Monday, November 24, 2014

Facility Security Officers, NISPOM Training and What We Really Do

NO, I will not move your office furniture.

The misunderstanding.

Not because I’m not a nice guy or a helpful employee, but you just came to the wrong office.

Ever have one of those days?

A few years ago while serving diligently as an FSO an employee came by my office. She shot the breeze for a few moments, then floored me with a question.

“Could you help me move my desk out of my office? I’m getting it replaced.”

I thought it a strange request as I was still kind of new and we hadn't built up the kind of relationship where she should ask for those kind of involved favors.

Sure, I could grab someone and we  can come over and move it.

“That would be great,” she responded.

“But, better yet,” I said on second thought, trying to protect my back from sure injury. “Why don’t I call the facilities manager and we can get someone with the right equipment.”

“That’s what I meant,” she responded. “You are the facilities guy…”

Oooooh, now I know what’s going on.

After a brief exchange, I educated her on the role of a Facility Security Officer, which is to develop and implement a security program to protect classified information. She apologized for the misunderstanding and quickly moved on.

Confined to a small box.

It’s possible that you or someone you know has or is currently having same experience. This stems with fellow employees not understanding the FSO's role or responsibility. This misunderstanding could not only have people assuming FSOs control furniture and building use, but could lead to effectively undercutting potential leadership roles.

FSOs should have the ability to influence business and vision making decisions. Without such input, the enterprise may not reach its full potential.

FSOs should be regularly consulted for and be involved in business, statement of work, request for proposals, capabilities statements and areas of increasing value while working classified contracts. After all, FSO tasks encompass so much more than requesting security clearance investigations, sending visit authorization requests, or other general administrative tasks .

Breaking out of the box.

Nobody will ever understand what you can do unless you tell them in words they can understand and in the language they speak. What might be useful is a quick elevator speech of about 30 seconds. One that FSOs can relate in real time and highlights their capabilities and how they impact the company’s ability to work on classified contracts. A good place to start is reviewing contractual requirements and comparing them the already established security program.

Reference Documents

The first step is to review DD Forms 254 and look for specific security requirements as outlined in blocks 10 and 11 and those additional ones mentioned in blocks 13 and 14.  Additionally, statements of work may list some opportunities the FSO can take advantage of to demonstrate value to the enterprise.

With this information FSOs can share with the enterprise not only the popular security clearance issues, but also:

  1. Training requirements for employees to work with classified information (NISPOM training, initial security training, annual security awareness training, SF3-12 briefings, derivative classifier training)
  2. Additional storage space required to include GSA approved containers, shelving, closed areas, classified discussions
  3. Vision statement to include areas for business growth, business opportunities or hiring of additional security employees. 
An elevator speech might look like: “As FSO I create, implement and lead security programs that protect classified information. To do this I help the enterprise make risk based decisions and implement countermeasures to ensure classified work performance is conducted as required, ahead of schedule and within budget.”

This proactive effort leads the FSO from bolting on security at the end of the product to weaving it in throughout the acquisition life-cycle.

The Setup

Consider two possible responses to a security opportunity:
Someone would notify the FSO with the good news of the contract award believing that everything is in place to proceed. A new DD Form 254 requires not only a product demonstration, but a classified research paper demonstrating how the product will meet the customer’s requirements. The contract also comes with the delivery of 300-400 classified documents.  

1.        A misunderstood FSO’s role might lead to a disaster as such:

The FSO is not directly involved with the acquisition and contracts process. They are just there to react to emerging contractual opportunities. As such, the organization could be left with reacting on short notice tasks  with long lead times. 

This might involve security briefings, training new or existing employees, determining where the classified work would take place, and where the product and 300-400 documents would be stored. This would be a large task for someone just discovering the requirements only after the contract is awarded. 

Such a position of reaction could lead to delays in work as clearances would need to be requested, security containers ordered and restricted areas imposed please keep in mind that this is a made up scenario based on any level of classified work experience.)

2.       A well-integrated FSO’s role might lead to success: Given advance notice the FSO can deliver sound advice as soon as rumors of new work whispers through the corridors. From the beginning the FSO could help determine how many cleared employees are needed vs. what is available, whether or not additional security training is required, whether or not existing storage space is adequate for documents and work performance and on and on. The FSO would inform business making process before decisions are made.

FSOs should be prepared to lead the organization through the requirements of performing on classified contracts. This opportunity can be clouded by misconceptions and misunderstanding. A difficult, but vital responsibility includes informing the enterprise of roles, responsibilities and capabilities. The FSO should research requirements and present a sound solution.

Jeffrey W. Bennett, ISP is the owner of Red Bike Publishing Red Bike Publishing . He regularly consults, presents security training, and recommends export compliance and intellectual property protection countermeasures. He is an accomplished writer of non-fiction books, novels and periodicals. Jeff is an expert in security and has written many security books including: "Insider's Guide to Security Clearances" and "DoD Security Clearances and Contracts Guidebook", "ISP Certification-The Industrial Security Professional Exam Manual", and NISPOM/FSO Training".