1 / 11

Justin Walsh FOCI Program Manager Industrial Security Field Operations

Gain insights into FOCI oversight metrics, reasons for poor security ratings at FOCI facilities, best practices, and compliance breakdown. Discover how to improve FOCI compliance and security ratings effectively.

azimmermann
Download Presentation

Justin Walsh FOCI Program Manager Industrial Security Field Operations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Justin WalshFOCI Program ManagerIndustrial Security Field Operations

  2. Briefing Objectives • FOCI Oversight Metrics • Reasons for poor security ratings at FOCI Facilities • FOCI Best Practices • ECP

  3. FY 2011, DSS has conducted 9,758 security reviews 303 of which were FOCI signatories Non-FOCI signatories Compliance Breakdown: 77.4% rated Satisfactory 17.5% rated Commendable 4.6% rated Superior 0.5% rated Marginal or Unsatisfactory FOCI Signatory Compliance Breakdown: 68.3% rated Satisfactory 23.4% rated Commendable 7% rated Superior 1.3% rated Marginal or Unsatisfactory FOCI Oversight Data

  4. Reasons for Poor Security Ratings • Lack of management support for implementing the agreement • Unauthorized Co-location • Shared services occurring without approval • Company not abiding by the visitation requirements of the agreement • Inadequate monitoring of electronic communications • Contact Reports not being logged or tracked • Failure to report FOCI Changed Conditions

  5. Failure to submit an Annual Compliance Report Lack of security education training on the agreement GSC not implementing the provisions of the agreement Failure to implement a TCP or appoint a TCO Sending an export controlled document to an affiliate without proper export authority. Reasons for Poor Security Ratings

  6. Strong GSC and Management support that are fully engaged on the requirements of the FOCI agreement and supportive of the security staff. Automated approach to auditing FOCI requirements Conducting FOCI Compliance trend analysis and tailoring compliance policies and education to the recent trends Review of 100% of electronic communications. Include a robust standard content review for electronic communications FOCI Best Practices

  7. FOCI Best Practices • Outstanding security education programs which foster a culture of understanding and compliance with the agreement • Conduct frequent self inspections across the company to ensure compliance with the FOCI agreement as well as NISP requirements. • Security staff involved in Industry Groups focused on compliance with FOCI and other NISP requirements. • Continuous communication with DSS to ensure transparency on matters pertaining to FOCI

  8. Revised template released October 2011 http://www.dss.mil/isp/foci/foci_info.html Clarification on Teleconference and Video Teleconference requirements (See sections 1, 17.1, and 17.3 of the ECP Template). Teleconferences no longer treated as visits Monitoring configuration changes and defining which ECP changes require prior approval by DSS (See section 8.1 and the addition of attachment 4 "ECP Revision Log"). ECP Template Summary of Changes

  9. Export Control Procedures (Section 16). The addition of the sentence: "If a third party provider is administering the Company’s network, please describe the Company's procedures in place to ensure that export control violations do not occur with respect to the third party provider's administration of the Company's network." Attachment 3 - The User Acknowledgement language has been revised to reflect that employees must be briefed on the purpose of the ECP and their responsibilities under the plan. ECP Template Summary of Changes

  10. Common Reasons for ECP Rejections • ECP missing required attachments such as network configuration diagrams and company policies and procedures referenced in the ECP. • Section 17 Additional FOCI Procedures are either not filled out • completely with adequate detail or their current procedures are not adequate. • Inadequate Description of Technical Baselines.

  11. Central Florida FOCI Working Group Howard Rand 407-281-3024 Howard.Rand@saabtraining.com FOCI Working Group

More Related