Sunday, July 20, 2014

FSO's and Cleared Consultants

As a recap from the last article, we can apply the “Elements of Inspection” that are common to ALL cleared companies participating in the NISP. There are a few more elements that might be applied at unique cleared facilities, but facility security officers in those situations can adapt these articles to those specific needs. According to DSS’ The Self-Inspection Handbook for NISP Contractors, the five elements that pertain to ALL cleared defense contractors are:

(A) Facility Security Clearance (FCL)
(B) Access Authorizations
(C) Security Education,
(E) Classification

Though not applicable to all cleared contractors, consultant agreements may apply to some. This article will address the requirements of the consultant agreement and how to basically treat consultants as part of the cleared contractor enterprise.

According to the Defense Security Services (DSS) Facility Security Officer (FSO) Toolkit might look as follows (formatting and content can vary, but this is a template that works just fine). See it here:

Here are the elements of the template.

A consultant for cleared contractors is an individual who provides professional or technical services requiring access to classified information. According to paragraph 2-212 of the National Industrial Security Program Operating Manual (NISPOM) DoD 5220.2-M, a cleared contractor can process a consultant for a personnel security clearance as if they were a cleared employee of the organization. However, the consultant either outright owns or co-owns the business with family members, but is the only employee requiring a security clearance. If other members of the consultant’s organization are required to access classified information, then the company will need to be sub-contracted and sponsored for a facility security clearance (FCL).

The consultant agreement should ensure that the following apply to the work performed (exceptions exist when connected authorized visits):

In the case of a consultant “treated” as an employee, the DD Form 254 is clear about where classified work is performed. The 254 applies to all work performed by cleared employees. By agreement and NISPOM guidance, the consultant is the cleared employee. As such the FSO should document the following actions and be ready to demonstrate during the self inspection and the DSS review:

a. The consultant shall not possess classified material away from the premises of the using contractor.

b. The using contractor shall not furnish classified material to the consultant at any location other than the premises of the using contractor.

c. The consultant shall accomplish performance of the consulting services only on the premises of the using contractor.

Since the consultant’ clearance is held and processed by the consulted, they should have an initial security briefing and annual security awareness training. This training should include the requirements of the NISPOM:

a. The using contractor shall provide classification guidance to the consultant, and shall brief the consultant as to the security controls and procedures applicable to the consultant’s performance.

b. The consultant shall not disclose classified information to any unauthorized person.

Finally, the consultant agreement should state language to the effect that the consultant is the owner of the consulting firm and is the only official/employee of the consulting firm who may provide consulting services pursuant to this agreement.

Once the memo is written and agreed upon, both parties should sign and records available for self-inspection and DSS review.

Using this article and experience, the FSO should now be able to demonstrate efficiency with following questions:

Have you and your consultants jointly executed a consultant agreement” setting forth your respective security responsibilities?
RESOURCE:  Consultant Agreement under Forms at: VALIDATION:

Does the consultant possess classified material at his/her place of business?

No comments: