Security Executive Blog: training

Showing posts with label training. Show all posts

Friday, September 9, 2016

In Depth Insider Threat Training

This article continues the series covering the Self-Inspection Handbook For NISP Contractors and guidance found in the National Industrial Security Program Operating Manual (NISPOM) Incorporating Change 2.

This is the second article under the topic of Insider Threat Training. The earlier article addressed the requirement to training, who to train and when. This article addresses what to train.

NISPOM 3-103b states: NISPOM 3-103b states: All cleared employees must be provided insider threat awareness training before being granted access to classified information, and annually thereafter. Training will address current and potential threats in the work and personal environment and will include at a minimum:

(1) The importance of detecting potential insider threats by cleared employees and reporting suspected activity to the insider threat program designee.

(2) Methodologies of adversaries to recruit trusted insiders and collect classified information, in particular within ISs.

(3) Indicators of insider threat behavior, and procedures to report such behavior.

(4) Counterintelligence and security reporting requirements, as applicable.

Specific Application:

Question: Does your training align with the requirements outlined in NISPOM 3-103 and CSA guidance?

This is a specific question to determine how well the NISP contractor has developed, documented, and presented insider threat training to compliment the Insider Threat Program (ITP) and industrial security requirements. According to 3-103b, all cleared employees and employees with ITP duties should receive insider threat awareness training. Interestingly enough, the Insider Threat Training is now required prior to giving a cleared employee access to classified information.

Let’s break down NISPOM Chapter 3-103b into its basic requirements. This will allow us to develop specific training plans to address the topics.

Importance of detecting potential insider threats by cleared employees and reporting suspected activity

Report all viable suspicious activity. First, NISP employees should recognize reportable activity and how to report it. The NISP organization should be able to demonstrate a reporting process that emphasizes the importance of recognizing, reporting and reacting to insider threat activity. This process should be well documented, taught to employees and readily available for inspections and reviews. This is something that should be tailored to the enterprise’s internal policies.

Methodology of adversaries to recruit trusted insiders

There are many methods an adversary can use to target and engage authorized and trusted employees. Some ways adversaries have used to get sensitive information include:

· Elicitation-Subtle form of questioning where conversation is directed to collect information; it is different than direct questioning and harder to recognize

· Eavesdropping-Listening in on conversations to get information.

· Surveillance-Watching target unobserved and looking for exploitation opportunities

· Theft-stealing classified information

o There is a technology gap in many weapons systems where the US leads. The best way to close that gap is to steal information from or sabotage US efforts.

o Acquiring information circumvents the research and development requirement. While R&D is an expensive effort, stealing R&D information is an attractive option.

· Interception-acquiring classified information as it is transmitted (oral, electronic, hand delivery) to the authorized receiver.

· Sabotage-destroying, interrupting or corrupting. It is accomplished through cyber-attacks, insider manipulation, and destructive activities.

Indicators of insider threat behaviors and procedures to report

Cleared employees should understand how to work with, store and protect classified information; regardless of type. As a result of good security awareness training, there and expectation placed upon these cleared employees that they will treat classified information per NISPOM requirements. Employees disregarding procedures should be noted and reported. Here are some indicators:

· Keeping classified materials in an unauthorized location

· Attempting to access sensitive information without authorization

· Obtaining access to sensitive information inconsistent with present duty requirements

· Using an unclassified medium to transmit classified materials

· Discussing classified materials on a non-secure telephone

· Removing classification markings from documents

· Repeated or un-required work outside of normal duty hours

· Sudden reversal of financial situation or a sudden repayment of large debts or loans

· Attempting to conceal foreign travel

· Failure to report overseas travel or contact with foreign nationals

· Seeking to gain higher clearance or expand access outside the job scope

· Engaging in classified conversations without a need to know

· Working hours inconsistent with job assignment or insistence on working in private

The above are but a few indicators contrary to good security policy. Anyone displaying this activity should be reported as soon as possible.

Counterintelligence and security reporting requirements, as applicable

The 13 adjudicative guidelines used to evaluate an employee’s trustworthiness should also be used for continuous evaluation. Any employee displaying behavior that is contrary to the guidelines must be reported when that information constitutes adverse information.

Such incidents that constitute suspicious contact must be reported as well as incidents concerning actual, probable or possible espionage, sabotage, terrorism or subversive activities at any of a NISP contractor’s locations must be reported to Federal Bureau of Investigation with a copy to the CSA.

