Tuesday, January 21, 2014

Is ISP Certification Your Resolution?

How are those New Year's resolutions going? I've heard a lot of chatter about preparing for ISP Certification, and was wondering if you are one of the few taking steps to stand apart. 

ISP Certification can be yours if you follow the recommendations at the NCMS website. Chances are, if you qualify with the minimum requirements, you have 5 years of great experience under your belt. Now all you need is practice. Our study guide has 4 complete tests with 110 questions each. 

Join the hundreds of others who have enhanced their study with Red Bike Publishing's Unofficial Guide to ISP Certification. 

Here are some sample questions from an earlier version of Red Bike Publishing's Unofficial Guide to ISP Certification. 


Sample Test Questions
Before taking your ISP Certification Exam, why not test drive a few questions. You can find more at http://www.redbikepublishing.com

1. Which of the following are eligibility requirements for an FCL?
a. The company must be an organization of at least 25 people
b. The company must have potential for classified access
c. The company must have a reputation for integrity
d. The company must make its bottom line for three consecutive quarters
e. The company is the only one who can perform the work


2. When can a contractor disclose classified information to another contractor?
a. Furtherance of contract
b. Furtherance of business development
c. When directed by FSO
d. When directed by CSA
e. Just as long as other contractor is cleared


3. Unless restricted by GCA, SECRET material may be reproduced as follows EXCEPT:
a. In performance of a prime contract
b. In performance of subcontract in furtherance of prime contract
c. Upon closure of contract
d. In preparation of patent applications
e. In preparation of bid to a Federal Agency


4. The types of international visit requests include all the following EXCEPT:
a. One-time
b. Recurring
c. Initial
d. Extended
e. Emergency

5. U.S. contractor visits to Portugal require _____ days advance notice.
a. 20
b. 15
c. 10
d. 21
e. 14





Scroll down for the answers















TEST 1 ANSWERS-LONG VERSION


1. Which of the following are eligibility requirements for an FCL?
c. The company must have a reputation for integrity (NISPOM 2-102c)

2. When can a contractor disclose classified information to another contractor?
a. Furtherance of contract (NISPOM 5-509)


3. Unless restricted by GCA, SECRET material may be reproduced as follows
EXCEPT:
c. Upon closure of contract (NISPOM 5-601b)


4. The types of international visit requests include all the following EXCEPT:
c. Initial (NISPOM 10-502)

5. U.S. contractor visits to Portugal require _____ days advance notice.
d. 21 (NISPOM Appendix B)

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

FSO's-Get Ready for The Self-Inspection

This year is still new, but some expectations never change. One thing that you can expect to do is either undergo a self-inspection, a DSS review or both depending on the audit cycle. A DSS review could also be conducted in your facility when applying for a facility security clearance (FCL). Since the DSS review tests security countermeasures and makes determinations of vulnerability and preparedness, it's best to focus on these areas as you prepare for the visit.

Begin with the self-inspection. Once you are set up with a security program, you what to know the status and help determine whether or not your security posture is where you expect it to be. In other words, are you able to protect classified information at the level required. Begin with a pre-inspection to plan out your actions. According to DSS, this can be conducted in six steps:

1) Identify all security elements that apply. Cleared facilities are either possessing or non-possessing. The common denominator is that there are security elements common to ALL cleared companies and are covered by chapters 1-5 and parts of chapter 6 of the National Industrial Security Program Operating manual. These areas are:  Facility and Personnel Security Clearance (FCL and FCL), Access Requirement, Security Education, Foreign Ownership Control and Influence (FOCI), and Classification (original and derivative). Possessing facilities will have additional storage, classified processing, NATO and or other considerations covered in the remaining chapters of NISPOM.

Security elements are referred to in statements of work, DD Forms 254, and other contracts requirements. Be sure to prepare your self-inspection to cover all security elements.

2) Familiarize yourself with how your company's business is structured and organized.  Is the business a sole proprietor? Then, easy, only one person makes the decisions. How about a corporation such as limited liability corporations, S-Corp, C-Corp, partnership? The business structure determines positions of employment, ownership, or committee that have influence over classified information. Along with business structure, the Key Management personnel are those identified senior employees who have influence over classified contract performance. In many cases certain FSOs, VP's, board members, and etc. make decisions that impact policy. The policy may impact classified contracts. This KMP identification helps DSS understand who has such decision making authority. If they are not cleared, they will have to be otherwise exempted.

3) Identify who you will need to talk to and what records you may want to review. Regardless of whether or not your business has 1 or thousands of employees, FCL requirements are conducted by someone. Be sure to identify who impacts classified contracts, export compliance, performs on classified contracts and determine what classified documents exist if at all on site and what documents exist that reference classified contracts. These documents include classified information receipting actions, DD Forms 254, export licenses and etc.

4) Prepare a list of questions and topics that need to be covered. Be sure to include questions to test an employee's knowledge of NISOM training, access to classified information, performance on classified contracts, foreign travel, need to know enforcement and who the facility security officer is. The new handbook provides lots of sample questions to help you out.

The next few topics only deal with cleared facilities with classified storage approval:

(5) Understand the infrastructure supporting classified work requirements. This could include closed areas, GSA approved containers, classified processing, etc., and

(6) Have knowledge of the processes involved in the classified programs at your facility.

These are all great suggestions based on the Self-Inspection Handbook. Go ahead, download a copy and get started.


For more information on security clearance and performing on classified contracts, get your copy of DoD Security Clearance and Contracts Guidebook by Red Bike Publishing

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".

Friday, January 17, 2014

You have your Facility Security Clearance, Now What?

I spend a lot of time writing about the security clearance process and how to protect classified information. I write the security clearance process with the newly cleared or yet to be cleared defense contractors in mind. The latter, I write for established contractors as they maintain their classified contracts. 

Though I’ve covered it in DoD Security Clearance and Contracts Guidebook, I’ve not yet published an article about what happens after you get the new facility security clearance (FCL.) Once the security clearance is awarded and you begin to work on classified information, your responsibility is to establish the security program and protect classified information the way you promised your government customer you would. Soon enough, your industrial security representative from Defense Security Services (DSS) will be by to verify those security practices.

Preparation for the visit begins with understanding your responsibility to prepare the facility to safeguard classified information. This can be done through building policy and infrastructure. The least expensive but most time consuming preparation is with policy development. Writing procedures, processes and publishing to build security conscious DNA within an a cleared enterprise is fundamental. Many security programs, especially non-possessing (no maintaining classified information on site) can sustain with policy alone providing they have the appropriate security awareness training. For example, a written policy explaining education, access procedures, reporting requirements and other National Industrial Security Program Operating Manual (NISPOM) considerations enforced with comprehensive training can lead a cleared facility to success.

However, possessing facilities would need the additional and more expensive infrastructure considerations. These include technical controls for enforcing need to know and access to classified information, constructing sensitive compartmented information facilities (SCIF), closed areas, and GSA security containers. Though the security clearance process does not directly charge the cleared contractor, meeting NISPOM requirements for protecting classified information does. Make sure you understand contractual requirements in the statement of work, contract, DD Form 254 and those proscribed in the NISPOM.

Once you establish your best way forward and implement the security policy and infrastructure, it’s time to inspect it and ensure that you are able to protect the classified information as required. DSS has an excellent Self-inspection Handbook for NISP Contractors on their website that can not only prepare you for establishing an award winning security program, but will lead you through a security program validation process in preparation for the DSS review. Use the handbook and all the information and tips inside to get prepared to receive and protect classified information.

Find more information for protection classified information in:





 *****
Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".