above 


3. Who can terminate an FCL?
a. CSA
b. Cleared contractor
c. Anyone
d. A and b
e. All of the above


















1. How many days must the employee begin work after a PCL is granted according to the commitment for employment?
a. 60 days
b. 30 days (NISPOM 2-205)
c. 180 days
d. 90 days
e. 56 days

2. Approved methods of recording training include:
a. Newsletter
b. Distribution lists
c. Sign-in sheets
d. Upon discretion of FSO
e. All the above (NISPOM 3-100)

3. Who can terminate an FCL?
a. CSA
b. Cleared contractor
c. Anyone
d. A and b (NISPOM 2-110)
e. All of the above





So,  how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification,
DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.

According to reader comments and emails to the author, many who have bought this book, the ISP Test Tips, and used our techniques to augment their preparation have performed very well on the exam.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing .

Security Clearance Adjudication: Guideline K


Applicants for security clearance must demonstrate that they can protect sensitive information. Under Guideline K, “deliberate or negligent failure to comply with rules and regulations for protecting classified or other sensitive information raises doubt about an individual’s trustworthiness, judgment, reliability, or willingness and ability to safeguard such information, and is a serious security concern.” Any history of allowing unauthorized access, forgetting to enforce security rules, or loaning out passwords will definitely raise red flags and call trustworthiness into question. Review the following cases and see if you can identify the Guideline K issues.

YOU’RE JUST SAYING THAT TO GET ME

A clearance holder brought a camera into a restricted area against security rules. Additionally he committed many other security violations to include discussing sensitive information with unauthorized non-U.S. persons in an unauthorized area, left foreign nationals unattended with a classified workstation, and did not store classified hard drives. He was formally disciplined and removed from his place of employment due to continuous disregard of security procedures.
These are not only security violations, but due to the foreign national and non-U.S. person aspect, the individual, his company, and fellow employees are at risk of export licensing and International Traffic In Arms Regulation violations.
During the hearing, he failed to produce any mitigating circumstances, provide explanation, or offer character witness statements. He did state, however, that the charges were lies spread by persons who did not like him and were “out to get [him].”

COMSEC AND HIGHER THAN COLLATERAL

Some classified information requires additional protection because of the very nature of its existence; Communications Security (COMSEC) information is one example. Those with access to COMSEC are required to attend additional training and sign documents prior to possession of COMSEC material.
While accessing COMSEC information, an individual failed to practice security requirements on many occasions. These violations include failing to close and lock a COMSEC security container or secure a COMSEC vault door, leaving classified information in an unsecure area, and a few other incidents that put COMSEC at risk.
The applicant did provide mitigations, to include character witnesses, work accomplishments, and how she is a stellar performer. However, the mitigations did not address the security violation concerns. Though the incident happened in the past, the judge still had questions and doubts about her ability to protect classified information and denied the clearance.

DON’T LEND OUT USERNAME OR PASSWORD; SERIOUSLY DON’T

JPAS is the system Facility Security Officers (FSO) use to maintain facility and personnel clearances and contains sensitive information. DSS requires JPAS users to hold a security clearance and trains them to never share their usernames and passwords.
In this case, while the individual had received training from the Defense Security Service, he knowingly provided his JPAS username and password and granted unauthorized access to sensitive information. He provided his username and password to an uncleared employee for almost two years, allowing him to delegate FSO and JPAS responsibilities. Because of the potential risk to sensitive and classified information and the frequency and length of time the violations occurred, the violations were not mitigated and the judge denied the applicant’s security clearance.

I ONLY SPIED BECAUSE I WAS CHEATING

A married applicant gained access to his girlfriend’s e-mail without permission or authorization. This included a classified email account that contained information of which he did not have need to know. This violates Guideline K as “inappropriate efforts to obtain or view classified or other protected information outside one’s need-to-know”. Additionally, as a privileged information system user, he took advantage of his position to gain information for his own personal use and did not practice the requirement to accountable for his actions on an information system.
The applicant did however provide mitigation, to include admitting to his wife that he had had an affair, reconciling with his wife and demonstrating a passage of time since the events occurred (four years). Additional mitigations included the attendance of many security trainings, and a demonstration of his excellent attitude toward security rules. The judge ruled that the security incidents are “unlikely to recur and does not cast doubt on the individual’s reliability, trustworthiness, or good judgment,” and that “the individual responded favorably to counseling or remedial security training and now demonstrates a positive attitude toward the discharge of security responsibilities,”. The seriousness of the applicant’s conduct was outweighed by the presence of rehabilitation and the amount of time elapsed since its occurrence
The ability to demonstrate trustworthiness and proclivity to protection classified and protected information is often based on history. Any red flags or shortfalls with obeying rules and regulations set for protecting protected data surely must be mitigated. In the above cases only one was mitigated and the clearance granted. This decision was based on the work that the applicant spent to rehabilitate himself and demonstrate that his violations were history, and that his future included a focused security attitude.

