Friday, May 1, 2020

New Cleared Employees, FSOs, and NISPOM

Once a security clearance is granted, the Facility Security Officer (FSO) will contact you and several things will happen real fast. Primarily, if you have been sitting in a temporary position while awaiting your clearance, things are about to get real.
The FSO will manage the security clearance under the umbrella of the cleared defense contractor’s oversight. This means that the FSO will maintain the facility security clearance (FCL) status administratively as well as meeting compliance requirements. They do this primarily training you and through that training, equipping you to protect classified information and perform work designated by the classified contract.
Just as the FSO is certified or provided FSO training, you will also receive required training from the FSO. The FSO manages the clearances, training, classified workspace, etc. and documents the all actions for future reviews by the Defense Counterintelligence Security Agency (DCSA). The training and briefings primarily begin with the non-disclosure agreement and continues throughout the cleared employee’s career with the company. Depending on time, resources and availability, the FSO and supervisors should attempt to structure security training by experience level. For example, newly cleared employees require more in-depth training than veteran security clearance holders recently hired at a defense contractor organization. All newly cleared and all new cleared employees regardless of experience should receive initial refresher training before gaining access to classified information.
Before you as a cleared employee can actually work on a classified contract, the FSO will ensure you meet three criteria; you sign the SF-312 Non-Disclosure Agreement, have a security clearance, and the need to know to access the classified information. The first step is the most difficult. The other two are fairly easy. Whoever possesses the classified information determines whether or not you should have access. If you are assigned to work on a classified contract, that contract relationship and the work assigned are part of the need to know process.

UNDERSTANDING A NON-DISCLOSURE AGREEMENT

As a newly cleared employee, you will be signing the agreement. Instead of just checking a box to agree, you should do your best to pay attention and understand exactly what it means to work with classified information and the great responsibility you will carry. The SF-312 briefing explains what classified information is, how the government designates it as sensitive, what the classification levels are, and what to protect from unauthorized disclosure. This is your first introduction on the topic. After this you will be provided a much more in-depth training called Initial Security Awareness Training.

INITIAL SECURITY AWARENESS TRAINING

The initial training will familiarize you with the National Industrial Security Program Operating Manual (NISPOM), the DD Form 254 Contract Security Classification Specification, and company policy as applied to protecting classified information both in the cleared facility and at other customer locations. You will also learn how to travel overseas and reduce your ability to be a security risk or target for exploitation as well as how to report espionage attempts. It also addresses counterintelligence issues, how to report security violations and disciplinary or possible penalties that can occur for committing a security violation.

INSIDER THREAT TRAINING

Here you will learn to recognize behavior consistent with sabotage or putting classified information at risk. They also learn who and how to report the observed adverse behavior. Insider Threat Training and Counterintelligence awareness briefings help employees learn to recognize behavior consistent with espionage, and who and how to report the observed adverse behavior.

DERIVATIVE CLASSIFIER TRAINING

This training is a matter of perspective between government and contractor classification roles. The government entity is an original classification authority and makes classification decisions, contractors do not. Contractor personnel make derivative classification decisions when they incorporate, paraphrase, restate, or generate in new form, information that is already classified; then mark the newly developed material consistently with the classification markings that apply to the source information. This training is required and will help you understand your role in marking classified information that is derived from original classified information.

EXIT BRIEFING

In case you eventually leave the cleared defense contractor organization, the FSO will remove your clearance from their oversight and provide you with an exit briefing. The FSO will discuss with you your responsibilities to continue to protect classified information. A new job, loss of contract, termination, retirement and removal of access are situations where FSOs should explain the responsibility of continuing to protect the classified information you accessed as an employee.
In summary, you as a newly cleared employee will go through another iteration of onboarding. This time emphasizing how you are integrated into not only the organization, but now the security program. As you integrate into the cleared organization, you should understand the security program and all information and tools which are in place. The FSO should be able to create, implement and direct successful protection of classified information – and that includes providing valuable employee training.



Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

No comments: