Security Executive Blog

NISPOM Derivative Classification Training While some cleared defense contractors perform non-technical services, other cleared contractors conduct derivative classification in the performance of their contracts.  Derivative classification in general terms includes, paraphrasing, incorporating, restating or regenerating classified information into a new form. Since contractors are not performing original classification, most of their work would involve using classified sources to create new classified products. Here's the important part, no training; no work. Properly executed National Industrial Security Program Operating Manual ( NISPOM ) training and documentation is the difference between performing on classified work and not being able to meet contractual requirements. Cleared contractors must plan to train cleared contractor employees who perform derivative classification responsibilities. The NISPOM outlines requirements for derivative classification train...

We recently interviewed Jackie Bray, an FSO with over 20 years experience, on some of the duties of an FSO and what makes an FSO successful. You can find her interview below: Jackie explains that the National Industrial Security Program Operating Manual (NISPOM) and Industrial Security Letters are fundamental to an FSO's experience. The NISPOM is the "bible" for those creating programs to protect classified information. It provides the "how to" for protecting classified information that the FSO, program managers, and cleared employees working on classified contracts should possess. The Standard Practice and Procedures should be a companion guide to the NISPOM. Where the NISPOM tells you what to do, the SPP will be the cleared defense contractors' response or demonstration of how they will implement NISPOM at their facility. Jackie explains that in addition to the NISPOM, and the SPP, the FSO and those working on the classified contract should caref...

By: Jeffrey W. Bennett, SFPC, SAPPC, ISOC, ISP A few years ago I wrote an opinion peace on the Washington Post article: Leaks in high-tech fighter? I wrote with the intent of providing insight to vulnerabilities and possible mitigations. This month out of curiosity, I decided to revisit the article. While I could not find a link to the original article, I have found many other articles providing more insight into the reasons why the Chinese were capable of producing the J-20 stealth fight that looked a lot like our F-35.  The original article made many pointed remarks blaming government agencies, including the Department of Defense as not providing the proper oversight. While it is easy to blame those who own the stolen information (the federal government) one must also recognize that there is myriad regulations and guidance, designed to prevent unauthorize disclosure of classified information. The N ational Industrial Security Operating Manual (NISPOM) gives guidance on h...

Order your copies from www.redbikepublishing.com /itar A few years back I wrote an article referring to the practice random computer searches occurring as travelers returned to the United States from trips abroad. Now with technology improvements, time, and the shrinking of borders in this well-connected global economy, I thought it would be a great time to revisit the idea of, “what would an adversary with limited resources be able to exploit in our computers?” This is an important question to ask as cyber-attacks are becoming more common. Now an adversary on foreign lands can gather military or dual use technical information governed by the international Traffic in Arms Regulation (ITAR) and commercial information covered in the Export Administration Regulations (EAR). This cyber-attack activity should not be surprising to the well-educated security cleared employee. What may be surprising is the risk to protected sensitive information available on well-connected informatio...

Get your copy @ www.redbikepublishing.com These NISPOM based questions could be helpful in passing the NCMS ISP Certification and the DoD's SPeD Certification exams including the most recent Industrial Security Oversight Certification ( ISOC) . Taking practice tests is a great way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification.  Practice tests augment certification exam preparation.  Red Bike Publishing's Unofficial Study Guide  features four complete test length practice exams based on  NISPOM .  We've updated our manual for NISPOM Change 2.  1.      Government representatives serving in an official capacity may visit a co...

The term “code word clearance” is sometimes used by the general public and is often described as an “above TOP SECRET Clearance”. While the term might be a part of the public’s security clearance slang, it is not part of the cleared community’s vocabulary. Those in the security community can best answer this question by explaining how the security clearance is granted, and that access to classified information is granted based on a level of classification. Classified information spans Collateral, Sensitive Compartmented Information (SCI), and Special Access Program (SAP) information. Collateral Classified Information With collateral clearances, the cleared employee is provided access to CONFIDENTIAL, SECRET, or TOP SECRET information, and is granted after undergoing a security clearance investigation and adjudication to determine suitability. For collateral classified information , those granted Top Secret clearances can access Confidential, Secret and Top Secret information. ...

FSOS: THE FIRST TO REVIEW YOUR SF-86 The form is completed online and once complete, the applicant should review the form with the Facility Security Officer (FSO). The FSO is the first person to review all the sensitive information with the applicant. The FSO ensures the form is complete, accurate, and all waivers and signatures are applied. FSOs are not decisions makers in the security clearance process and therefore not authorized to pass judgement, make adjudicative calls, or decisions about the clearance request – they are simply reviewing for completeness. AGENCY EMPLOYEES ARE NEXT Employees of agencies within the security clearance process will then have access to the SF-86 and are required to handle the information in accordance with their responsibilities and according to the Privacy Act. These employees will access the SF-86 while conducting background investigations, reinvestigations, and continuous evaluations of persons under consideration for, or retention of,...