We recently interviewed Jackie Bray, an FSO with over 20 years experience, on some of the duties of an FSO and what makes an FSO successful. You can find her interview below:
Jackie explains that the National Industrial Security Program Operating Manual (NISPOM) and Industrial Security Letters are fundamental to an FSO's experience. The NISPOM is the "bible" for those creating programs to protect classified information. It provides the "how to" for protecting classified information that the FSO, program managers, and cleared employees working on classified contracts should possess.
The Standard Practice and Procedures should be a companion guide to the NISPOM. Where the NISPOM tells you what to do, the SPP will be the cleared defense contractors' response or demonstration of how they will implement NISPOM at their facility.
Jackie explains that in addition to the NISPOM, and the SPP, the FSO and those working on the classified contract should carefully read and discuss the requirements as found in the DD Form 254, Contract Security Classification Specification. The DD Form 254 instructs the contractor on the classification level of the contract, where the classified work should be performed, and many other requirements. Each classified contract should have an accompanying DD Form 254, so some cleared defense contractor facilities may have many 254's corresponding with the number of the classified contracts.
One task a new FSO should perform is to review all the 254's and conduct a self-inspection of the requirements on the 254 and how they are implemented according to the NISPOM. The self-inspection should include all areas of NISPOM as applicable to the cleared contractor facility. NOt every chapter of NISPOM will be implemented at the facility. However, the facility should be implementing those NISPOM chapters that reflect the DD Form 254 requirements. As a rule of thumb, NISPOM Chapters 1, 3, parts of 5 and 6 apply to all cleared defense contractors. However for cleared defense contractors that are authorized possession of classified information, other chapters may apply depending on classification level.
Jackie states that FSO's play a significant role in training employees on how to protect classified information. The FSO should be adequately training and be prepared to train the cleared employees to meet NISPOM requirements. NISPOM Training and FSO training such as security awareness, derivative classifier, insider threat, and more are key to successful security programs.
Find out more about the profession of the FSO from our podcast:
Post a Comment