750 likes | 1.03k Views
WELCOME TO THE NATIONAL INDUSTRIAL SECURITY PROGRAM (NISP). Spectrum Technology Group, Inc. Dennis L. Leland, President Facility Security Officer. What is the NISP?.
E N D
WELCOME TO THE NATIONAL INDUSTRIAL SECURITY PROGRAM (NISP) Spectrum Technology Group, Inc. Dennis L. Leland, President Facility Security Officer
What is the NISP? • The NISP was established by E.O. 12829, 6 Jan 93, for the protection of information classified pursuant to E.O. 12356, 2 Apr 82, “National Security Information”, or its successor or predecessor orders, and the Atomic Energy Act of 1954, as amended. • DoD, DOE, NRO and CIA prescribe to the NISP.
Your Facility and its Participation in the National Industrial Security Program (NISP) Spectrum Technology Group, Inc.
What is the National Industrial Security Program Operating Manual (NISPOM) DoD 5220.22-M? • Spectrum Technology Group, Inc.
NISPOM • Prescribes requirements, restrictions, and other safeguards that are necessary to prevent unauthorized disclosure of classified information and to control authorized disclosure of classified information released by U.S. Government Executive Branch Departments and Agencies to their contractors.
Classified Contract • Any contract that requires or will require access to classified information by a contractor or his or her employees in the performance of the contract . (A contract may be a classified contract even though the contract document is not classified.)
General Requirements Spectrum Technology Group, Inc. FSO Dennis L. Leland, President
Facility Security Officer (FSO) • The FSO will supervise and direct security measures necessary for implementing the NISPOM and related Federal requirements for classified information.
Security Procedures and Duties Applicable to the Employee’s Job • Personnel (employees and consultants) of Spectrum Technology are provided limited access to classified material ONLY during authorized visits to the Naval Surface Warfare Center Carderock Division (NSWCCD), onboard U.S. nuclear submarines and surface ships, or at other official locations as may be required. • Classified material is not provided at the premises of Spectrum Technology Group, Inc.
Security Procedures and Duties Applicable to the Employee’s Job • Personnel (employees and consultants) of Spectrum Technology do not receive, retain, reproduce, transmit, or dispose of any classified material. • Personnel of Spectrum Technology are given temporary custody of classified material and are granted access to the classified network at NSWCCD. • Personnel must safeguard classified material temporarily in their possession and dispose of classified working papers in approved burn bags while at NSWCCD.
Security Procedures and Duties Applicable to the Employee’s Job • The security procedure for Spectrum Technology Group, Inc. is to report any security violations, suspicious contact reports, and adverse information to the FSO, Dennis Leland: DLeland@spectrumtechnology.us • (240) 731-9882 • 21917 Foxlair Rd., Laytonsville, MD 20882 • And to Naval Surface Warfare Center, • Carderock Security
Security Training and Briefings • Contractors shall provide security training to cleared employees by initial briefings, annual briefings and debriefings.
Security Reviews • Contractor Reviews • Review on a continuing basis • Formal self-inspection at intervals consistent with risk management principles.
Security Clearances • Facility • Personnel • SF 86 • FD 258 • JPAS Actions • e-QIP Software • SF312 Non-Disclosure
When are DD Forms 254 Required? • Original with IFB, RFP, RFQ or other solicitation • Original with the award of contract • Revised if change to existing guidance or requirements • Final with retention
Subcontracting • Before a prime contractor may release, disclose classified information to a subcontractor, or cause classified information to be generated by a subcontractor, the following are required: • Determine security requirements of the subcontract • Determine clearance status of subcontractor
Verification of Clearance and Safeguarding Capability • Operating Center, Columbus Central • 1- 888-282-7682 • www.dss.mil • Valid for 3 calendar years unless superseded in writing by the CSA
Preparation of a DD Form 254 for a Subcontractor • May extract pertinent information from the Prime DD Form 254 or provide applicable security classification guides • Can never exceed the requirements of the Prime Contract
Two Types of Classification Guidance • Original Classification Authority (Government Official) • Derivative Classification Authority (source documents, classification guide)
Reporting Requirements • To the FBI • actual, probable or possible espionage, sabotage, or subversive activities at any of your locations. A written report is required with a copy provided to the CSA.
Reporting Requirements • To the CSA (OCC) • Adverse Information • Change in cleared employee status • RFI • Citizenship by Naturalization • Not desiring to perform on a classified contract
Reporting Requirements • To the CSA (OCC) • Refusal to sign the SF 312 • Individual Culpability Reports
Reporting Requirements • To the CSA (S51HX) • Suspicious Contacts • Changed Conditions affecting the facility clearance • Loss, Compromise or Suspected Compromise of Classified Information
Reporting Requirements • Cleared employees must report adverse information, suspicious contact and security violations (e.g. classified material not properly secured) to the President, FSO, of Spectrum Technology Group, Inc.: Dennis Leland and to NSWCCD Carderock Division Security.
Reporting Requirements • Adverse information includes: • Excessive indebtedness or recurring financial problems • Unexplained affluence • Use of drugs or excessive use of intoxicants • Bizarre behavior • Mental or emotional problems • Criminal behavior.
