Thursday, April 4, 2013

7 Ways to Establish and Protect Restricted Areas

Currently, there are a little over 13,000 cleared defense contractor facilities supporting classified contracts. These contracts range from services to providing products. Some perform security clearance and classified contracts work at the contractor location and others at customer locations. Some are authorized to store classified material at the locations, while others perform on classified work elsewhere. Each cleared defense contractor is as unique as the statement of work and Contract Security Classification Specification(DD Form 254) requirements. What doesn’t change is the requirement to protect classified information while performing.

Many large and well known cleared facilities have centralized document control areas, open storage, rooms cleared for classified conversations, open storage, and large areas built especially for working on classified projects. In other words, their entire budget, success and capabilities are supported by infrastructure dedicated to performing on specific classified work.

Others do not have the space or budget to devote entire rooms to specific projects. How do they get their work done? Through the use of designated areas. Unlike dedicated areas, a designated area can serve many purposes and the National Industrial Security Program Operating Manual (NISPOM) refers to these workplaces as Restricted areas.

Restricted areas can be a conference room, closet, office or other place temporarily converted to classified use. Classified work is introduced and the room is restricted to those with security clearance and need to know. Once the work is complete and classified information is removed, it can go back to being a snack room, break area or office.

Here are some characteristics of a Restricted Area:
  •      Clearly identifiable when in used (non authorized users are warned about controls)
  •            Access controlled are established and authorized employees challenge all who enter to ensure clearance and need to know
  •      Physical barriers are not always needed, but some method of preventing classified conversation, objects, information and other products from unauthorized disclosure should be implemented
  •      Restricted areas are for temporary use of classified material and all classified material needs to be returned to the repository.
  •             Restricted areas are used when controlling access to classified material in a large area
  •      Only used during working hours

When establishing a Restricted Area, cleared employees should understand that while they are in control of classified information, they are responsible for determining classification and need to know. This means not only providing it to authorized persons, but keeping it away from accidental and intentional unauthorized disclosure. Here are 7 ways to make sure:

  1. Ensure cleared employees have access to the security classification guides so that they understand what is classified and how to protect it
  2. Develop a technology control plan to protect ITAR and export controlled technical data from unauthorized export to any non-us person employees and visitors
  3. Same technology control plan could be adapted for use as a classified information control plan to keep uncleared and non-need to know employees from exposure to program information
  4. Brief cleared and uncleared employees of their responsibilities under the technology and classified information control plans
  5. Establish access controls to protect information when work is being conducted
  6. Use a document control or accountability system to track the use of classified information. Though it’s not required, it’s a good idea to use a system of signing out and returning classified information to the repository.
  7. At the end of the day, sweep the Restricted Area and ensure all classified information has been removed. Check the document records to ensure it has been turned in, Security Container Check Sheet to ensure the safe is closed and complete end of day checks.

These 7 steps can be applied to protecting ITAR controlled, classified and proprietary information.

Establishing Restricted Areas assists with answering the challenge of working with limited resources. It’s not necessary to spend exorbitant amounts of money or tie up space full time to meet temporary work requirements. When done correctly, Restricted Areas make it possible to meet classified contract requirements without breaking the budget.

For more information on performing on classified contracts, establishing restricted areas and protecting ITAR controlled technical data, see our book DoD Security Clearance and Contracts Guidebook.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing .
 Jeff is an accomplished writer of non-fiction books, novels and periodicals. He also owns Red bike Publishing. Published books include: "Get Rich in a Niche-Insider's Guide to Self Publishing in a Specialized Industry" and "Commitment-A Novel". Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training" See Red Bike Publishing for print copies of: Army Leadership, The Ranger Handbook, The Army Physical Readiness Manual, Drill and Ceremonies, The ITAR,and The NISPOM

No comments: