Become Technically and Tactically Proficient in NISPOM

 


By: Jeffrey W. Bennett, SAPPC, SFPC, ISOC, ISP

FSOs and security specialists should understand the NISPOM requirements enough to guide their organizations through compliance issues. It takes a tremendous understanding of NISPOM and requirements to prepare for and pass the the annual security review. Additionally, defense contracts can require exquisite performance services and products testing even the most experienced.

How does one gain an understanding of NISPOM? With revieing, training, testing and use. Cleared employees should have a copy of NISPOM, DD Forms 254, and other resources describing security requirements. The NISPOM provides the protection standards.

How will one understand NISPOM if they don't read, study and apply?

With practice, you can develop a keen understanding of NISPOM. If you are serious about advancing in your field, work on your knowledge of NISPOM. Who knows, it may also set you up to prepare for certification.

First, download your copy of NISPOM. Read it, apply it, mark it up, talk about it, live it. It's the only way to become proficient in FSO tasks and compliance.

Second, test your knowledge of NISPOM with study questions. Our ISP and ISOC Master exam prep is a book made of 4 x 110 quiz and essay questions from NISPOM. study this book to practice, practice, and practice. It will increase your knowledge.. 

It teaches insightful study tips designed to show you how to: form study groups, network, seek out opportunities, learn your way around the NISPOM and includes four exam length practice tests.

Try these questions to see how you do:

1.     During UNCLASSIFIED visits by foreign nationals, it is a _____ responsibility to ensure export authorizations are obtained.

a.           GCA

b.           Contractor 

c.            CSA

d.           State Department

e.            DGR

2.     Card readers, control panels, interface devices or keypads communication located inside of a TOP SECRET closed area shall have which of the following:

a.           Tamper resistant enclosure

b.           Fastened to a structure

c.            Protected by tamper alarm 

d.           Activated retinal scan

e.            None of the above

3.     Sanitizing is the methodology used of _____ information from media prior to reusing the same media in an area that does not provide a level of protection that is acceptable.

a.           Eradicating

b.           Removing 

c.            Examining

d.           Releasing

e.            Exposing

4.     TOP SECRET control officials shall be designated to _____________ TOP SECRET information.

a.           Transmit, maintain access and accountability records for, and receive

b.           Create, classify, brief, document

c.            Receive, create, classify, disseminate

d.           Request, assign, account, disseminate

e.            Receive, transmit, classify, document

 

 Scroll down for answers

 

1.     During UNCLASSIFIED visits by foreign nationals, it is a _____ responsibility to ensure export authorizations are obtained.

b.           Contractor

2.     Card readers, control panels, interface devices or keypads communication located inside of a TOP SECRET closed area shall have which of the following:

c.            Protected by tamper alarm

3.     Sanitizing is the methodology used of _____ information from media prior to reusing the same media in an area that does not provide a level of protection that is acceptable.

b.           Removing

4.     TOP SECRET control officials shall be designated to _____________ TOP SECRET information.

a.           Transmit, maintain access and accountability records for, and receive

 

Comments

Post a Comment

Popular posts from this blog

Appointing the Threat Program Senior Official (ITPSO)

Image
This article continues the series covering the Self-Inspection Handbook For NISP Contractors and guidance found in the National Industrial Security Program Operating Manual (NISPOM) Incorporating Change 2 .   Since the NISPOM update adds to requirements, there is now a sixth element to the “Elements of Inspection” that are common to ALL cleared companies participating in the National Industrial Security Program (NISP).   As mentioned in the first article in the series, all should be incorporated into your customized self-inspection check list: (A) Facility Security Clearance (FCL), (B) Access Authorizations, (C) Security Education, (D) FOCI, (E) Classification, and (Y) Insider Threat . Question: Has the company appointed a U.S. citizen employee, who is a senior official, as a key management personnel (KMP) who will serve as the Insider Threat Program Senior Official (ITPSO)? NISPOM Reference: 1-202b, 1-202c, 2-104   1-202b. The contractor ...
Read more

How Contractors Get Facility Security Clearances

Having a Facility Clearance (FCL) makes a business attractive, but that desire does not provide the needed justification for obtaining a security clearance. The FCL is strictly contract based and demonstrates an enterprise’s trustworthiness. A company is eligible for a facility security clearance after the award of a classified contract. The FCL is a result of a lengthy investigation and the subsequent government’s determination that a company is eligible to have access to classified information. A company can bid on a classified contract without possessing a facility clearance, but is sponsored for a clearance after the contract is awarded. The interested company cannot simply request its own FCL, but must be sponsored by the Government Contracting Activity (GCA) or a prime contractor. Once the need to conduct classified work is determined, the next requirements are administrative. The company has to submit proof that they are structured and a legal entity under the laws of th...
Read more

Protecting CUI on work Computers

Image
It’s a common practice to allow employees to use enterprise computers outside of the enterprise. This has become more common where employees are increasingly working at home. Though a common practice, these occurrences are not always best practices. Anytime an employee leaves work with a company computer, the expectation is that all information is vulnerable. Malware, ransom ware “supply chain attacks”, hacking and other threats are prevalent. In many cases this can be controlled through applying NIST standards and strong cybersecurity measures. This article will focus on limiting use of loaned laptops and not on technical cybersecurity application. The organization should assign a strong risk assessment based on use prior to assigning company computers for at home use. This risk assessment should limit the information to be provided and for specific purposes. For example, if a user works on a specific project, then the laptop might only contain information for that specific use. The l...
Read more