Reporting Requirements • Adverse information also includes: • Wage garnishments, which need to be reported • Bankruptcy, which should also be reported.
National Industrial Security Program (NISP) • Contractors shall protect all classified information to which they have access or custody. A contractor performing work within the confines of a Federal installation shall safeguard classified information in accordance with provisions of the NISPOM and/or with the procedures of the host installation or agency.
Cooperation with Federal Agencies • Contractors shall cooperate with Federal agencies during official inspections, investigations concerning the protection of classified information and during the conduct of personnel security investigations of present or former employees and others.
DOD Hotline1-800-424-9098 • An unconstrained avenue for government and industry to report, without fear or reprisal, known or suspected instances of serious security irregularities and infractions.
Classified Information Nondisclosure Agreement • The SF 312 is an agreement between the U.S. and an individual who is cleared for access to classified information. • The SF 312 shall be signed and dated by the employee and witnessed. • An employee issued a clearance must execute an SF 312 prior to being granted access to classified information.
Initial Security Briefing • A Threat Awareness Briefing • A Defensive Security Briefing • An Overview of the security classification system • Employee reporting obligations and requirements • Security procedures and duties applicable to the employee’s job
The Threat Has Not Gone Away! • Our greatest challenge in the coming years, for industry and government, is to protect our advanced technology from unauthorized disclosure from individuals and governments whose interests may be incompatible with the national security of the U.S.
The Threat Has Not Gone Away! • Let there be no mistake, the foreign intelligence collection threat directed against the U.S. defense industry is as great today as it was in the past. • Much of this effort is directed at acquiring corporate proprietary technology. Information which your firm may have devoted hundreds of millions of dollars in R&D.
What Information Is At Risk? • Foreign collection continues to focus on economic & Sciences and Technology (S&T) information and products. • Programs associated with dual-use technologies are often consistent targets for both foreign government and foreign commercially sponsored collection activity.
DSS continues to observe the expansion of non-traditional foreign threat collection in industry...virtually any foreign competitor to U.S. industry is a potential collection threat if sound risk management is not practiced.
Your company’s proprietary information is at risk! The information foreign intelligence organizations, think tanks and semiprivate research centers seek need not be classified or defense related.
Your Company’s Proprietary Information is at Risk! • The information foreign intelligence organizations, think tanks and semiprivate research centers seek need not be classified or defense-related. • Collection activity today is heavily focused on obtaining commercial and economic data which will enable a foreign nation to become commercially prosperous.
Proprietary Information of Particular Interest Includes • Marketing strategies • Bid and proposal data • Staff composition and suggestibility to recruitment • Technology and information held by your company • Travel plans and trade show attendance
DSS’ Goal • Our goal is to foster greater security awareness in response to the threat directed at your facility and to ensure that the security requirements are rational, threat-appropriate and cost-effective. • Counterintelligence Office at DSS • NACIC
Security Classification • Affects performance reviews • Establishes a requirement for self-inspections • Encourages classification challenges
Levels of Classification • Top Secret • Secret • Confidential
Employee Reporting Obligations and Requirements • Reports affecting the individual and their personnel security clearance.
Cleared employees must report… • Any and all security violations to the FSO, Dennis Leland, as soon as he/she becomes aware of any. • The FSO will file the “Reports of Loss, Compromise or Suspected Compromise” to CSA per NISPOM 1-303. • Some common security violations which may occur at NSWCCD are: • Classified material left out or unattended • Unsecured, unattended security containers/unsecured combinations • Removal of material without approval • Lost classified information • Unauthorized copying or destroying classified material • Unauthorized/improper transmission of classified material • Disclosure of/permitting access by an unauthorized person • Processing classified material on a non-approved computer.
Cleared employees must report… • Suspicious Contact Reports: • Any efforts, by any individual, regardless of nationality, to obtain illegal or unauthorized access to classified or sensitive information • Any efforts, by any individual, regardless of nationality, to compromise a cleared employee • Any contact by a cleared employee with a known or suspected intelligence officer from any country • Any contact, which suggests the employee concerned, may be the target of any attempted exploitation by the intelligence services of another country.
Suspicious Contact Reports (continued) The FSO, Dennis Leland, will submit any Suspicious Contact Reports to the DSS Counterintelligence Department. Suspicious Contact Reports comprise the annual Technology Collection Trends reports.
Refresher Briefings • Annual refresher briefings for all cleared employees. • Reinforce information provided during initial briefing and inform employees of appropriate changes in security regulations
Debriefings • Debrief cleared employees at the time of termination of employment; when an employee’s pcl is terminated, suspended, or revoked; and upon termination of the fcl.
Visit Authorization Letters (VAL) • Contractor’s name, address, phone number, Cage Code, level of fcl, name, date & pob, citizenship of employee, certification of pcl and special access, name of person to be visited, purpose & justification & date VAL is to be valid.
Need-to-Know Determination • Responsibility rests with individual who will disclose classified information during the visit. • Procedures to ensure positive identification of visitors prior to the disclosure of classified information. • Disclosure Authorization by GCA.
CONFIDENTIAL • The designation that shall be applied to information or material the unauthorized disclosure of which could be reasonably expected to cause damage to national security.