Friday, July 22, 2011

Noone is making you, so why become ISP Certified

There is a lot of debate about professional certification. Currently, the drive and motivation for facility security officers (FSO) and security specialists to become Industrial Security Professional (ISP) certified is still determined by them. There are few real requirements for security professionals to devote time, money and other valuable resource necessary to getting the ISP certification. NCMS is performing the monumental task of creating a credible and viable certification program, but the industry as a whole does not seem to buy in to the benefits. There are few job announcements and job positions that actually require the ISP Certification.
The Department of Defense has not recognized the ISP certification as a requirement, but has instead created a certification for their security employees called Security Professional Education Development Program (SPeD) (pronounced speed). Some agencies do require the CISSP, but none have specifically called out the ISP Certification.
Since contracts, regulations and jobs don’t require those protection classified information to have the ISP certification, why would anyone want to pursue such an aggressive campaign to learn NISPOM topics? Here are five of the many reasons a professional would seek certification:
  • Become more attractive as an employee-If a certification requirement does not exist, the employee could work out an agreement with their supervisor. The supervisor would agree to challenge all employees to study for and take the ISP Certification exam. Once they pass, they would be eligible for promotions and raises if they remain in good standing.
  • Become more attractive while bidding for contracts-A company with ISPs can leverage that they have “employees board certified to protect classified information.”
  • Prepare for better opportunities-An ISP Certification can set one employee above the rest. Sometimes being the best may not be enough; you have to prove it. Knowledge, skills and abilities are believable and proven with board certification. Though certification may not be a requirement, it can give you that extra push during evaluations, raises or job interviews.
  • Help others-According to NCMS, ISPs can serve as mentors and ISP Certification Exam proctors. The ISP also gives credibility for those of you who like to teach and train within your profession. Being certified opens doors for you to be a mentor and proctor and help others become certified.
  • Consult-Speaking of proof and credibility, many of you are consultants, or have plans to become consultants. If you write, teach, consult, demonstrate or represent industrial security to clients and customers, the three letters ISP behind your name will cause your audiences to pay attention.
If you are waiting for someone to make you get certified, then keep waiting. Trends show that security certification is not going to be required anytime soon. However, if you want to be among the few industrial security professionals get your ISP Certification. Demonstrate that you are among professionals board certified to protect classified information.

Wednesday, July 20, 2011

Cleared Contractors and Annual Security Awareness Training

Cleared contractors are required to brief their cleared employees every year. It’s easy when there is a Facility Security Officer (FSO) on site. However, companies consisting of one to a few hundred employees may have FSOs designated in addition to regular duties. COOs, engineers, CFOs, HR and other professionals don’t have time to create and execute training while performing on contract.
That’s where Red Bike Publishing can help.
An FSO can spend several hours designing training. At $35.00 per manager work hour, that could end up costing at least $150.00, not including the costs associated with brining the FSO off a contract. Our low cost, high value training package allows you to concentrate on your core competencies while we provide your required training. Our NISPOM Training contains requirements for the Annual Security Awareness and Initial Security Training. Just download our slides and lead the discussion, the notes are already filled out and ready to read.

FSOs have a huge responsibility to protect classified information. As such, these FSOs may be owners, engineers, human resources or appointed employees with other additional duties. If you are an appointed FSO with other duties, you might be just too busy to create a training program. Red Bike Publishing can help. We’ve created an easy to use presentation that you can download and present. Notes are available straight from the NISPOM. You can read them word for word or you can tailor the presentation to meet your organizational needs. This presentation will help you meet the National Industrial Security Program (NISPOM) and Defense Security Services (DSS) Requirements. Take a look at the sample presentations on the side of the page.
NISPOM Initial Security Training /Refresher Security Training.
The main presentation is great for initial training or for refresher annual security awareness training required of all cleared employees. (NISPOM 3-103 and 3-104).
When you invest with this training program you will receive a link for the main presentation and a quarterly email link for the topical training. Topics include NISPOM requirements:
  • Threat Awareness
  • Defensive Training (foreign travel briefing)
  • Overview of the Security Classification System
  • Employee Reporting Obligations and Requirements
  • Security Procedures and Duties Applicable to the Employee’s Job
  • Marking Classified Material
  • Safeguarding Classified Material
  • Control and Accountability
  • Storage and equipment
  • Transmission
  • Original Classification Authority
  • Performing on Classified Contracts

Tuesday, July 19, 2011

DoD Security Clearances and Contracts

We know it’s tough to focus on both creating a company to last and performing under strict government guidelines. Getting classified contracts, requesting security clearances and remaining compliant are all vital to a cleared contractor’s success. But…

Just one mistake can cost a defense contractor current and future contracts.

