Wednesday, September 26, 2018

NISPOM Based Questions For SPeD, Industrial Security Oversight Certification (ISOC), and ISP Study


 By Jeffrey W. Bennett, ISP, SAPPC
Get your copy @ www.redbikepublishing.com
These NISPOM based questions could be helpful in passing the NCMS ISP Certification and the DoD's SPeD Industrial Security Oversight Certification exams including the most recent Industrial Security Oversight Certification (ISOC).

In fact these study questions are in the same question format as you might find on the exam.

Here's how to use our study guide:

1. Use hard copy or download online version of NISPOM to search for answers.


2. Mark best answer for each choice.

3. Once complete, check your answers against the answer key below.

Taking practice tests is a great way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification. 
Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM
We've updated our manual for NISPOM Change 2. 
Have a go at some new questions. 
Try these questions to see how you do:
1.      CONFIDENTIAL is approved for transmission by which of the following means?
a.            U.S. Postal service Priority Mail
b.            U.S. Postal Service First Class Mail
c.             Any commercial overnight delivery company
d.            U.S. Postal Service Certified Mail 
e.             All the above
2.      Authorization in writing by the _____  is required for transmission of TOP SECRET outside of a facility while the electrical transmission means over _______ approved secured communications security circuits.
a.            CSA, GSA
b.            CSA, FSO
c.             FSO, DOT
d.            CSA, DOT
e.             GCA, CSA 
3.      What should be provided in an escort’s written instructions prior to shipping classified information?
a.            Receipt procedures
b.            Means of transportation
c.             Emergency communication procedures
d.            Route to be used
e.             All the above 
Scroll down for answers












1.      CONFIDENTIAL is approved for transmission by which of the following means?
a.            U.S. Postal service Priority Mail
b.            U.S. Postal Service First Class Mail
c.             Any commercial overnight delivery company
d.            U.S. Postal Service Certified Mail (NISPOM 5-404)
e.             All the above
2.      Authorization in writing by the _____  is required for transmission of TOP SECRET outside of a facility while the electrical transmission means over _______ approved secured communications security circuits.
a.            CSA, GSA
b.            CSA, FSO
c.             FSO, DOT
d.            CSA, DOT
e.             GCA, CSA (NISPOM 5-402)
3.      What should be provided in an escort’s written instructions prior to shipping classified information?
a.            Receipt procedures
b.            Means of transportation
c.             Emergency communication procedures
d.            Route to be used
e.             All the above (NISPOM 5-412)
So,  how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification,                                
DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.

According to reader comments and emails to the author, many who have bought this book, the ISP Test Tips, and used our techniques to augment their preparation have performed very well on certification exams.

                                             ___________________________________________________________________


Consider visiting Red Bike Publishing for training that you can download and present to cleared employees as well as present to DSS during the annual review.

Industrial Security Oversight Certification, Industrial Security Professional Certification and NISPOM Study Questions



These NISPOM based questions could be helpful in passing the NCMS ISP Certification and the DoD's SPeD Industrial Security Oversight Certification exams.

Here's how to use our study guide:

1. Use hard copy or download online version of NISPOM to search for answers.

http://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodm/522022M.pdf


2. Mark best answer for each choice.

3. Once complete, check your answers against the answer key below.


Taking practice tests is a great way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification. DSS has study material and tests available for those who enrol, NCMS has test study material as well.

Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM. It could help you pass the ISP and SPeD certification exams.
We've updated our manual for NISPOM Change 2. 


Have a go at some new questions. 




Try these questions to see how you do:


1. Contractors shall maintain a record of reproduction of 
SECRET material for _____ years. 

a. Two years

b. One year

c. Five years

d. Thirty days

e. None of the above
2. Controlling access to classified material in an open area 
during working hours is an example of: 

a. Supplemental protection

b. Establishing a closed area

c. Establishing an open area

d. Establishing a restricted Area 
e. None of the Above
3. What information shall NOT be included on receipts?

a. Identity of sender

b. Identity of addressee

c. Identity of the document

d. Classified Information 

e. All the above


Scroll down for answers















1. Contractors shall maintain a record of reproduction of 
SECRET material for _____ years.

a. Two years

b. One year

c. Five years

d. Thirty days

e. None of the above (NISPOM 5-603)
2. Controlling access to classified material in an open area 
during working hours is an example of: 

a. Supplemental protection

b. Establishing a closed area

c. Establishing an open area

d. Establishing a restricted Area (NISPOM 5-305)

e. None of the Above
3. What information shall NOT be included on receipts?

a. Identity of sender

b. Identity of addressee

c. Identity of the document

d. Classified Information (NISPOM 5-401)

e. All the above


So,  how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification,                                
DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.