Security Clearances and Criminal Behavior


Criminal activity creates doubt about a person’s judgment, reliability and trustworthiness. Criminal behavior is an indicator of whether or not an applicant will follow laws, rules and regulations. This is a critical concern where cleared employees are expected to comply with NISPOM guidance, rules, and laws as they discharge their duties and protect classified information. In fact, an applicant does not even have to be charged, prosecuted, or convicted to cause a security clearance denial.  
The following cases demonstrate how applicants clearly violated laws and directives. Their security clearances were denied because their criminal behavior created doubt about their ability to protect classified information.

I MADE YOU SAY “UNDERWEAR” 

For some reason, the applicant decided to undress and parade around in his underwear. After undressing in a department store’s dressing room, the applicant left the room in only his underwear four times before security approached him. Police were called and the applicant was issued a citation. 
The applicant’s clearance was denied and on appeal, the applicant stated that the employee misunderstood what he was doing and that the judge had not accounted for “the complexity of human behavior.”  
However, the appeal judge upheld the original decision. The judge observed that the applicant did not provide any evidence or statements from friends or family that support the applicant’s statements, or that would mitigate his actions. In absence of character references and evidence of innocence or habilitation, the clearance remains denied.  
Can you imagine using such rationale as a reason to release classified information in an unauthorized manner? “Well Your Honor, I’m a complex person and you should not question my decision to provide this sensitive information to our foreign guests.” 

ONLY GETS DUIS WHEN HE DRINKS 

An applicant has had three arrests and convictions for DUI over the course of five years.  As a result, the applicant attended court ordered counseling and treatment. The clinician did not give the applicant a diagnosis nor recommend substance abuse treatment. The applicant stopped drinking after the first two DUI incidents, but started again before the third. He now drinks a few times per month and has had no further incidents in the past two years.  
The judge ruled in favor of denying a security clearance. Though the applicant has provided evidence of a great work history, he has not had enough time to demonstrate a pattern of responsible drinking and provide adequate mitigation.  
Though the judge seemed to have ruled correctly, the applicant states that he rarely drank and that the judge ruled against him in error. The applicant stated he seldom drank.  
Using his rationale, it was only when he drank that he actually received DUIs. It would be safe to assume that by the similar rationale, the only time classified information is at risk is when an applicant has access to it. In this case, the judge wasn’t willing to take that chance.

LIAR LIAR 

An applicant was arrested and pled guilty to assault after badly beating his wife. He later attended anger management counseling. However, based on his former wife’s written statements, this was not a one-time incident. He physically abused her on many occasions. 
In spite of the former spouse’s written statements, the applicant falsified his own sworn statement by saying that he had not physically abused his wife other than the one time incident. Additionally, he offered little in the way of mitigation, and the clearance was denied. 
Using this rationale, a cleared employee could falsify end of day security checks. He could just sit at his desk and check off all the blocks without even walking around and inspecting the areas of concern. . 

UNINFORMED DECISION 

An applicant decided not to file his tax return and missed many deadlines to file thereafter. He failed meet one extension deadline after the next. However, one day he decided he was going to file and he owned up to it. When he came up for a security clearance investigation, Guideline J concerns arose.  
The administrative judge at the time determined that the applicant mitigated the Guideline J consideration simply by finally filing the tax return. However, the government appealed because adjudication had not been met as … “The person did not voluntarily commit the act and/or the factors leading to the violation are not likely to recur”.  
The applicant purposefully missed all deadlines until he finally filed, when he finally got to it. There is no reason to indicate that this behavior may not occur at a later date. Additionally, the applicant claimed to believe he owed no taxes. However, he did indeed still owe back taxes.  
Could you imagine how this could put classified information at risk? Using this rationale, a cleared worker could decide to ignore National Industrial Security Program Operating Manual (NISPOM) guidance and not mark classified material properly. He could continue to put unmarked classified information at risk until he was good and ready to mark it properly and lock it in a secure container. As long as he eventually got to it, his good intention is all that counts. 
Guideline J concerns are appropriate for evaluating security clearance requests. Where investigations uncover violations of laws, regulations and rules, the adjudicators have a duty to understand whether or not the behavior has been mitigated. Criminal activity, whether prosecuted or not, could be an indicator that an applicant could put national security in jeopardy.
Training".