Here are some specific examples of what should be reported. We recommend a process in place to first notify the Facility Security Officer (FSO) (unless they are the problem) so that the FSO can notify, DSS, and where required, the FBI. Events or behavior that changes:

· The status of the facility clearance

· The status of an employee’s personnel security clearance

Events or behavior that indicate:

· An employee poses a potential Insider Threat

· Inability to safeguard classified information

· Classified information has been lost or compromised

Once a NISP contractor has developed insider threat training as described above, it should be included in the self-inspection. The Self-Inspection Handbook has a section entirely devoted to the Insider Threat and required training. Implementing the training and measuring effectiveness can be evidenced in the questions below (also from the handbook).

EVIDENCE:

· Explain how and when this requirement is fulfilled for new employees

· Explain and provide annual training

· Explain how you keep a record of employees insider threat training

· Can you recall any of the following being addressed in briefings?

o Risk Management

o Job Specific Security Brief

o Public Release

o Safeguarding Responsibilities

o Adverse Information

o Cybersecurity

o Counterintelligence Awareness

o Insider Threat

How does your company verify that all cleared employees have completed the required insider threat awareness training, per NISPOM 3-103b and documented as in NISPOM 3-103c?

3-103c. The contractor will establish and maintain a record of all cleared employees who have completed the initial and annual insider threat training. Depending on CSA-specific guidance, a CSA may, instead, conduct such training and retain the records.

This is easy enough to demonstrate. Save a copy of the training and sign in sheets.

Validation:

1. Provide a copy of insider threat training that is either stand alone or is incorporated into existing training plans.

2. Provide sign in sheet or other media to demonstrate that required employees have received the required training.

3. Provide an insider threat training policy or existing policy that requires insider threat training as outlined in NISPOM.

4. Ask cleared employees the following questions and document their responses:

a. Who is an insider?

b. What is an insider threat?

c. How do you report an insider threat?

d. How might a cleared employee demonstrate adverse behavior?

e. Who is in charge of the Insider Threat Program?

f. Name two methods an adversary might use to recruit and “insider”.

For more information, consider visiting our website at www.redbikepublishing.com. You can find industrial security themed books such as NISPOM, ITAR, Security Clearance and Contracts Guidebook; NISPOM based training presentations including insider threat training that you can download and present. For questions, you can email us at FSO@redbikepublishing.com.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Monday, November 24, 2014

Facility Security Officers, NISPOM Training and What We Really Do

NO, I will not move your office furniture.

The misunderstanding.

Not because I’m not a nice guy or a helpful employee, but you just came to the wrong office.

Ever have one of those days?

A few years ago while serving diligently as an FSO an employee came by my office. She shot the breeze for a few moments, then floored me with a question.

“Could you help me move my desk out of my office? I’m getting it replaced.”

I thought it a strange request as I was still kind of new and we hadn't built up the kind of relationship where she should ask for those kind of involved favors.

Sure, I could grab someone and we can come over and move it.

“That would be great,” she responded.

“But, better yet,” I said on second thought, trying to protect my back from sure injury. “Why don’t I call the facilities manager and we can get someone with the right equipment.”

“That’s what I meant,” she responded. “You are the facilities guy…”

Oooooh, now I know what’s going on.

After a brief exchange, I educated her on the role of a Facility Security Officer, which is to develop and implement a security program to protect classified information. She apologized for the misunderstanding and quickly moved on.

Confined to a small box.

It’s possible that you or someone you know has or is currently having same experience. This stems with fellow employees not understanding the FSO's role or responsibility. This misunderstanding could not only have people assuming FSOs control furniture and building use, but could lead to effectively undercutting potential leadership roles.

FSOs should have the ability to influence business and vision making decisions. Without such input, the enterprise may not reach its full potential.

FSOs should be regularly consulted for and be involved in business, statement of work, request for proposals, capabilities statements and areas of increasing value while working classified contracts. After all, FSO tasks encompass so much more than requesting security clearance investigations, sending visit authorization requests, or other general administrative tasks .

Breaking out of the box.

Nobody will ever understand what you can do unless you tell them in words they can understand and in the language they speak. What might be useful is a quick elevator speech of about 30 seconds. One that FSOs can relate in real time and highlights their capabilities and how they impact the company’s ability to work on classified contracts. A good place to start is reviewing contractual requirements and comparing them the already established security program.

Reference Documents

The first step is to review DD Forms 254 and look for specific security requirements as outlined in blocks 10 and 11 and those additional ones mentioned in blocks 13 and 14. Additionally, statements of work may list some opportunities the FSO can take advantage of to demonstrate value to the enterprise.

With this information FSOs can share with the enterprise not only the popular security clearance issues, but also:

Training requirements for employees to work with classified information (NISPOM training, initial security training, annual security awareness training, SF3-12 briefings, derivative classifier training)
Additional storage space required to include GSA approved containers, shelving, closed areas, classified discussions
Vision statement to include areas for business growth, business opportunities or hiring of additional security employees.

An elevator speech might look like: “As FSO I create, implement and lead security programs that protect classified information. To do this I help the enterprise make risk based decisions and implement countermeasures to ensure classified work performance is conducted as required, ahead of schedule and within budget.”

This proactive effort leads the FSO from bolting on security at the end of the product to weaving it in throughout the acquisition life-cycle.

The Setup

Consider two possible responses to a security opportunity:

Someone would notify the FSO with the good news of the contract award believing that everything is in place to proceed. A new DD Form 254 requires not only a product demonstration, but a classified research paper demonstrating how the product will meet the customer’s requirements. The contract also comes with the delivery of 300-400 classified documents.

1. A misunderstood FSO’s role might lead to a disaster as such:

The FSO is not directly involved with the acquisition and contracts process. They are just there to react to emerging contractual opportunities. As such, the organization could be left with reacting on short notice tasks with long lead times.

This might involve security briefings, training new or existing employees, determining where the classified work would take place, and where the product and 300-400 documents would be stored. This would be a large task for someone just discovering the requirements only after the contract is awarded.

Such a position of reaction could lead to delays in work as clearances would need to be requested, security containers ordered and restricted areas imposed please keep in mind that this is a made up scenario based on any level of classified work experience.)

2. A well-integrated FSO’s role might lead to success: Given advance notice the FSO can deliver sound advice as soon as rumors of new work whispers through the corridors. From the beginning the FSO could help determine how many cleared employees are needed vs. what is available, whether or not additional security training is required, whether or not existing storage space is adequate for documents and work performance and on and on. The FSO would inform business making process before decisions are made.

FSOs should be prepared to lead the organization through the requirements of performing on classified contracts. This opportunity can be clouded by misconceptions and misunderstanding. A difficult, but vital responsibility includes informing the enterprise of roles, responsibilities and capabilities. The FSO should research requirements and present a sound solution.

Tuesday, May 27, 2014

ISP Certification NISPOM Questions

Try your knowledge of the NISPOM and industrial security with these challenging questions:

1.      Which of the following can the CSA approve when no other alarm response options are available:
a.            Response by neighborhood watch
b.            Monitor by hidden camera
c.             Guarded by working dogs
d.            Installation of wire security
e.             Response by cleared employee
2.      In the Protection Profile Table for Confidentiality, which Data Transmission is required for PL2?
a.            Trans 1
b.            Trans 2
c.             Trans 3, 4
d.            Trans 5
e.             Trans 6
3.      In the Protection Profile Table for Confidentiality, which System Assurance is required for PL1?
a.            SysAssur 1
b.            SysAssur 2
c.             SysAssur 3,4
d.            SysAssur 5
e.             SysAssur 6
4.      In the Protection Profile Table for Integrity, which Backup and Restoration of Data is required for Basic?
a.            Backup 1
b.            Backup 2
c.             Backup 3
d.            Backup 5
e.             Backup 6
5.      Classified intelligence documents at a contractor facility shall be controlled according to NISPOM, with possible additional instructions from:
a.            NRC
b.            DNI
c.             CSA
d.            GCA
e.             FSO

SCROLL DOWN FOR ANSWERS

1.      Which of the following can the CSA approve when no other alarm response options are available:
e.             Response by cleared employee (NISPOM 5-906d)
2.      In the Protection Profile Table for Confidentiality, which Data Transmission is required for PL2?
a.            Trans 1 (NISPOM Chapter 8 Table 5)

3.      In the Protection Profile Table for Confidentiality, which System Assurance is required for PL1?
a.            SysAssur 1 (NISPOM Chapter 8 Table 5)

4.      In the Protection Profile Table for Integrity, which Backup and Restoration of Data is required for Basic?
a.            Backup 1 (NISPOM Chapter 8 Table 6)

5.      Classified intelligence documents at a contractor facility shall be controlled according to NISPOM, with possible additional instructions from:
d.            GCA (NISPOM 9-305)

Find way more questions in Red Bike Publishing's Unofficial Guide to ISP Certification and more NISPOM information in DoD Security Clearances and Contracts Guidebook and the print copy of NISPOM

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Wednesday, May 21, 2014

Communicating Your Security Message

NISPOM topics applying to the cleared contractor facility should be addressed as often as possible. Cleared employees may be very familiar with classified performance requirements, but may not always remember countermeasures implemented at the facility to protect classified information. Though they may be excellent at marking documents or using deriviative classification techiques to properly transfer a classification from a security classification guide to a classified report, they may still need to be reminded to attend security training, report suspicious information, or attend threat briefings. Excellence comes from day to day exposure. As their daily performance makes cleared employees experts in their fields, FSOs play a large role in bringing them to that same level of NISPOM compliance. Take the time to understand what training is needed and try to meet that need.

Three effective ways to communicate your security message:

1. Group presentations-a popular and fast way to train others is in a classroom environment. Many FSOs conduct this type of training using PowerPoint as the media of choice. You can get a lot of great applicable NISPOM information in a single presentation. Though the volume of information is high, risk of an audience tuning out is just as probable. Keep your presentations alive with you being the focus. Use PowerPoint to reinforce your message, not to deliver the message. A few bullets with applicable images will do the trick. But don't make the PowerPoint do all of your talking. Eyes should be on you with frequent glimpses at the charts to illustrate points, not narrate them. You can buy royalty free images (like the picture accompanying this article) from online providers that are clear and catchy and download them for use in your presentations.

2. Multimedia messages-Initial security training occurs when employees get their clearances and security refresher training is an annual training requirement per the NISPOM. However, training doesn't always have to be performed once a year. Instead of having an hour long command performance, try smaller and more frequent venues. A newsletter via print, electronic bulletin board or email is very effective. Just be sure the keep the message short and easy to read. Don't worry about trying to cram all the information into the communique all at once. Try to make your point using a few bullet sentence or a few paragraphs with no more than 250 words. Even better, download some royalty free images relating to the topic.

3. Personal touch-Get up from your desk and visit the team. Relationships contribute tremendously to the protection effort. Develop relationships that allow you to interact with each of the groups or individuals. Cleared employees should look forward to seeing you at their door; better yet, they should seek out your advice. Such status comes from developing trust and value. Once it thrives, there's not much you won't be able to do. If you have employees working in IT, just follow them around. You'll see an incredibly valuable employee being sought out by others for software, hardware and network fixes. If you aren't yet at that level, consider partnering with someone who is. You might roam with the IT, safety or HR professionals and glean experience and develop relationships based on ones they already have. You can then develop similar value as people learn to trust your input.

Understand what your message is and communicate it effectively. Some ways to build up your security program is to educate the employees through training in the form of presentations, multimedia contact and by developing relationships. Take time to understand where some of the NISPOM requirement weaknesses are and develop training to meet it. If you don't have your own NISPOM training presentations, SF 312, or derivative classification briefings, consider downloading ours.

Tuesday, April 15, 2014

Access Authorizations

We can apply the “Elements of Inspection” that are common to ALL cleared companies participating in the NISP. There are a few more elements that might be applied at unique cleared facilities, but facility security officers in those situations can adapt these articles to those specific needs. According to DSS’ The Self-Inspection Handbook for NISP Contractors, the five elements are:

(A) Facility Security Clearance (FCL)
(B) Access Authorizations
(C) Security Education,
(D) FOCI
(E) Classification

This third article in the series will address how to integrate the access authorizations into the overall security program designed to protect classified information.

Here are some questions from the handbook and ways to address the topics:

Are the numbers of clearances held to a minimum consistent with contractual requirements?

The facility security clearance is tied to a contract. Typically this tie-in is carried down to the cleared employee. However tying in a personnel security clearance to ONLY a contract might not be the right answer. For example, where a DD Form 254 and classified contract statement of work demonstrate that classified work is to be performed, these references do not dictate how many cleared employees are needed to conduct the work.

The best way to do measure “minimum consistent” is to tie the personnel security clearances (PCL) with the contract and establish need to know (there is a great article in clearancejobs.com that covers need to know as a justification for security clearances). Many people are required to make a contract successful, but don’t need a clearance. These might include buyers, assistants, engineers, program analysts and others support the contract, but may not actually perform on classified work.

For example, suppose 20 employees support a government contract which includes performing in a classified environment. The actual classified work is off site and involves five employees conducting testing on a new missile. The test results are classified and the five employees are the only ones to ever engage with the classified product.

In this situation, the easy course would be to just provide clearances for all employees and tie the justification to the contract number. However, the end result would be committing enterprise, industry and national security resources to supporting an unjustifiable additional 15 cleared persons. Though the contract involves classified work, the justification should be on the need to know and not necessarily the classified contract.

Here is a link to an earlier post about how to justify clearances. It even includes a sample form that can be duplicated, used and presented to DSS.

http://dodsecurity.blogspot.com/2011/07/security-clearances-and-real-deal.html

Are employees in process for security clearances notified in writing that review of the SF 86 is for adequacy and completeness only and that the information will be used for no other purpose within the company?

This is an administrative task that can be demonstrated with a signed memo. Write up the requirement and agreement of the SF 86 purpose, have the employee sign it and file it away to demonstrate not only compliance, but a workable process.

Are original, signed copies of the SF 86 and releases retained until the applicant’s eligibility for access to classified information has been granted or denied, and then destroyed?

This is an important question. Many years ago (2006-2007), groaning resonated from the facility security officer (FSO) community about the arduous task of removing all the files and the loss of “valuable” information upon the destruction of such a massive record base. NISPOM, Industrial Security Letters, DSS reviews, JPAS, and personal identifiable information protection requirements have provided guidance and helped build a new standard of releasing that information for tightly gripped fists.

Now, all contractors should now have a process in place to ensure that the SF-86 is destroyed as soon as a final determination of the employee's eligibility for access to classified information has been made.

Are all pre-employment offers based on acceptance to begin employment within 30 days of granting eligibility for a Personnel Clearance (PCL)?

For this, you can go directly to ISL 2009-02, #2 Pre-employment Clearance Action under Industrial Security Letters at: http://www.cdse.edu/toolkits/fsos/personnel-clearances.html

According to the NISPOM 2-205 a cleared company can submit a PCL request on an prospective employee as long as there is a written agreement that the employee will begin work within 30 days of the clearance being granted. This requirement can be met with human resources or the FSO filing a signed memo offering the prospective employee a job and their commitment to begin work once the clearance is granted.

Has citizenship been verified for each initial PCL applicant? RESOURCE: ISL 2011-02 Acceptable Proof of Citizenship under Industrial Security Letters at:

http://www.cdse.edu/toolkits/fsos/personnel-clearances.html

Citizenship can be verified by any means listed in NISPOM 2-208. Primarily, certified U.S. birth certificates; certificate of naturalization, U.S. State Department certificates of citizenship and etc. This is an easy question to answer, but unless you are willing to make photocopies of all the citizenship verification documents, it’s hard to demonstrate. The best thing to do is document this requirement somewhere in company policy and be prepared to address how you meet the requirement during the DSS review. Be prepared to identify the documents and what you would check to ensure they were certified.

Preparing for the annual review can only strengthen your security program. Take the topics from The Self-Inspection Handbook for NISP Contractors and see where yours can be improved.

For more ideas, see our books, "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Friday, February 21, 2014

What Kind of Security Training Should FSOs Give to Uncleared Employees?

It’s true, cleared defense contractors have uncleared employees. In larger organizations, these employees may work in shipping and receiving, maintenance, human resources and other non-program development areas. The organization should develop policy and training to incorporated into the procedures to protect classified information.

How would an uncleared employee have access to classified information?

Hopefully never, but mistakes happen when such instances are not identified. Cleared employees could possibly find unattended classified information, unlocked security containers or stumble into classified conversations.

Sometimes classified information is delivered to the wrong recipient, absent minded cleared employees might leave classified information on a printer or in the common areas and cleared employees may have approved classified meetings but forget to verify clearance and need to know. Things happen and damage control as a last resort is all too prevalent in these situations. An FSO with properly trained uncleared employees may have an easier time investigating whether or not classified information is compromised when everyone reacts properly.

This NISPOM training may include:

What national security information is-an uncleared employee should understand that unauthorized distribution of classified information effects national security. A properly trained uncleared employee would therefor alert the FSO or other responsible person if they discover unattended classified information. They will also understand not to read unattended classified documents or identify themselves as uncleared before cleared employees begin classified conversations.

What classified information looks like-coversheets, proper markings and other information identifies that an item is classified. The uncleared employee can be trained to easily recognize classified information and know what to do when they come across it.

What to do if coming across classified information-classification markings help identify classified information, the level of classification and who classified it. The internal controls would identify what the uncleared employee should do if coming across an unidentified document or other classified item.

Using the above training tips can help prepare for the self-inspection process as training and interviewing uncleared employees is part of the self-inspection. DSS has provided sample questions that you can ask when interviewing uncleared employees:

What is classified information?

How would you know if something was classified?

If you found unprotected, classified information, what would you do?

Have you ever heard classified information being discussed?

Have you ever come into possession of classified materials? How?

So, as you build your security program to protect classified information, don’t forget your uncleared employees. They can be the missing link to preventing unauthorized disclosure.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Wednesday, October 2, 2013

How to get ready for the DSS Inspection

NISPOM

As mentioned in an earlier article, NISPOM Change 1 requires Derivative Classification Training and Record keeping Guidance. This guidance requires that the cleared contractor provide cleared personnel with initial Derivative Classification Training and follow up and at least once every 2 years. The training topics are vital to the cleared contractor performing on classified contracts. Properly trained employees reduce the risk of unauthorized disclosure of classified information.

Currently this training can be put in place at the cleared contractor’s initiative. The sooner training is implemented the better. The Defense Security Services will be publishing an Industrial Security Letter (ISL) that provides instruction for conducting training including a “trained by” date to meet the requirements of the recent NISPOM changes. Why not begin the training now and be prepared for success before DSS gives the deadline for conducting training. Remember, if not trained, cleared employees cannot perform on classified work requiring derivative classification. That’s a lot of missed.

Remember that DSS is in the business of auditing. They are more than capable of both helping a company succeed with good training and working relationships, but they are also just as equipped to find security violations. Failure to protect classified information is a security violation. Failures are often caused by mismarked materials.

For example, after reviewing requirements of a DD Form 254 and statement of work, the industrial security representative discovers that derivative classification work has been occurring since the contract award a year prior. However, training records indicate that the derivative classification training had only been conducted in the last two weeks (while preparing for the inspection). It wouldn’t be hard to deduce that there is a possible security violation and perhaps a review of classified inventory is in order.

So, how can you prepare to meet this challenge?

Cleared contractors can refer to NISPOM paragraph 4-102 and develop training based on the directed subjects. Document that training and schedule follow-up training in two years. A good practice is to provide a copy of the training with training signatures or certificates. That way DSS can determine who was trained and whether or not the derivative classification training conformed to NISPOM Change 1.

No time to write training?

You can find training though professional organizations, at the DSS website or here

Thursday, July 4, 2013

NISPOM Derivative Classifier Training

Derivative classification is a required training event. Defense contractors who use classified source material to generate a new product perform derivative classification. According to the National Industrial Security Program Operating Manual (NISPOM) all derivative classifiers must receive this training every two years.
Contractor personnel make derivative classification decisions when they incorporate, paraphrase, restate, or generate in new form, information that is already classified; then mark the newly developed material consistently with the classification markings that apply to the source information. Derivative classification includes the classification of information based on guidance, which may be either a source document or classification guide.

Order your training here:

Derivative decisions are made through:Incorporating-Programs that assemble classified parts or use integration of classified processes assemble those already classified parts into a new classified
product. This product’s classification level is derived from the incorporation of those classified parts
Restating-A cleared defense contractor takes analyzed data and writes it in a way for lay people to understand the performance is performing derivative classification. According to XXX SCG, the analyzed data is classified. The classification markings are carried over to the presentation or paper.
Paraphrasing-a researcher analyzes classified reports from three sources to create a consolidated report as part of a contractual requirement. Instead of copying the report word for word, they shorten it, documenting only the relevant facts.

Generating-Using classification instructions (SCG, DD Form 254, contract) as part of the process to build a classified product. This could be an end item, a report, test results and etc. The newly classified item is derived from instructions identifying classified characteristics, processes, parts or information.Why is this training important?
Change 1 to the National Industrial Security Program Operating Manual (NISPOM) outlines requirements for derivative classification. Where the original classification authority receives training on the same topics annually, NISPOM requires derivative classification once every two years. and at least once every two years. According to NISPOM derivative classifiers should be trained…in the proper application of the derivative classification principles, with an emphasis on avoiding over-classification, at least once every 2 years. .. not authorized to conduct derivative classification until they receive such training.
Here’s the important part, no training, no work. Proper training and documentation is the difference between performing on classified work and not being able to meet contractual requirements.

What you’ll receive:
over 40 slides with required training topics
notes pages to read while presenting
Comprehensive quiz
Printable certificate fir recording names and training event Does your business have time to focus on training requirements?

Defense contractors and cleared contractors with one to a few hundred employees may have FSOs designated in addition to regular duties. COOs, engineers, CFOs, HR and other professionals don’t have time to create and execute training while performing on contract.

That’s where Red Bike Publishing can help.

An FSO can spend several hours designing training. At $35.00 per manager work hour, that could end up costing at least $150.00, not including the costs associated with brining the FSO off a contract to perform out of scope work. Our low cost, high value training package allows you to concentrate on your core competencies while we provide your required training. Our NISPOM Training contains requirements for the Annual Security Awareness and Initial Security Training. Just download our slides and lead the discussion, the notes are already filled out and ready to read.

NISPOM Training $49.95

FSOs have a huge responsibility to protect classified information. As such, these FSOs may be owners, engineers, human resources or appointed employees with other additional duties. If you are an appointed FSO with other duties, you might be just too involved running your company to create a training program.