According to reader comments and emails to the author, many who have bought this book, the ISP Test Tips, and used our techniques to augment their preparation have performed very well on the exam.

Limited Access Authorization

The Limited Access Authorization (LAA)
By: Jeffrey W. Bennett, SFPC, SAPPC, ISOC, ISP
Many people of the world reside in the United States where they temporarily live and work under authorized conditions. They could be applying for citizenship or residing for a season of work. While they are here under certain authorizations such as visas or other agreements, they are legal residents but not U.S. citizens. They participate in the work force, contribute in the advancement of technology, benefit industry, but there are restrictions to information they are able to access. In the commercial industry, access to technical information is controlled under Export Administration Regulation (EAR). In the defense contracting industry, non-U.S. persons are restricted from accessing certain technical information per the International Traffic in Arms Regulation (ITAR), and they are not eligible for security clearances.
While non – U.S. citizens can work with technical information after approval from the Departments of Commerce or State, they could not be authorized to possess U.S. security clearances. There are situations where they can access classified information, but it is only after a deliberate need is identified, rationale is determined, and the access is granted after a favorable background check. However, in no situation is this the granting of a security clearance.
The National Industrial Security Operating Manual (NISPOM) states that only U. S. citizens are eligible for security clearances. However, in approved circumstances, non-U.S. citizens can access classified information. Again this is access and approval to work with classified information, but should not be confused with being granted a security clearance.
There are limited situations where a non-U.S. citizen would be authorized to have access to and work with classified information. Some reasons include situations where they possess unique or unusual skills necessary to support a U.S. Government classified contract. In these events, the Government can authorize a Limited Access Authorization (LAA). The LAA authorization is not a security clearance, but a process by which access to specific classified information is provided through an approval process.
The approval process requires multi-agency coordination beginning with the defense contractor requesting the need to provide a non-U.S. citizen access to classified information, the government customer justifying the need with specific rationale, State Department visibility, and final Defense Security Services (DSS) approval. Once DSS approves the letter of justification they notify the defense contractor who initiates a background investigation.
Once the LAA is in place the non-U.S. citizen can access classified information specific to the contract and based on their need to know. The letter of justification should specify the contract number, a precise list of material to be access and the contractor should ensure that the person under the LAA accesses only the specified information. They are not allowed access to anything above the SECRET level, to include COMSEC and intelligence information. Any access above and beyond what is specified should be considered and reported as a security violation.
The average citizen should view the LAA process as a means to fill a unique situation using risk based rationale and not as a means of convenience. The non-U.S. citizen subject matter expert is identified as such, properly vetted, the need is communicated, evaluated and assessed, and the Department of Defense, State, Commerce, and other applicable agencies make joint approval decisions.
Avoiding FOIA Fiascos
By: Jeffrey W. Bennett, SFPC, SAPPC, ISOC, ISP
When writing, reviewing or approviding classified or unclassified technical documents, keep in mind that even unclassified technical information should be scrutinized for protection under the Freedom of Inforamtion Act (FOIA). What this means is that if someone needs Government information that is not readily available, one option is for them to submit a FOIA request. Even unclassified documents may have technical information that should be identifified and as necessary, protected from public release. This information includes technical date, controlled unclassified information, personal identifiable information, and should be portioned marked as such. UNCLASSIFIED//FOR OFFICIAL USE ONLY or FOUO is a reasonable way to protect information from release under a FOIA request.
Here's why:
There are many reasons for submitting a FOIA request to include conducting research, writing a book, curiosity, advancing a theory, developing a project, and etc. Regardless of the reason, anyone can submit a request. Once a request has been submitted, the government is required provide the information unless it falls into the exemptions designed to ensure the protection privacy, national security, and law enforcement. The government program office is primarily charged with the reviews, but unless the contractor marks information properly, they may not understand what might be sensitive and should not be released.
Again, anyone can request that the U.S. Government release information. A non U.S. citizen has the right to request and receive the information as much as a U.S. citizen does. It is up to the Federal agency to identify and protect any information that meet the exemption criteria. For national security concerns, this is usually accomplished by the federal agency using a security classification (CONFIDENTIAL, SECRET, TOP SECRET), For Official Use Only, or other designation to protect information falling under one or more exemptions.
We'll explain how this works so that you can be better prepared to identify and exempt sensitive unclassified information from public release.
Here's how it works:
The first step to take when requesting information is to determine if the information is already available. This can be easily accomplished by visiting https://www.foia.gov/faq.html and conducting a search for available information. If the information requested is already available, it can be use by the potential requester. If the information is not there or incomplete, the requester should begin the request process.
The next step should be to determine which federal agency owns the information being sought. Even if the requestor cannot determine which agency owns the information, they may still be able to provide enough information for someone to refer the request to the appropriate agency.
Next, they submit the FOIA request in writing and with a description of the information desired. The requestor can submit the request via a web from, email or fax and the submission information is available at the listed FOIA website. There are even “how to” and descriptive FOIA request videos that informs of the request process. The requestor should specify how they would prefer to receive the information such as printed or electronic. If available the agency will provide the information in the format that it already exists. 
Once the request is received and processed the agency should send an acknowledgement of receipt and a tracking number. They may contact the requester to seek additional information or if they have enough information, go ahead and provide requested information. Any information that falls under any exemption will not be provided. Those performing the function of reviewing information may mark out or remove protected information from the final product.
What you can do:
1.  Develop a program to identify sensitive information that is either protected under Controll Unclassified Information, Personal Identifyable Information (PII), International Traffic in Arms Regulation (ITAR),  Export Administration Regulations (EAR), or other guidance.
2.  Document and publish (protect the publication) the identified information so that those performing on contracts understand what is protected can refer to the publication.
3. Consult the security classification guide specific to the program for additional guidance.
4. Mark all work products correctly to prevent public release where appropriate.
4. Develop a document review team to validate markings and approve the marking.
Each agency is responsible for reviewing the request for the information under its cognizance and each agency has its own internal review process. However, they do not have the leisure of reading minds or intent to understand what should be protected. All they have is the request and the document and their own internal process and guidelines. It's up to the document source to indicate what should be protected. Those producing sensitive unclassified information can further protect it by identifying it up front and marking it correctly so that the agency can understand what should be exempt from release. If the receiving agency has little context or ability to contact the document's source, they may err on the side of releasing the information. 

