Information for the CIO, CSO, FSO, ISSO and other security professionals. Understanding NISPOM and ITAR compliance is tough. With over 12,000 cleared defense contractors, a majority of those don't have a security staff. We'll hope to help fill the gap. From security clearances to performing on classified contracts, you can find help here.
Impactful ways to augment security awareness training
When Defense Counterintelligence and Security Agency (DCSA) conduct reviews of cleared defense contractor facilities, they go with a purpose. Their first priority may be to conduct a risk assessment of classified information in the contractor’s possession. However, they are also looking at above and beyond metrics that demonstrate the commitment to national security. These above and beyond attributes are often recorded and rewarded. Here are some ideas Facility Security Officers can employ to demonstrate above and beyond NISPOM application. Some of the suggested ideas include:
Security fairs-Security fairs are great ways to demonstrate the added value security provides to the cleared defense contractors. The FSO can set up designated booths that functions to provide security solution and awareness. For some examples include:
Document wrapping booth to demonstrate how to properly mark and wrap classified packages. You can take the opportunity to brief courier and other classified transport opportunities.
Fingerprint booth-As FSO I ordered children’s finger print cards. When we had a company picnic, I invited all the parents to come by to get their children fingerprinted. I then turned the completed cards back to the parents for safe keeping. This provided a service to the company and helped establish personal and working relationships.
Document destruction-You can extend shredding and destruction services to employees. Invite them to bring in personal information such as financial records and shred them on site. If you have a vendor that provides the service for you, they many offer to do so in support of the security fair. While there, you can relay the importance of protecting and properly destroying classified, export controlled and privacy information.
Interactive designated security focused weeks-You can implement great security training by having theme weeks. For example, you can designate one week for information security, one week for personnel security, one week for general security and etc. During the focus weeks, you can provide educational emails, letters, posters or announcements with the relevant security reminders or training.
Security lunch events-I worked with a company that initiated a “lunch with the FSO”. The FSO reserved a conference room, carved out time in his schedule, and invited subject matter security experts to sit on a board. Every employee was extended an invitation to attend the monthly events. The FSO opened the meeting with any updates or reminders of security policy and invited the attendees to ask questions of the subject matter experts.
Hosting guest speakers on security related topics –There are great resources that the FSO can call on to provide guest speakers. Fellow members of professional organizations may be happy to help. You can enlist fellow professionals to talk about International Traffic in Arms Regulation (ITAR) compliance or how to escort foreign visitors or other subject matter expert to on any topic appropriate for your company. You can contact a vendor to talk about their security related products or bring in a paid speaker or consultant. Also, don’t forget counter intelligence agencies, DSS or the FBI’s domain coordinators who may be available for such occasions. You might even consider inviting an Industrial Security Professional (ISP) or Industrial Security Oversight (ISOC) certified guest speaker to discuss the value of hiring employees board certified to protect classified information.
Webinars-More and more training is being conducted on line. Professional organizations have such material available to paid members, DSS has a catalog of tons of training, and there is lots of free training available online. There are also great vendors who provide training software and hosting for company developed online training. Additionally, many vendors offer already developed online NISPOM training perfect for sending to your employees.