Red Bike Publishing can help. We’ve created an easy to use presentation that you can download and deliver. Notes are available straight from the NISPOM. You can read them word for word or you can tailor the presentation to meet your organizational needs. Once complete, you’ll meet the National Industrial Security Program (NISPOM) and Defense Security Services (DSS) training requirements.

NISPOM Derivative Classifier Training

When you invest with this training program you will receive a link for the main presentation . Topics include NISPOM requirements:

Classification Level
Duration Of Classification
Identification And Markings
Classification Prohibitions And Limitations
Sanctions
Classification Challenges
Security Classification Guides (SCG)
Information Sharing

$49.95

You focus on core competencies while we focus on oursCleared contractors have to follow NISPOM requirements to keep their security clearances. They have to keep their security clearances to perform on classified contracts. Wouldn’t it be nice to be able to let someone else take care of your training needs?
Again, the training you download addresses NISPOM required topics. All you have to do is deliver to cleared employees. You can read it word for word, tailor the information for your mission, or simply let employees read the presentation themselves. It’s that easy.
If you would like more information about NISPOM training send an email to editor@redbikepublishing.com with your first name and email address.
Properly documented training is needed and this training meets the requirements.
Order your now and keep your employees working.

Tuesday, May 21, 2013

Derivative Classified Training-What FSOs Should Know

Change 1 to the National Industrial Security Program Operating Manual (NISPOM) outlines requirements for derivative classification. Where the original classification authority receives training on the same topics annually, NISPOM requires derivative classification once every two years. According to NISPOM derivative classifiers should be trained…in the proper application of the derivative classification principles, with an emphasis on avoiding over-classification, at least once every 2 years. .. not authorized to conduct derivative classification until they receive such training.

Here’s the important part, no derivative classifier training, no work. Proper NISPOM training and documentation is the difference between performing on classified work and not being able to meet contractual requirements. Make sure your cleared contractors performing derivative classification responsibilities are trained to standard. The standard is listed below with a few ideas on how to meet each of the criteria.

Classification levels-
In all occasions, employees should understand how to recognize classified information and handle it properly. Those in possession of classified information should comprehend how to safeguard it and prevent unauthorized disclosure.
There are three levels of classification: CONFIDENTIAL, SECRET and TOP SECRET and are assigned based on impact to national security as follows:

CONFIDENTIAL-could be expected to cause damage to the national security

SECRET-could be expected to cause serious damage
TOP SECRET-could be expected to cause exceptionally grave damage
Level of damage is determined through a process by the original classification authority (OCA). After the OCA makes a determination, the classification level is documented through a security classification guide, Contract Security Classification Specification (DD Form 254) and classification marking on the products.

Defense contractors practice derivative classification by carrying over the communicated classification levels to the new product. This information is found on classified source documents, instructions in the SCG or as required by the DD Form 254. In practical measures this means repackaging classified data generated from testing and simulation, research using classified source documents, building classified end items and etc.

Duration of classification-

This is identified in the (Classified By: ) information line. It consists for four lines total.
Information comes from the source. e original classifier indicates either a date or event for the duration of classification for up to 10 years from the date of the original classification decision unless the date is further extended due to information sensitivities for up to 25 or 50 years.

1. Classified By: The derivative classifier carries over the date for the same duration. On the source comments, the (Classified By: line) is now required to identify the derivative classifier.

2. Derived From: This lists the source(s) where the derivative classifier pulled to classification guidance from. This is most likely the relevant security classification guide. However, if more than one source is used, then“multiple sources" is used. The derivative classifier then keeps a record to support the duration identified. This record can be listing of sources attached to each derivatively classified item.
3. Then there’s the Downgrade To____ On____ line. If provided on source guidance, just carry over instructions from the source documents, DD Form 254 or SCG to downgrade to SECRET or CONFIDENTIAL on specified date or event.
4. Declassify On: Here’s where you put the duration. The duration of within 10, 25 or 50 years is from the date of original classification, not from the date of the derived product. If many source documents or SCGs are used, be sure to carry over the date of the longest duration.

Here’s what a derivative classification line might look:

Classified By: Jared Jerrod, XYZ Contractor Lead Engineer
Derived From: Gravy SCG
Downgrade to CONFIDENTIAL on
Declassify On: 20201024

Identification and markings-
Classified items, documents, hard drives, computers and end items should be properly marked to indicate the highest classification level. These markings should stand out to warn the user of the classification level so that they can properly safeguard it. For example, classified documents would have classification levels on the top and bottom of each page as well as portion markings on paragraphs, illustrations and graphs. There are five different types of classification markings that go on documents. They are overall markings, page markings, component markings, portion markings and subject and title markings.

Removable hard drives, computers, and objects should have classification designations conspicuously marked on them. The user would then know how to protect it while in use and at rest.
When not stored in a secure container classified objects should have cover sheets. These cover sheets are obvious reminders of classification markings and are color coded:
TOP SECRET is orange
SECRET is red
CONFIDENTIAL is blue

Classification prohibitions and limitation- Information is only to be marked classified based on previous guidance found in the DD Form 254, SCG or classification markings on source documents and for the protection of national security. Classification markings cannot be applied to hide legal violations, inefficiencies or mistakes. Nor can the derivative classifier assign a classification just to prevent embarrassment, prevent or restrict competition or delay the release of information that hasn’t previously required such a level of protection

Sanctions-

Classified information is nothing to leave around while going on lunch break or discussing in the car pool while driving back to the office from a classified conference. All cleared employees working with classified information should know how to protect and treat it at all times. This includes at work, at rest, during transmission, and destruction. Failure to protect classified information can result in corporate discipline, revocation of security clearances, debarred from conducting classified business, prosecuti0n, and jail time to name a few.

Classification challenges-

It is a cleared employee’s duty to challenge the classification level if they find the classification level to be inappropriate or unnecessary. The NISPOM states that challenges go through the Information Security Oversight Office, however they can be easily handled program channels or brought through the addresses found in the administrative section of the appropriate SCG if available.

Security classification guides (SCG)-

SCGs communicate a program’s classification decisions. They are created by a program, applied to an effort and are signed by an OCA. A well written SCG should provide the cleared contractor with sufficient information to apply derivative classification. The SCG will provide information on whether or classified and to what level. Some elements include administrivia, items, processes, testing, simulation, modeling and performance. Ensure the SCG is clear, applicable and well understood by cleared employees. If not, challenge it and seek clarification.
Information sharing-

True or false? Everyone in our company has a clearance, so we can all work together on it.

It is the person’s in possession of classified information responsibility to ensure the requester has a security clearance at the appropriate level of the classified information and that they have a need to know.

This responsibility extends to transmitting the information through email, presentations, fax, mail and other methods. Need to know and clearance level must both be enforced to properly protect classified information.

Cleared contractors in certain environments create classified products derived from classified information. Without the executed and documented training, derivative classification cannot be performed and thus they would not be able to meet contractual requirements; no training, no work. Use these recommendations to develop and provide outstanding training to your cleared employees. The good news is that anyone can perform the training as long as it is to standard. The above information outlines the NISPOM Change 1 guidance that reflects that standard.
Derivative classifier training is available at
http://www.redbikepublishing.com/training/nispom-derivative-classifier-training/

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

Sponsor us.

We offer advertising space on our Podcast, newsletter, website and blog, for $700.00 per year. Our products are targeted directly to your market; only those who are providing defense industry security subscribe to our newsletter.

Effective advertising positions your company for success. You’ll get:

Advertisement on our sites marketing exclusively to defense contractors

Announcement in Podcast http://dodsecure.buzzsprout.com and on podcast page. Podcasts are available on Apple, Amazon, Buzzsprout and more.

Linked banner @ http://www.dodsecurity.blogspot.com/

Linked banner in sponsor section of home page https://www.redbikepublishing.com/sponsors/

Linked banner in monthly email newsletter dedicated to training cleared contractors on protecting classified information.

Consider allowing us to provide a 1000 word article about your product to feature on our blog and newsletter for $500.00

If you would like more information, please contact us editor@redbikepublishing.com

Here is a wrap up of what we were able to do in 2020

We've outsourced a few tasks to provide better customer service. To provide better content for our security professional customers, we've funded the following efforts just for our newsletter and Podcast considerations:

• Upgraded email functionality for better newsletter distribution

• Upgraded website content

• Purchased high quality microphones and mixers for podcasts

• Purchased high quality cameras for YouTube videos and course content

• Upgraded to video conference capability with paid subscriptions

• Purchased software packages for better formatting

• Attended Podcast 2020 and brought back some tremendous lessons learned

• and much more.

We’ve completed the following milestones this year:

• 25% more newsletter subscribers with your services listed.

• Provided referrals to sponsors

• Released 36 articles in more than 24 newsletter editions

• Over 40 blog posts with thousands of visitors with your services listed

• Interviewed multiple people to provide over 20 podcast episodes. We've reached over 2000 downloads, which is huge considering our small niche. I hope you've had a chance to listen to Ray DICE Man Semko. Getting him on podcast was a huge success.

You will also be able to provide any articles, white papers or messages personalized to our audience. We could also include you or other employees in some strategic podcasts as well. Always looking for great guests.

Pages