SPeD Inustrial Security Oversight Certification

Industrial Security Oversight Certification
Red Bike Publishing is so happy to have helped hundreds of people study for security certification with Red Bike Publishing’s Unofficial Study Guide for ISP Certification and we appreciate all of your encouraging emails. With such success, we’ve had many requests asking Red Bike Publishing to write exam preparation material for Security Professional Education Development (SPÄ“D) Certification. For a long time, we have struggled with how to meet the challenge.
Until now! Red Bike Publishing’s own Jeffrey W. Bennett, SFPC, SAPPC, and ISP just tested and qualified for the newest SPÄ“D certification, Industrial Security Oversight Certification (ISOC).  He tested without additional preparation other than his NISPOM experience covering what he has learned from working in the NISP, writing articles and training programs, and keeping up to date with the Red Bike Publishing’s Unofficial Study Guide for ISP Certification.
That’s because an understanding of NISPOM is the fundamental skill set to pass the ISOC exam. Per the website, “The Industrial Security Oversight Certification (ISOC) is ideal for DoD, Industry, and federal members under the National Industrial Security Program (NISP).” The prerequisite certification is the Security Fundamentals Professional Certification (SFPC) and is also NISPOM based.
The ISOC assesses foundational knowledge in the following competencies (NISPOM topcis):
Industrial Security Basics Security Reviews and Inspections Security Systems and Requirements
Though Red Bike Publishing has not written any additional material for the ISOC certification, we are confident in sharing that Red Bike Publishing’s Unofficial Study Guide for ISP Certification can be used to help prepare for the ISOC exam. Our security books including NISPOM, ITAR and DoD Security Clearance and Contracts Guidebook, and FSO Tool Box training packages are also great resources and study prep for your security certification needs.