Monday, January 18, 2016

NISPOM Based Questions

NISPOM @ http://www.redbikepublishing.com/book/nispom/
Try these NISPOM based questions and see how you do. You may find some answers in the NISPOM, but some you might just have to think about.

1. The foreign government designation of RESTRICTED should be given what level of protection in the U.S.?

a. SECRET

b. TOP SECRET

c. CONFIDENTIAL

d. UNCLASSIFIED

e. FOUO

2. May the CSA approve multiple stops while a contract employee hand-carries classified between countries?

a. Yes, if approved secure contractor storage is available

b. Never, only non-stop flights are authorized

c. Yes, if approved secure Government storage is available

d. Yes, as long as classified never leaves courier sight

e. None of the above

3. Contractors must inventory classified material and keep them at the minimum amount necessary for _____ and _____ operations.

a. Fast, streamlined

b. Slow, steady

c. Practical, expedient

d. Effective, efficient

e. Contractual, performance based

4 . If retention of classified documents under an expired contract is desired for longer than the 2-year period, who is the approval authority?

a. GCA

b. CSA

c. FSO

d. FBI

e. CSO












Keep Scrolling for Answers:










1. The foreign government designation of RESTRICTED should be given what level of protection in the U.S.?

a. SECRET

b. TOP SECRET

c. CONFIDENTIAL (NISPOM 10-303)

d. UNCLASSIFIED

e. FOUO


2. May the CSA approve multiple stops while a contract employee hand-carries classified between countries?

a. Yes, if approved secure contractor storage is available

b. Never, only non-stop flights are authorized

c. Yes, if approved secure Government storage is available (NISPOM 10-405)

d. Yes, as long as classified never leaves courier sight

e. None of the above

3. Contractors must inventory classified material and keep them at the minimum amount necessary for _____ and _____ operations.

a. Fast, streamlined

b. Slow, steady

c. Practical, expedient

d. Effective, efficient (NISPOM 5-700b)

e. Contractual, performance based

4 . If retention of classified documents under an expired contract is desired for longer than the 2-year period, who is the approval authority?

a. GCA (NISPOM 5-701)

b. CSA

c. FSO

d. FBI

e. CSO
So how did you do? These questions and more can be found in Red Bike Publishing's Unofficial Guide to ISP Certification,  DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams. 

Wednesday, January 13, 2016

DoD Security Professionals and Certification


 
 
Happy New Year DoD security and risk management professionals.

A new year, a new beginning; a great motto and motivational phrase. As such, this is the time of year to reflect upon your accomplishments and develop goals. Some of these goals impact only you, but may actually impact your organization. If your goals include professional certification and education, then use this article as a roadmap to get you there.

You may be aware of the many available certifications and this article addresses two prominent ones; Industrial Security Professional (ISP) ® and the Security Professional Education Development (SPeD) certifications. Both certifications are great ways to demonstrate professional competence that brings credit to the certified professional and the organization they support.

The ISP ® certification


The ISP ® certification is sponsored by NCMS and is based on the DoD, 5220.22-M, National Industrial Security Program Operating Manual (NISPOM), 2006, With Change 1. It is an open book exam available online. Those wishing to take the exam should coordinate with NCMS for the taking the test. This coordination will include addressing pre-requisites, applying for, determining a test date, finding a proctor, and taking the exam. NCMS also has a study program and mentors to help you through the process.

Security Professional Education Development (SPeD)


SPeD certification is a Department of Defense that is available to those working in the NISP. This includes contractors directly supporting DoD organizations. There are three core certifications available. They are Security Fundamentals, Professional Certification, Security Asset Protection Professional Certification, and Security Program Integration Professional Certification. You can find more information at www.cdse.edu

Certification Preparation


Fortunately both certifications require planning and coordination. In other words, it’s impossible to show up unannounced and take the exams. The level of test coordination requires months of advance planning to become vetted by the certification organizations. The vetting simply determines whether or not candidates possess the experience, skill level, and education stated as pre-requisites. The lead time from initial coordination to actual test execution can take up to a year. For procrastinators, this testing coordination process can be the trigger necessary to begin an intensive studying effort to prepare for the tests. So, coordinating a test date can propel a candidate to begin their study prep.