Until now, there has been no one place to find everything you need to know about security clearances. Many defense contractors and employees don’t understand how to get their clearances and compete for classified work. The DoD Security Clearance and Contracts Guidebook brings together information from Presidential Executive Orders, National Industrial Security Program Operating Manual (NISPOM), International Traffic in Arms Regulation (ITAR) and other regulations to demonstrate how to establish and maintain a successful security program. Whether you are part of a business or an employee, this book will demonstrate both the security clearance process and how to perform on classified contracts.

What can be more important than protecting our Nation’s secrets? Situations and questions throughout the book are designed to help improve understanding of the NISPOM. In fact, many Facility Security Officers and industrial security professionals face similar situations as they help to safeguard our nation’s secrets.

This book can also help prepare the reader for the Industrial Security Professional (ISP) certification exam or the SPeD security certification exam.

The DoD Security Clearance and Contracts Guidebook helps cleared contractors understand the security clearance process and develop award winning security programs to win and keep classified contracts. It is a good companion for all seasoned and novice defense contractors, Facility Security Officers (FSO) and the college student.
With the DoD Security Clearance and Contracts Guidebook, Defense contractors now have a resource to confidently pursue classified contracts. This book is complete with:

•Step by step guide demonstrating how to meet requirements for security clearances

•Description of senior leader responsibilities in security cleared facilities

•Comprehensive list 0f Cleared contractor administrative responsibilities

•Method for reducing costs associated with protecting classified information and NISPOM requirements

•Description of award winning FSO qualities

DoD Security Clearance and Contracts Guidebook demonstrates how cleared contractors can protect program information through:

•Building award winning security programs

•Understanding international operations

•Improving Defense Security Services (DSS) inspection results

•Winning the Cogswell award

DoD Security Clearance and Contracts Guidebook contains expansive discussion on how security professionals and FSOs can:

•Build skills as a security specialist or FSO

•Gain access to valuable resources for security programs

•Prepare for the ISP Certification exam

Students will:

•Improve understanding of national security

•Learn new career opportunities

•Have a valuable resource for homeland security studies

Monday, July 4, 2011

Do cleared employees of cleared defense contractors know who the FSO is?

     “I’d like you to move my desk from the window to the inside wall. I keep getting a glare on my computer screen.” Our friendly executive assistant said to me.
      “Wow, thanks for the vote of confidence. However, I’m not as strong as I look and don’t think I should tackle that project alone. Have you sent a request to facilities?” I replied.
     “Well that’s what I thought I was doing. Aren’t you the Facility Officer?”
      That was a humbling but eye opening experience from my first three months on the job as a Facility Security Officer (FSO) at a small cleared defense contractor. At the time, we only had one contract and very little classified work. However, as small as we were I still had to establish a security system to protect classified information. A major part of the job was institutionalizing my position so that everyone understood the role of the FSO.
     I wasn’t above helping. Sometimes everyone had to pitch in to take on multiple responsibilities to keep the ship on course. I could move desks, make coffee, write reports, manage safety, exports compliance and execute a wealth of additional duties. The point was that she did not understand the role of a Facility Security Officer, and that was my fault.
     So, how does an FSO “institutionalize” their position and security program? Here are a few recommendations:
  • Be technically proficient in security tasks as they relate to your company and NISPOM. Understand the DD Form 254 and how your cleared employees are expected to perform on classified contracts. If the DD Form 254 approves performance of classified work onsite, then you might need to know how to receive, store, ship, destroy and etc. If there is no classified performance on site, then you might need to be focused on security clearances. Read the 254 and statements of work and become very familiar with customer requirements.
  • Attend executive level meetings. This may be a new concept for your company. In some cases, they may view the FSO only as an administrator of security clearances. If so, work on changing the perception and showing value as the executive responsible for classified contracts. If you are currently not involved or invited, get a calendar. Notify the assistant or meeting holder to request and invitation. At first, you might attend and let people get used to seeing your presence. If you have questions or comments, make a note and contact that person after the meeting. Establish credibility as a concerned company officer and the senior officer of classified contracts security. The end goal is to attend regularly and contribute to company decisions, especially where classified contracts are involved.
  • Attend all company events and network. Get to know executives and employees on neutral ground. Have fun and inject yourself into the team. Break down the “us vs. them” mentality. The FSO and security department is part of the team.
  • Be the authority. Hold annual security awareness training, put out newsletter, provide security statistics, keep your company informed on national industrial security issues, work inter-departmentally while developing policy (safety, facilities, HR, program management, etc) as policy affects everyone.

     These recommendations are not all inclusive. The point is to project the position of FSO as a company asset. Your job isn’t to raise awareness of you, but of your position. It is about protecting your company’s ability to compete for and maintain classified contracts and cleared employees. When successful executives will value your input and responsibilities as an FSO.

Friday, July 1, 2011

Risk Management and NISPOM

     The risk assessment helps FSOs focus countermeasures to protect classified information from actual identifiable threats by probability. Risk management helps the FSO determine how to protect the classified information above and beyond the NISPOM guidance. The same approach should be used in determining which parts of the NISPOM apply to an FSO’s facility. For example, a non possessing facility that performs classified work at another facility should not focus security efforts on protecting classified processing.          
      However, they should focus their efforts on NISPOM chapters 1, 2, 3 and 6 parts of chapter 5 and Appendices A and C; the parts of NISPOM that apply to ALL cleared contractors.
      The NISPOM’s first chapter is dedicated to general industrial security concerns. The chapter is divided into three sections which provide the introduction, general and reporting requirements.
     Chapter two is divided into three sections that cover facility clearances, personnel clearances and foreign ownership control and influence (FOCI) information. In this chapter FSOs can find instructions on how facility clearances are awarded and learn reasons to process personnel clearances and when to do so. Finally, it discusses the factors and procedures to apply when a company is partially or fully under foreign control.
     Chapter three instructs how to conduct security training and briefings. It gives detail to what type of training is required and the necessary topics to train.
     Chapter five gives proper methods of safeguarding classified information. It provides general safeguarding practices such as oral communication, perimeter controls and emergency procedures.
     Chapter six distinguishes between classified visits and meetings and provides information how how each is conducted.
     Appendix A. Cognizant Security Office Information-lists contact information for the CSOs for the four CSAs under the NISP.
     Appendix C. Definitions Provides an alphabetical list of key industrial security definitions. Some terms and phrases have a unique meaning in the context of the NISP.
     FSOs can use a simple question and answer session to determine which addtional chapters apply to their cleared facilities. These questions are based on the cleared contractor’s DD Forms 254. If the answer to any of the following is yes, the FSO can refer to the corresponding NISPOM chapter or section.

  •      Does the cleared facility provide classification markings? See NISPOM chapter 4 
  •       Does the cleared facility store, disseminate, or destroy classified information? See NISPOM chapter 5 
  •       Is the cleared facility a prime contractor with classified subcontracts? See NISPOM chapter 7 
  •      Does the cleared contractor process classified information using an information system? See NISPOM chapter 8 
  •      Does the cleared facility have contracts that involve special handling such as Restricted Data (RD), Formerly Restricted Data (FRD), Critical Nuclear Weapon Design Information (CNWDI), Intelligence information or Communications Security (COMSEC) information. See NISPOM chapter 9 
  •      Do cleared employees perform international operations, store foreign government information or transfer classified information to foreign entities? See NISPOM chapter 10 
  •      Does the cleared facility have contracts that include TEMPEST, Defense Technical Information Center (DTIC) or involved in independent research and development (IR&D) efforts that involve classified information? See NISPOM chapter 11

     FSOs should become familiar with the NISPOM. However trying to implement parts of NISPOM that do not apply to the types of classified contracts involved may waste effort and resources. Leading purposeful and efficient security begins with an assessment of both risk and identifying applicable parts of the NISPOM.

Security Clearances and the Real Deal

     "Jeff, I need to submit a security clearance request. What do I need to do?" one of our employees asked.
     "First of all, you need justification. Can you tell me a little why you need a clearance? We can get started that way."
     "Sure, I'd like to have a clearance to apply for a new job. Let's just keep that last part to ourselves."
     "No problem, I won't tell people you are job hunting, but I won't be able to process a clearance for you," I responded. I tried really hard not to laugh.
    “Really?” he asked incredulously.
     Security clearances should only be requested for employees who have a valid reason, such as fulfilling actual classified work. Requesting clearances for the sake of having a clearance is no good reason to initiate a security clearance request.
Some other bad security clearance ideas include:
  •      To be able to enter a secure area for convenience
  •      To be more competitive
  •      Because everyone else does
  •      To get access to a military customer
  •      To get a raise

     The National Industrials Security Program Operating Manual NISPOM is clear about keeping security clearances to the minimum amount necessary to efficiently perform on a classified contract.
     A good way to justify clearances is to develop a company policy which includes a security clearance verification form. I developed one such form that helped put the ownership (of security decisions) on the manager and first level executives. You can use the form below to improve your security clearance verification program.
      This form requires a supervisor’s nomination of an employee for security clearance. It can also be used for the periodic review. Here’s how it works, the supervisor identifies the employee who needs a clearance and the clearance level. They also provide justification for the clearance. Once complete, they obtain signatures from key management personnel and turn in the signed form to the FSO. The FSO can file the form for DSS inspections.