1 / 11

Security Inspections and Reviews Purpose

Section Five: Security Inspections and Reviews Note: All classified markings contained within this presentation are for training purposes only. Security Inspections and Reviews Purpose.

edita
Download Presentation

Security Inspections and Reviews Purpose

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Section Five: Security Inspections and ReviewsNote: All classified markings contained within this presentation are for training purposes only.

  2. Security Inspections and ReviewsPurpose • {Company} is a cleared defense contractor with {Confidential, Secret, or Top Secret} facility security clearance (FCL) • As such, we are subject to both scheduled and un-scheduled inspections by various government agencies and other entities to include: • Defense Security Service • Various Intelligence Community Agencies • Department of Justice • Corporate Security Audit Team • Other special customers • Inspections ensure that security procedures, methods, and physical safeguards are adequate and in compliance with government and/or {Company} security regulations

  3. Security Inspections and ReviewsTypes • Government Inspections • The Security Department continuously works with personnel to prepare for Government inspections • Review security container holdings • Review end-of-day checks • Closed Area documentation • Self Inspections • Go above and beyond Government Inspections to ensure we are meeting all requirements • Information Systems Security Reviews (Included in Government and Self reviews) • All Classified Information Systems inspected annually Note: PII review is a component of all security inspections

  4. Security Inspections and ReviewsWhat should you expect? • Government inspections include a review of: • Public Release Reviews • Subcontractor DD254s • Consultant Purchase Orders • Visit Requests • Courier letters • Security Containers and Holdings • System Security Plans • Audits and Logs • Interviews with personnel • Security Container Assessment (if applicable)

  5. Security Inspections and Reviews Types of questions that will be asked • Have you been involved in a security violation? • When was the last time you have had security education? • What level security clearance do you have? • How do you use your security clearance? • What is adverse information? • What are some things that must be reported? • Who do you report adverse information to? • Are you part of an end-of-day security check? If yes, do you know what it consists of? • Have you traveled locally or abroad for {Company}? If yes, did it include hand-carrying classified material? • Do you know what the classified hand-carrying process is?

  6. Security Inspections and Reviews Information everyone should know • You are required to obtain and maintain a DoD security clearance while employed at the {Company} • Know your security clearance level • In process, Interim Secret, Secret, and Top Secret • Know how you use or can use your security clearance • Classified activities and work (i.e., Classified meetings or presentations, hand-carrying, classified projects, etc.) • Never say “I do not have a need for my clearance” • Education is provided daily, weekly, and annually through different means • Publications, posters, emails, presentations, courses, etc.

  7. Security Inspections and Reviews Records to maintain and have available • Ensure relevant portions of System Security Plan (SSP) are available • Have documentation for the following on hand • Profile • System Requirements Specification (SRS) • Hardware and software listing (Current and Past) • Up-to-date, signed and relevant User Briefing Statements and accounts • Configuration Management Record • Audit Log Review • Hardware sanitization records • Records of degaussed hard drives • Seal log • Copies of the most current accreditation letter and system additions

  8. Security Inspections and Reviews Records to maintain and have available (cont.) • Auditing • Know procedures for log file review and retention requirements • Unless specified and approved in the SSP, weekly audits are required • Security Seals, Seal Log, and Sign-out Sheet • Seals must be placed over • Laptops hard drive to prevent tampering and to assist visual inspection • IR ports and unused network ports • The Security Seal Log should record location and serial number of the seal • Sign-out sheet used to maintain accountability and must be used for systems with more than one user • Periods Processing • Proper start-up and shut-down procedures must be documented and accounted for • Trusted Downloading • Users trained and approved for trusted downloading must be identified on the User Briefing statement • Listed users may be asked to demonstrate Trusted Downloading • Specific approved procedures and file types used during Trusted Downloading must be identified within the SSP

  9. Security Inspections and Reviews System Configurations • Ensure system is configured as documented in SSP • User Accounts • Delete unnecessary accounts • Ensure User Briefing Statements are signed by the users of all active accounts • Verify that no Users have passwords set to ‘Never Expire’ • Antivirus • Definitions must be updated weekly or monthly at minimum • Document updates in configuration record • BIOS Settings • Password protect • Boot sequence should be set to only boot from the internal hard drive • Wireless, Bluetooth, IR and unnecessary ports disabled • Screensaver • All systems should have a password protected screensaver set to automatically engage after 15 minutes of inactivity

  10. Security Inspections and Reviews Self Inspections • The Security Department centrally oversees and supports the Self Security Review Program for all {Company} facility activities • Assess the overall security posture for unclassified and collateral classified programs • The scope exceeds and offsets government assessment • Methodology • Visit and discrepancies recorded and corrective action documented • Examples: • Self Security Review (industrial and information systems) • Information System (IS) Review • Dumpster and Recycle Program Audit • After Hours Review • Package Checks and Compliance • Personally Identifiable Information (PII) Review

  11. Security Inspections and Reviews Self Inspections (cont.) • 100% classified holding review • Administrative documentation • Closed/Restricted Areas documentation and compliance • IT Compliance • ITAR • Workplace Violence • EOD checks • Classified and Unclassified systems • Audit records • Personally Identifiable Information (PII) • Scope: • Interviews are conducted with personnel to discuss their understanding of security responsibilities • Refresher briefings provided annually • Reviews consist of:

More Related