There are many ways to prepare for certification. Each certification has its own internal study program. The NCMS offers ISP ® certification as well as for incorporating into the SPeD certification preparation. Defense Security Services has an education program complete with online courses that focus on the NISPOM topics for ISP ® certification and other DoD level security topics appropriate for the SPeD certification.

There are also books and training appropriate for both certifications available at Red Bike Publishing. In addition to print versions of the NISPOM and ITAR. DoD Security Clearance and Contracts Guide Book is covers protecting classified information as addressed in the NISPOM. It takes the NISPOM and applies it to notional contract requirements and is a great resource for DoD and contractor security professionals. Additionally, Red Bike Publishing’s Unofficial Guide for ISP Certification has 440 NISPOM based questions.

Red Bike Publishing also has NISP security training that can be used to prepare for ISP ® and SPeD certification. These include Annual Security Awareness Training for Possessing and Non-Possessing Facilities, Derivative Classifier Training, SF 312 Training, and more.  These training programs review most National Industrial Security Program (NISP) topics.

Happy New Year and best of success developing and meeting all of your personal and professional goals.

Wednesday, December 23, 2015

Keeping the knowledge of security container combinations to a minimum.

In this weeks article continuing the coverage of the Defense Security Service (DSS) Self Inspection Handbook for NISP Contractors, we'll review the National Industrial Security Program Operating Manual (NISPOM), Paragraph 5-308.

5-308 Is the number of people possessing knowledge of the combinations to security containers kept to a minimum?

Not every employee needs the combination to the security container.

The combinations should be provided to those with the proper clearance and need to know. This is the maximum number of individuals who should have it, but a minimum standard as far as combination accountability. After all, the security container combination is classified at the same level as the highest level of information stored in the container. 

Clearance and need to know of the contents aside, maintaining control of combinations should include keeping access to the security container at a minimum amount necessary to manage good information security. For example, 10 cleared employees may need access to a document. However, these 10 cleared employees may not need access to the security container.

There are many ways to monitor and approve combination distribution.

One consideration might be shared container space. For example in the example of the 10 cleared employees above, the 10 may have classified documents collocated in the same security container with the classified documents of another group. All are classified at the same level, but not everyone has a need to know of each group’s information. Need to know would be approved for those who are granted the combination. These few would be granted need to know then given the combination. They could then distribute the contents as required.

Another consideration is classification of the combination. Not only is the classified information protected based on access and need to know, but the combination is also classified to the level of the information stored in the container. Therefore it also must be protected by verifying employee clearance level and need to know controls. If the combination is written, then the written combination should be marked properly and also stored in a security container. Protecting, documenting and accounting for the classified security container combination provides the controls necessary for proper information security. Combinations should be memorized. A good memory jogger is a word that matches the combination numbers. A combination reminder magnet helps.

Another consideration is availability. Out of the above example of 10 cleared employees, those granted with access should be available throughout the working day to open and close the container.

Though not an exhaustive list of examples, each of the above cases require thought. Out of the cleared employees, which have need to know of the information in the security container. Then providing and maintaining access to the combination at a minimum.

Where the classified combination is provided, it must be properly documented. The FSO should record the names of those to whom the combination is provided.

In cases where a cleared contractor involves a one-person operation, that person serves as the FSO for that entity. The single employee FSO is as critical as any other FSO. The main difference is that the single employee FSO is the only one who has access to safe or vault combinations and access control and alarm codes. If the employee dies or is incapacitated a backup plan is necessary to better protect the classified material. In cases of sole employees, the FSO will give the combinations to DSS or the home office if part of a larger organization

VALIDATION:                                                                                   
  • Determine who has access to the security container combination.
  • Document the process to limit access to the combination to the minimum necessary.
  • Interview those who have access to the container and document how they enforce need to know of the contents before distributing classified information.
  • Demonstrate that the combination is treated as classified information. Verify that if written or recorded, that it is marked correctly and stored in a GSA approved container.   
  • Demonstrate written policy that limits the number of those with access to the security container combination to the minimum necessary
  • Security awareness training is provided that enforces the protection of combinations as classified and with limited distribution.



Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Tuesday, December 1, 2015

NISPOM Based Questions







Try these NISPOM based questions and see how you do. You may find some answers in the NISPOM, but some you might just have to think about.



1. TOP SECRET information can be transmitted by which of the following methods within the U.S. and its territories?

a. Defense Courier Service, if authorized by GCA

b. A courier cleared at the SECRET level

c. By electrical means over FSO approved secured communication devices

d. By government vehicle

e. By U.S. Postal Service Registered Mail



2. SECRET information can be transmitted by which of the following means?

a. Registered mail

b. Cleared commercial carrier

c. As designated in writing by GCA

d. Commercial company approved by CSA

e. All the above

3. Contractors who designate cleared employees as couriers shall ensure all EXCEPT:

a. They are briefed on responsibilities to safeguard classified information

b. They possess a card with the company name, name of individual and picture ID

c. They possess authorization to store classified in hotel safe

d. Classified material is inventoried prior to deliver

e. Classified material inventory transported with material.



4. When escorting classified information transported in the airplane’s cargo area, plane _____ and deplane _____.

a. Before other passengers, after other passengers

b. After other passengers, before other passengers

c. After cargo is secured, before anyone

d. After engines start, before plane pulls to gate

e. After plane leaves gate, before plane pulls to gate











Scroll down for answers





1. TOP SECRET information can be transmitted by which of the following methods within the U.S. and its territories?

a. Defense Courier Service, if authorized by GCA (NISPOM 5-402)

b. A courier cleared at the SECRET level

c. By electrical means over FSO approved secured communication devices

d. By government vehicle

e. By U.S. Postal Service Registered Mail



2. SECRET information can be transmitted by which of the following means?

a. Registered mail

b. Cleared commercial carrier

c. As designated in writing by GCA

d. Commercial company approved by CSA

e. All the above (NISPOM 5-403)



3. Contractors who designate cleared employees as couriers shall ensure all EXCEPT:

a. They are briefed on responsibilities to safeguard classified information

b. They possess a card with the company name, name of individual and picture ID

c. They possess authorization to store classified in hotel safe (NISPOM 5-410)

d. Classified material is inventoried prior to deliver

e. Classified material inventory transported with material.



4. When escorting classified information transported in the airplane’s cargo area, plane _____ and deplane _____.

a. Before other passengers, after other passengers

b. After other passengers, before other passengers

c. After cargo is secured, before anyone (NISPOM 5-413f)

d. After engines start, before plane pulls to gate

e. After plane leaves gate, before plane pulls to gate


So how did you do? These questions and more can be found in DoD Security Clearance and Contracts Guidebook, as well as in NISPOM Training. Both resources provide excellent study material that may help with passing the ISP and SPeD certification exams.


Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Monday, November 23, 2015

Unclassified Controlled Technical Information



What to protect; decisions, decisions. It seems that there are acronyms developed with the ingenuity and fluidity of American innovation. The same innovation that enhances our military capability also comes with a set of warnings and new titles and acronyms that demand increased attention. While new acronyms and technology protections are identified, reliance continues on fundamental protection measures that rarely change.

More and more evident is the growing volume of U.S. defense information categories that demand protection and are not necessarily classified. If not identified and protected, unclassified U.S. defense information could be accessed by unauthorized persons.

Unclassified defense information comes in many forms and acronyms includes military critical technology, proprietary information, intellectual property, company secrets, Export Administration Regulation (EAR), International Traffic in Arms Regulation (ITAR) controlled technology, controlled unclassified information (CUI) and the most recent unclassified controlled technical information (UCTI).

