Tuesday, June 25, 2019

NISPOM Questions for Security Certification


Get your copy @ www.redbikepublishing.com
These NISPOM based questions could be helpful in passing the NCMS ISP Certification and the DoD's SPeD Certification exams including the most recent Industrial Security Oversight Certification (ISOC).

Taking practice tests is a great way to prepare for an exam. Successful students in grade school and college study using guides and exam preparation questions based on the test subject material. This same successful methodology can also help prepare for professional exams like ISP Certification and SPeD Certification. 

Practice tests augment certification exam preparation. Red Bike Publishing's Unofficial Study Guide features four complete test length practice exams based on NISPOM

We've updated our manual for NISPOM Change 2. 

Response times for investigating alarms shall not exceed:
a. Thirty minutes
            b. Fifteen minutes (NISPOM 5-903b)
c. Twenty minutes
d. One hour
e. What is reasonable to safeguard classified material

All attendees of classified meetings shall possess _____ and _____.
            a. Clearance, need to know (NISPOM 6-101)
b. Clearance, ID card
c. Authorized tablet, pen
d. VAL, authorization
e. Clearance, authorization​​​​​​​​​​​​​​

What is one of the required actions necessary before a prime contractor may release or disclose classified information to a subcontractor?
        a. Determine clearance status (NISPOM 7-101)
        b. Determine size of company
        c. Determine capability to perform work on time
        d. Determine type of business
        e. Determine location of work performed




Scroll Down For Answers




Response times for investigating alarms shall not exceed:
a. Thirty minutes
b. Fifteen minutes (NISPOM 5-903b)
c. Twenty minutes
d. One hour
e. What is reasonable to safeguard classified material

All attendees of classified meetings shall possess _____ and _____.
a. Clearance, need to know (NISPOM 6-101)
b. Clearance, ID card
c. Authorized tablet, pen
d. VAL, authorization
e. Clearance, authorization​​​​​​​​​​​​​​

What is one of the required actions necessary before a prime contractor may release or disclose classified information to a subcontractor?
a. Determine clearance status (NISPOM 7-101)
b. Determine size of company
c. Determine capability to perform work on time
d. Determine type of business
e. Determine location of work performed

So,  how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification,                                
DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.

According to reader comments and emails to the author, many who have bought this book used our techniques to augment their preparation have performed very well on certification exams.

                                             ___________________________________________________________________


Consider visiting Red Bike Publishing for training that you can download and present to cleared employees as well as present to DSS during the annual review.

Saturday, June 22, 2019

FSO's, OPSEC, and Protecting Sensitive Information


In our latest DoD Secure Pod Cast we continued our discussion the owners of The Management Analysis Network. This discussion is about apply Operations Security in the form of a Communication Strategy or Comms Strategy. 

The need to communicate
They explain that a comms strategy is vital to being able to communicate information about the work a cleared defense contractor is executing without giving away too much information. When developing a significant capability others may be able to observe the work and become inquisitive. Whether they are neighbors, businesses, news media or others, what people are naturally going to do is inquire about it.

Additionally, it may be necessary to present information at conferences, award ceremonies, promotions, advertisements and etc.  So the question is, how do we talk about the program to meet the requirements, to convey information to Congress, to oversight to others and to tell the good news story to the American people about how their tax dollars are being spent. At the same time it may be necessary to withhold information that is very beneficial and could help an adversary or competitor figure out what the work is and how its being executed. 

Tool to communicate
So the communication strategy is something that sets expectations for how to deal with the media or contracting or other elements. It provides left and right limits of things you want to emphasize, things you don't want to emphasize, and talking points and messages that to reiterate over and over again and areas that you want to avoid. 

The next step is to put it all together and get buy in and conduct training on the strategy. Once done, coordination with the program office, public affairs, and other partners should be incorporated. This will enable employees to go forward and talk about their program, but at the same time feel comfortable that they're not going to disclose any information that may not be classified or otherwise sensitive.

This strategy is a great tool for employees who need the guidance to feel comfortable on how to speak about their projects. Many times employees are given little guidance in the form of bumper sticker communications; "its classified", "think OPSEC", and etc. 

This strategy provides the employee with no way to communicate and therefore they may be nervous or unable to discern what to speak about or when. However, an employee with a training on the communication strategy can intellectually discuss their work while understanding what is sensitive and what is not. Additionally, business development, contracting, graphics and other departments will be able to do their jobs as well.

Building the tool
The best way to discuss a communication strategy is to begin with:

Describe what the program or project is or mission
Determine the work streams necessary to accomplish the mission.
For each work stream, determine what information is sensitive using a classification guide, OPSEC plan, DD Form 254, ITAR, or organizational documentation describing sensitive information.
Determine how to talk about the work without revealing the sensitive information
Train employees on the strategy-This may be incorporated into security awareness training or insider threat training
Develop processes to review communication to determine whether or not sensitive information is being released-review presentations, bids, emails, etc.

Not every aspect of sensitive work is sensitive. There are ways to communicate awards, accomplishments, contract wins, or share with the friends and family without revealing sensitive information. 

Listen to the pod cast for more details: