Dod Secure

Send us a textThere are many contractual reasons to transfer classified information from one location to another. Meetings, working groups, and deliverable requirements are just a few. In the receiving organization, the FSO should ensure all arriving classified information is inspected and received into accountability. From How to Get U.S. Government Contracts and Classified WorkThe FSO should ensure that all classified deliveries are inspected prior to bringing them into accountability. Such checks are necessary to ensure items were sent properly, were not tampered with in transit, contain correct items and are authorized for storage in the classified holdingsBe sure to visit Red Bike Publishing for books and training.If you have questions, visit Jeff's website: jeffreywbennett.comWhen performing Derivative Classification tasks, it's sometimes necessary to produce, reproduce, copy, or print classified information for work products, briefingsJeff's WebsiteJeff is available for speaking and consu

Send us a textWhen Defense Counterintelligence and Security Agency (DCSA) conduct reviews of cleared defense contractor facilities, they go with a purpose. Their first priority may be to conduct a risk assessment of classified information in the contractor's possession. However, they are also looking at above and beyond metrics that demonstrate the commitment to national security. These above and beyond attributes are often recorded and rewarded. Here are some ideas Facility Security Officers can employ to demonstrate above and beyond NISPOM application. You might even consider inviting an Industrial Security Professional (ISP) or Industrial Security Oversight (ISOC) certified guest speaker.Additionally, many vendors offer already developed online NISPOM training perfect for sending to your employees.Be sure to create an index or catalog of where brochures, posters or other training items are located so that you can keep them updated, monitor use and make improvements. Most of all, it’s important to docu

Send us a textThough not as sinister and espionage riddled as most savvy spy novels, export compliance is an issue that will get defense contractors in trouble. Violating State Department regulations will bring the weight of the US Government on the offending company. According to the International Traffic In Arms Regulation, ITAR, “Any person who engages in the United States in the business of either manufacturing or exporting defense articles or furnishing defense services is required to register”. Security clearances should be kept to the minimum amount necessary to perform the classified work, access to that classified information must be kept to only those with a valid need to perform on the government work. Security clearance verification cannot provide need to know. Just because one has a clearance doesn’t mean they should be authorized access. Need to know is based on a contractual or work performance basis.A leader can form an HPT from all business units. Since the FSO is responsible for creating a

Send us a textA cleared contractor can help reduce expenses with by preparing ahead of time. This is where an experience FSO can anticipate expenses, perform risk assessment while implementing NISPOM and advise on ways to reduce costs while being compliant. The more money saved on overhead expenses, the greater the overall company profit. The earlier into the process the assessment is conducted the better the company performs overall.It's a common practice to allow employees to use enterprise computers outside of the enterprise. This has become more common where employees are increasingly working at home. Though a common practice, these occurrences are not always best practices. Anytime an employee leaves work with a company computer, the expectation is that all information is vulnerable.  Protecting classified material – The proper receipt, accountability, storage, dissemination and destruction of classified material. Link to CDSE training https://www.cdse.edu/Required training – This instruction helps

Send us a textRed Bike Publishing is pleased to announce the new NISPOM. National Industrial Security Program Operating Manual 32 CFR Part 117.  An FSO has readily available data to determine and communicate the effectiveness of the security program. Gathering available information, creating a detailed database and performing solid analysis will determine the program's success.End of day checks serve as a precaution against leaving classified information unattended.Feel free to contact us for information on how to promote your business through our newsletter.     NISPOM Training Topics:Insider ThreatInitial / Annual Security AwarenessDerivative ClassifierNon Disclosure AgreementNISPOM CentralProviding security clearance books, training, and resources for cleared defense contractors.Bennett InstituteOnline security clearance webinars and coaching. Providing security training and resources.Jeff's WebsiteJeff is available for speaking and consultingSIMS SoftwareSIMS suite provides features/functionality

Send us a text   Red Bike Publishing is pleased to announce the addition of training. We have created a training program that includes an Initial Security Training/Annual Awareness Training presentation and much more required by NISPOM. Instead of designing your own, just download and present these. You can even modify them (which we recommend) or tailor to your CDC business. Feel free to contact us for information on how to promote your business through our newsletter.     Jeff has made an online recorded version of the course NISPOM Fundamentals that he formerly taught at the University of Alabama Huntsville. He is available teach similar courses at your companies. Send an email to editor@redbikepublishing.com. Red Bike Publishing offers generous royalties and are able to reach over 30,000 people through various magazines, Amazon.com, and other bookstores. Red Bike Publishing uses professional printing and distribute through Ingram, Baker and TSecurity Defense LawyerIf you have had an event that could put

Send us a textContact/newsletter:redbikepublishing.com/contactThe National Industrial Security Program NISPOM is THE guidance for Cleared Defense Contractors (CDC) performing on classified contracts. However, it doesn’t always answer some questions these FSOs might have about protecting classified information. For example, suppose a defense contractor company has a contract requiring the storage of classified information at the SECRET level. Do they need an alarm?You might recall in earlier articles that I’ve emphasized the importance of finding out what the threats to classified information are to your particular organization. Be aware of NISPOM vs. Best Practices, vs. Risk Assessment before committing resources that may or may not be required. Industry standards and common practices may almost seem like requirements, but can be expensive endeavors if not necessary to implement. To some, it may be unheard of not to have alarms, cameras or access control systems (door magnets and card readers). However, these

Send us a textWhile Facility Security Officers, government and military employees do an incredible job at training employees, implementing and directing security programs to protect classified information, a more menacing threat is still left unchecked.     The security industry spends terrific amounts of money fortifying and constructing buildings based on best practices and not entirely on a risk assessment. The NISPOM and other regulations advise on focusing protection and reducing costs. However, without a proper risk assessment, they may fall short of meeting legitimate threats.  The current practice makes it very difficult for someone to break in and steal secrets.  In light of addressing best practices, the main threat should not be overlooked or neglected. For example, when was the last time you read of buildings being broken into and safes blasted open or being cracked to obtain our nation's secrets? Facility securiSecurity Defense LawyerIf you have had an event that could put your security clea

Send us a textNISPOM Seminar https://www.redbikepublishing.com/nispom-seminar/Study NISPOM Fundamentals in Four hour sessionWe excited to offer two live NISPOM Seminar events:• 23 March 4-8 Pm CST• 30 March 4-8 Pm CSTPrepare for the Industrial Security Professional ISP Certification (ISP) and the DoD’s SPeD Industrial Security Oversight Certification (ISOC). Those and several similar motivational publications stress that everyone has the same amount of time in a day. What we do during that time helps us either make or goals or fail before we even get started.   As leaders, FSOs can help cleared defense contractor employees understand how to create incredible security programs. Focusing on training, interaction with other cleared employees, self-improvement and institutional education should be part of professional development. FSOs and managers who write evaluations for direct reports have an excellent opportunity to help them establish goals to become better at their jobs, more impactful in their careers and

Send us a text So let’s talk professional goals, the NCMS’ ISP Certification and CDSE's ISOC are great ones to strive for.1.  Begin at the NCMS, ISP Certification information website @ http://www.ncms-isp.org/ISP_Certification/index.asp. If your goal is ISOC certification, begin at the CDSE website. 2. Understand the application process. There are minimum experience requirements that applicants must meet as well as administrative tasks built into the process.3. Understand the requirements and get a feel of where you are professionally and any gaps you need to breach to bring your knowledge of NISPOM and ISP or ISOC  Certification categories to where it needs to be. It’s not necessary to be an expert in all areas or to be able to quote regulations and requirements. 4. The following are some things that you can do to prepare to fill those knowledge gaps:a. Study the NISPOM and other reference document structure and understand where to find topic related information. Also, become familiar with key industry

Send us a textIn the course of performing on classified defense contracts, exchange of classified information is inevitable. While, the movement of classified information outside of a secure environment is to be kept to a minimum, there are times it must be moved in fulfillment of requirements.As the senior industrial security manager in CDCs, the FSO leads the security program designed to protect classified information and prevent unauthorized disclosure. While working in the secure environment, contractors protect classified information under their control and cleared employees protect classified information entrusted to them. Classified Meetings:Prior to the start of a classified meeting either the government sponsor or the contractor representative should provide a security briefing notifying attendees of the classification of information to be discussed, whether or not taking notes is permitted and if so, how they will be controlled. For example, when classified notes are permitted, they will have to be

Send us a textThe latest industry buzz is the “release of the new National Industrial Security Program Operating Manual (NISPOM)”. I’m putting air quotes in there, because an actual NISPOM has not been rewritten or re-released. There is no re-release of NISPOM, only a reorganization of the CFRs that duplicate National Industrial Security Program requirements.Conclusion:  No new NISPOM (just a few additions)·                 32 CFR part 117 and 32 CFR part 2004 are redundant requirements·                DoD will no longer publish the DoD Manual 5220.22, NISPOM as a DoD policy issuance in 32 CFR part 117.·                 32 CFR part 2004, “National Industrial Security Program” is now the standing CFR·                NISPOM Change 2 is still a requirement that Cleared Defense Contractor (CDC) must followBackgroundA quick read will review that there actually is no new NISPOM. This information just codifies (fancy legal term for: arrange (laws or rules) into a systematic code.).You might know that the Director of

Send us a text  We are pleased to present the newest podcast. In this issue, we address security certification and security training because; New Year's Resolutions. ISP® AND ISOC Master Exam Prep is now available here and at most online book stores.Also, we've provided real world security discussions and frequently asked questions. These occasions have proven to be good opportunities to clarify understanding of security policies and the reasons we do what we do.  We would love to hear your stories as well.     We hope you continue to learn and benefit from our newsletter and products. If you are, please refer us to a friend or forward this newsletter with our appreciation.  Stop by our advertisers websites as well. You just might find what you are looking for.  Have you taken the next step to being competitive in the government contracts arena? If not, this article will provide information and tips based on a proven method of studying for and passing the exam. Why earn a certification?There are sev

Send us a textThis episodes discusses new guidance on Controlled Unclassified Information. https://www.archives.gov/cuiIn this episode of DoD Secure, I discuss the new guidance for Controlled Unclassified Information (CUI). There are a few points to consider: 1. The government designates CUI 2. CUI Registries, training and information exist with executors at Information Security Oversight Office (ISOO) and DoD  3. The CUI guidance reflects the guidance found with protection classified information. The government owns the information, designates which is CUI, provides markings and notifications, provides oversight, and communicates to the contractor. Guidance for protection classified information that can be applied CUI can be found at: How to Get U.S. Government Contracts and Classified Work | Red Bike Publishing https://bennettinstitute.com/courses/ This discussion follows the topics: Apply proper initial marking requirements  Identify decontrol requirements  Describe safeguarding requirements  Identify prop

Send us a text Careers in Cleared Defense Contractors:I receive a lot of emails from people who wonder how to get into the Cleared Defense Contractor field. Many are looking for a career change and are curious about what kind of education and experience is needed to work as a security specialist in the defense and contractor industry.     Industrial security is an outstanding field for someone with all ranges of experience to enter into. Some have been hired at an entry level job and have received promotions and additional responsibilities. Others have transferred full time to security after enjoying serving in an additional duty capacity. Career growth occurs as the contract and company expands or the employee takes on more responsibilities after hiring on with another company. Security managers can also move to higher level security positions as chief security officer or corporate security officer as experience meets opportunity.Consulting:   Consultants are hired by a company to fill a need the organizatio

Send us a text     In this issue, we've provided real world security discussions. These occasions have proven to be good opportunities to clarify understanding of security policies and the reasons we do what we do.     Preparing for growth involves the FSO not only training and hiring security employees, but accurately calculating classified inventory storage and work performance needs. Meeting legitimate growth is another area where an FSO should be injected into strategic planning. Classified contract opportunities present themselves in many variations.     Potential security professionals should not only be U.S. citizens with security clearances, but demonstrate competence in the tasks they are asked to do and a desire to perform. They should also have the ability to grasp and teach concepts of security to help keep the security fresh in the corporate culture.     During the certification training, the new employee can enroll in government provided on-line and residence training, lessons provided by c

Send us a textSome security training and briefings are very discouraging for the work force. Many times, the training is the exact same video or presentation used year after year. So, if you go to my website www.redbikepublishing.com, you might find training and tests that do ask those types of questions. This topic is specifically about how to make your security training more effective for your work force. There are two types of training: for security professionals and for the workforce. So here are three problems I see with the current security training trend:1.     Lack of training resourcesWhat is concrete is that there are various training topics required for cleared defense contractor employees, they include:·       SF 312 Non-Disclosure Agreement briefing·       Initial Security Awareness training·       Annual Security Awareness Training·       Derivative Classifier training·       Insider Threat Training ·       other required training events and briefings2.     One Size Fits allThere are many resour

Send us a textITAR issuesA few years ago I facilitated a short but very rewarding eight hour seminar on the International Traffic In Arms Regulation (ITAR) Overview. I am grateful to the staff at the University of Alabama in Huntsville and the North Alabama Trade Association for both sponsoring the event and allowing me to present. I found the course rewarding as I presented to a mixed audience of 30 professionals ranging from shipping and receiving specialists to executive vice presidents. The mix also consisted of professionals with various degrees of know-how as consultants, attorneys, technology control officers and those brand new to the field shared experiences and learned from one another. As a compliance officer in various disciplines, I have had the privilege of leading security and compliance teams and seminars on multiple topicsThough this was my first of hopefully many export regulations seminars, I noticed the similar need in the compliance field. Regardless of the discipline, compliance works be

Send us a textI am currently preparing to publish my new book, "How to Win U.S. Government Contracts and Classified Work", it's basically a total revision of "DoD Security Clearance and Contracts Guidebook". Chapter Five reviews the Executive Orders and regulations relating to Classification Markings and there is some good information from all sources. I believe this is fundamental to the profession of anyone working on classified contracts. Understanding why and how information is classified is vital to knowing exactly what to protect and how. There are a few hard and fast rules for classifying information. It is a fantastic idea to maintain a data set of security breaches, violations, reports of compromise or suspected compromise. However, this data rarely leaves their office. Because of the sensitive nature, it is held closely either for fear of retribution or fear of embarrassment. In truth, there is no retribution for security violation reports and information contained could be

Send us a textOnce a company wins a bid on classified work, they will then prepare their organization to perform classified work according to the contract. Some great planning resources are the DD Form 254, Statement of Work, and Security Classification Guide. This podcast teaches how to use the references to set up your program.As part of a classified contract, Cleared Defense Contractors (CDC) may receive  or transmit classified information. Part of the receipt task is the critical inspection of the package throughout the unwrapping process. The inspector is searching for evidence of tampering or to otherwise to inspect that there has been no compromise of classified material since leaving the sender’s organization. Once all the checks and verifications are complete, the receiver can then sign a copy of the receipt and return to the sender, thus closing the loop on the sender’s accounting responsibilities. The copies of receipts are filed away and the classified information is put into a database and the it