Vulnerability Assessment Rating Matrix 2013 Update
In case you haven't seen the release, http://www.dss.mil/isp/fac_clear/security-rating-matrix.html , DSS has announced new Vulnerability Assessment Rating Matrix 2013 Update. This matrix provides DSS with a way to gauge a cleared defense contractor's compliance with NISPOM. But, it also gives the contractor a methodology to evaluate their own performance. Think of it as a way to enhance your own self-inspection. But let’s go back to DSS, what are they looking for in this analysis? During the annual review, DSS will look at a cleared facility and run through a consistent and reliable process to determine whether or not procedures are in place to adequately protect classified information. As mentioned earlier, the threat and impact are already identified. So, vulnerability is simply a reflection of the proscribed protection measures outlined in NISPOM and the inspection and not an analysis conducted by the FSO. Vulnerability per DSS occurs when a contractor is not in compli...