Some U.S. defense information categories and definitions include:

  • Espionage
    • Gathering, transmitting or losing defense information 
    • Gathering or delivering defense information to aid foreign government 
    • Photographing and sketching defense installations 
    • Use of aircraft for photographing defense installations 
    • Publication and sale of photographs of defense installations 
    • Disclosure of classified information 
    • Economic Espionage Sec. 1831 of Economic Espionage Act of 1996
      • Whoever, intending or knowing that the offense will benefit any foreign government, foreign instrumentality, or foreign agent, knowingly--
        • steals, or without authorization appropriates, takes, carries away, or conceals, or by fraud, artifice, or deception obtains a trade secret;
        • without authorization copies, duplicates, sketches, draws, photographs, downloads, uploads, alters, destroys, photocopies, replicates, transmits, delivers, sends, mails, communicates, or conveys a trade secret;
        • receives, buys, or possesses a trade secret, knowing the same to have been stolen or appropriated, Obtained, or converted without authorization;
      • Trade Secret Theft Sec. 1832 of Economic Espionage Act of 1996
        • Whoever, with intent to convert a trade secret, that is related to or included in a product that is produced for or placed in interstate or foreign commerce, to the economic benefit of anyone other than the owner thereof, and intending or knowing that the offense will, injure any owner of that trade secret, knowingly
          • steals, or without authorization appropriates, takes, carries away, or conceals, or by fraud, artifice, or deception obtains such information;
          • without authorization copies, duplicates, sketches, draws, photographs, downloads, uploads, alters, destroys, photocopies, replicates, transmits, delivers, sends, mails, communicates, or conveys such information;
          • receives, buys, or possesses such information, knowing the same to have been stolen or appropriated, obtained, or converted without authorization
      • ITAR Violations
        • Export means: 
          • Sending or taking a defense article out of the United States in any manner, except by mere travel outside of the United States by a person whose personal knowledge includes technical data; or 
          •  Transferring registration, control or ownership to a foreign person of any aircraft, vessel, or satellite covered by the U.S. Munitions List, whether in the United States or abroad; or 
          • Disclosing (including oral or visual disclosure) or transferring in the United States any defense article to an embassy, any agency or subdivision of a foreign government (e.g., diplomatic missions); or 
          •  Disclosing (including oral or visual disclosure) or transferring technical data to a foreign person, whether in the United States or abroad; or 
          •  Performing a defense service on behalf of, or for the benefit of, a foreign person, whether in the United States or abroad. 

      The lesson is that significant effort and thought should go into protecting sensitive unclassified U.S. defense information. Developing a security program to protect sensitive unclassified information may require more innovation than that of understanding how to protect classified information. Classified information handling instruction provides much stronger wording. For example, recipients of TOP SECRET, SECRET, and CONFIDENTIAL information are directed to protect this information with GSA approved security containers, security in depth, intrusion detection devices and much more depending on the classification level. In fact, there are entire manuals written depending on agency and their contractors. For the Department of Defense the National Industrial Security Program Operating Manual (NISPOM) provides a few hundred pages on how to protect classified information.

      However, for unclassified U.S. defense information the defensive measures depend primarily on the analysis and innovation of those holding it. True, the ITAR, EAR and some DoD publications speak to protection of sensitive unclassified information, but the guidance is high level and subjective. For example, the NISPOM limits access to classified information to security clearance and need to know and a time proven classification system. It also requires specifications for locks and security containers that protect classified information. On the other hand, sensitive unclassified information does not address background investigation or requirements for industry other than to prevent access by non-U.S. persons. Also, unclassified hard copy requires securing in a locked desk or drawer and shredding or ripping into pieces. These might be adequate in general terms but are subjective to the quality of desk and size of the shredded pieces as well as any credible threat.

      At this point it is good to consider the guidance as a minimum and plug in a risk analysis of the defense information within organization as the added ingredient. Once established, the FSO should develop a security awareness training program to assist with enforcing the message.

      Unclassified U.S. defense information should be protected with a well-designed security system. Though not classified, this information could impact national security if access by unauthorized persons. Therefore, it should be identified by title and location and limited not only to U.S. persons but also by need to know of the information.



      Stay plugged in for future articles and information on building that security program to protect sensitive unclassified U.S. defense information. Sign up for our newsletter to keep up to date.


      Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

      Monday, November 9, 2015

      Approval of Open Storage-The Self Inspection Handbook for NISP Contractors

      HTTP://www.redbikepublishing.com
      In this installation of the Defense Security Service (DSS) Self Inspection Handbook for NISP Contractors, we’ll review the  National Industrial Security Program Operating Manual (NISPOM), Paragraph 5-306b. Here is the question:                                          
               
      5-306b       Has DSS approval been granted for the open shelf or bin storage commonly known as “open storage” of documents in Closed Areas?

      Though we have covered the storage of classified information in earlier articles, this writing will address storage of classified information specific to these closed areas. See if you can find the differences.

      According to NISPOM paragraph 5-306b, open shelf or bin storage (hereinafter or “open storage” of SECRET and CONFIDENTIAL documents in closed areas requires Cognizant Security Agency (CSA) approval. Prior to approval, DSS will consider open storage of material and information system (IS) media based on the cleared contractor meeting the following:
      • Limited storage space required for storing classified information (product is too large to fit in a GAS approved security container); or, the performance of classified work (operational environment) requires open storage.
      • Access to the open storage area is limited to those with adequate security clearance and need to know of all information in the open.
      • The entrance doors to the area are equipped with GSA-approved electromechanical combination locks that meet Federal Specification FF-L-2740.
      •  For SECRET material, the area is protected by an approved intrusion detection system with a 30-minute response time, as well as security-in-depth (SID) as determined by DSS. For open storage areas lacking sufficient SID, a 5-minute response time is required.
      • For CONFIDENTIAL material, no supplemental protection or SID is required.
      •  The open storage area is within a facility, or specific portion of a facility, determined by DSS to have security-in-depth based on the following criteria:
      •  The contractor has documented the specific layered and complementary security controls sufficient to deter and detect unauthorized entry and movement within the facility, or specified portion of the facility in which open storage is approved. During self-inspections, the contractor must review the effectiveness of these controls and report any changes affecting those controls to DSS.
      • At a minimum, the contractor has considered the following elements in their security-indepth assessment:
      • Perimeter controls
        • Badge systems when the size of the population of the facility render personal recognition impracticable
        • Controlled access to sections of the facility in which classified work is performed
        • Access control devices when circumstances warrant

      The difference between storage of classified information in a GSA approved storage contain and open storage could be addressed by considering the outer perimeter of the closed area as a “GSA approved container” requiring additional supplemental controls. Where the storage SECRET is adequate in a GSA approved security container (unless a risk assessment requires supplemental security), open bin storage of the same level of classification requires proper construction of the closed area plus the additional alarms and monitoring to provide the secure barrier.

      For example, XYZ Contractor may store SECRET and CONFIDENTIAL information for one contract in 5 drawer GSA approved security container. All documents, hard drives, and other classified media fit nicely and are checked out and turned in as appropriate.

      However, on another contract the classified material is large and bulky and will not fit in a GSA approved container.  The closed area is inside of an access controlled facility and constructed as outlined in the NISPOM. Additionally, access is limited to those with the appropriate security clearance and Need to Know of all classified information. At night the room is safeguarded with the intrusion detection and security in depth.

      RESOURCE:  ISL 2012-04 Open Shelf or Bin Storage under Industrial Security Letters at: http://www.cdse.edu/toolkits/fsos/safeguarding.html



      VALIDATION:

      Pose all closed area requests, justifications, and inspections where they can be easily and readily accessed for audit, inspection or review.

      Post all closed area approvals where they can be easily and readily accessed for audit, inspection, or review.

      Provide demonstration and documentation of specific layered and complementary security controls where open storage is approved. Consider the following:

      • Perimeter controls
      • Badge systems when the size of the population of the facility render personal recognition impracticable
      • Controlled access to sections of the facility in which classified work is performed
      • Access control devices when circumstances warrant
      Demonstrate and document the self-inspection review of the security controls and their effectiveness

      Document any report any changes affecting those controls to DSS for review, inspection, or audit.


       


        Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

      Monday, October 5, 2015

      NISP Self Inspection Handbook-Closed Area Construction

      Welcome to National Industrial Security Program Operation Manual (NISPOM) 5-306 portion of the Defense Security Service’s (DSS) Self Inspection Handbook for NISP Contractors. This section covers closed area construction as identified in the NISPOM. 

      Here is the question:                                            

      5-306 Are Closed Areas constructed in accordance with the requirements of the NISPOM?

      Where the size or operational environment of the classified material may prove unsuitable for storage in a GSA approved security container or vault, a closed area might be the right solution. If a closed area is needed, DSS and the contactor should agree to the construction of the closed area as early as possible in the contract or a qualifying an existing as soon as the need arises. This is a great reason for a proactive FSO to be involved in classified contracts from cradle to grave. This includes reading requests for proposals, statements of work and engagement with  DD Form 254 reviews to determine classified material storage needs and address the any closed area considerations with DSS for consideration and approval.

      If a closed area construction is needed, the Cognizant Security Agency, DSS, is the approving authority. They will provide approval based on NISPOM 5-306 Section 8 requirements. These construction considerations include not only walls, floors, and ceilings, but anything that may be considered an opening or vulnerable areas. Construction should address deny, deter and detect protection measures. For example, the hardware should be heavy gauge and installed in such a way it cannot be removed. Walls should be built to deny entry through destruction, damaging entry methods, or wall section removal and any attempts should leave visible markings.  See NISPOM 508 for more specific construction details.

      With environmental (HVAC) and cyber concerns (network, wires, and cables) exist, false ceilings and floors abound. A common construction technique is to lower the ceiling with ceiling tiles and raise the floor to hide unsightly IT and other equipment. The closed area must be considered as wall to wall and ceiling to floor. This expands the area to well beyond the false ceiling and raised floors to the actual place where walls and floors / ceilings connect.  The space above the false ceiling and below the floor should be vetted as secure and when so, security integrity should be inspected for the life of use. Options for protecting hidden areas include alarms, viewing areas where tiles are clear or removable so that the areas can be viewed, periodically inspecting these hidden areas, and ensuring work orders involving closed areas are approved by the FSO.

      Additionally, access controls and personnel security must be in place to limit access and need to know. These access controls can be as simple as having a cleared person guarding the entrance with a check list of authorized persons or as complicated as technical devices or systems.

       

      Recommended closed area inspection cycle


       Nature of Classified Information

       Security-in-Depth

      Minimum
      Inspection
      Frequency
      Classified Information Systems with unprotected transmission lines above false ceiling or below false floor
      No

      Monthly

       

      Yes

       

      Every Six Months

       Open Storage of Classified Documents  

      No

      Monthly

      Yes

      Every Six Months

       
        Classified Hardware

      No

      Every Six Months

      Yes

      Annually


      There may be times when GSA security containers are just not enough. Operational requirements, size of classified material, work environment and other factors may require the construction of or re-use of a qualifying location as a closed area. When using closed areas, FSOs should apply and enforce physical security measures to deny, deter, and detect unauthorized access at any time. Reinforced doors, windows and other access points should be installed to prevent anyone from easily breaking in or going around current security precautions. FSOs should always coordinate with DSS or CSA as they are the approval agency of new construction, modifications, and repairs of closed areas. As always, the FSO should validate and document work. See Validation section for ideas.

      RESOURCES: 
       
       
      ISL 2006-02 Structural Integrity of Closed Areas under Industrial Security Letters at: http://www.cdse.edu/toolkits/fsos/safeguarding.html

      VALIDATION:

      The required minimum inspection frequency must be approved by your Industrial Security Representative. The FSO should save all approval records and document inspections on the DSS Form 147, “Record of Controlled Areas.”                                                                                                          
      When building closed areas, the FSO should ensure pictures of progress are taken as evidence of compliance with construction requirements. 

      Create a binder, notebook, file or other record for all closed area transactions. Include in the file:

      ·         Closed area locations

      ·         Standard practices and procedures

      ·         Standard operating procedures

      ·         Written security requirements

      ·         Certifications and approvals

      ·         Specific annual security training requirements designed for classified contract and closed area use

      ·         Inspection details
                                                    

      Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".