Industrial Security

Question 1

What is the purpose of Cognizant Security Agencies (CSA)?

Answer 1

These organizations establish industrial security programs and oversee security requirements

Question 2

What is the purpose of Cognizant Security Offices (CSO)?

Answer 2

These organizations administer the NISP and provide security guidance, oversight, and policy clarifications

Question 3

What is the role of an Industrial Security Representative (IS Rep)?

Answer 3

Serves as contractor’s primary point of contact for security matters

Works closely with the FSO to provide advice, assistance, and oversight

Conducts Security Vulnerability Assessments (SVAs) and administrative inquiries

Contractors report security violations to IS rep

*Government role

Question 4

What is the role of an Information System Security Professional (ISSP)/Security Control Assessor (SCA)?

Answer 4

Works closely with IS Reps and contractor personnel on all matters related to the authorization and maintenance of authorized contractor classified Information Systems (ISs)

Oversees authorized contractor IS use

*Government role

Question 5

What is the role of a Counterintelligence Special Agent?

Answer 5

Provides advice, oversight, and training regarding counterintelligence issues

Works with contractors to identify potential threats to U.S. technology, including insider threats

*Government role

Question 6

What is the role of the Installation Commander/Agency Head?

Answer 6

Serves as the CSO for government-controlled and leased facilities.

Has overall responsibility for the security of the installation

Reviews and updates installation directives to reflect minimum NISPOM guidance for those contractors who are required to work on the installation

*Government role

Question 7

What is the role of a Facility Security Officer (FSO)?

Answer 7

Has ultimate responsibility for the administration, oversight, and day-to-day operation of the contractor security program

Meets NISPOM requirements and contract specific DD 441 and DD 254

*Contractor role

Question 8

What is the role of an Information System Security Manager (ISSM)?

Answer 8

Manages each Information System (IS) and ensures all IS security requirements are met.

Implements NISPOM IS security requirements to include self inspections of IS

Establishes, documents, maintains, and monitors IS security programs and procedures

Conducts IS security education and training

Notifies the CSO of relevant changes to IS

Develops facility procedures for: handling media and equipment containing classified information, implementing security features, incident reporting, user acknowledgment of responsibility, and threat detection, including auditing and monitoring for malware attacks, phishing attempts, and other threats

*Contractor role

Question 9

What is the role of an Insider Threat Program Senior Official (ITPSO)?

Answer 9

Responsible for establishing and maintaining an Insider Threat Program that gathers, integrates, and reports any information that might indicate an insider threat

*Contractor role

Question 10

What is the purpose of a Government Contracting Activity (GCA)?

Answer 10

Defines the initial requirements for the product or service, as well as the acquisition strategy for the contract

Publishes a Request for Proposal (RFP) as part of the solicitation stage

Evaluates the submitted proposals and, based on the criteria outlined in the GCA’s RFP

Awards the contract to the contractor that provides the best value to the government.

Question 11

What is included in a Request for Proposal (RFP)?

Answer 11

• Contract requirements
• Contract clause
• Work statements
• Specifications
• Delivery schedule
• Payment terms

Question 12

What are the facility requirements for a classified contract?

Answer 12

The government must verify that the contractor has a valid Facility Clearance (FCL)

• At the appropriate level
• With the appropriate storage capabilities, if applicable
• If the company does not have a valid FCL:
• The government will need to sponsor the company for an initial FCL at the proper level

If the company has an FCL at a lower level:
- The government will need to sponsor an upgrade to the proper level prior to awarding any classified contracts

Question 13

What is the role of a Contracting Officer (CO)?

Answer 13

Authority to enter into, administer, and terminate contracts.

Oversight and contract responsibility for numerous programs

Authority may be delegated for

• Contract administration to an Administrative Contracting Officer, or ACO.
• Settling terminated contracts may be delegated to a Termination Contracting Officer, or TCO

*Government role

Question 14

What is the role of a Contracting Officer’s Representative (COR)?

Answer 14

• Designated by the CO
• Assigned to specific contracts (SME), and oversees the contracting process, making sure that all of the necessary requirements are met
• Determine whether a contractor has the need for access to classified information, verify the contractor’s FCL, and sponsor the contractor for an FCL, if necessary.
• Communicate the security requirements, monitor contractor performance
• Not authorized to make any commitments or changes that will affect price, quality, quantity, delivery, or any other term or condition of the contract; these are the responsibility of the CO
• Government role

Question 15

What are the requirements for Contract Documentation?

Answer 15

• Include security clauses, as required by the Federal Acquisition Regulation, or FAR and the Defense Federal Acquisition Regulation Supplement, or DFAR.
• Follow the security classification guidance to include classified and CUI

Question 16

What does the Statement of Work (SOW) contain?

Answer 16

Provides the contractor with background, objective and completion information on the desired end product

Contains contract information such as

• Project scope
• Deadlines and steps
• Contractor details
  
  • Lists of contract working personnel
  • Billing hours and rates
  • Clearance levels required
  • Travel, if applicable

Question 17

What does the Department of Defense Contract Security Classification Specification (DD 254) provide to contractors?

Answer 17

Provides contractors with security requirements and security classification guidance to perform on the classified contract

• Specific clearance and access requirements
• Authorization to generate classified information
• Classified storage requirements
• Instructions about public disclosure
• Other special security regulations above and beyond those detailed in the NISPOM

*Mandatory for all contracts requiring access to classified information

Question 18

What knowledge/roles are required to complete the DD 254?

Answer 18

• Contracting authority and knowledge (Example: the COR)
• Program knowledge and subject matter expertise (Example: program manager for the contract)
• Security knowledge of information and industrial security requirements (Example: FSO or security specialist)

Question 19

What is a DoD Security Agreement (DD Form 441)?

Answer 19

• Legally binding contract between the U.S. Government and the contractor
• Executed when a company receives its FCL
• Must be completed before any work on a classified contract begins

Question 20

What are the basics of a Facility Clearance (FCL)?

Answer 20

• Administrative determination that a company is eligible for access to classified information of a certain classification level and all lower levels
• Contractor or facility cannot access or possess classified material until the FCL is granted and safeguarding capabilities are approved
• All Key Management Personnel (KMP) must be granted a PCL before the FCL will be granted
• It is not the actual facility building or structure that is cleared, but the individuals who run, own, and manage the facility

Question 21

What is the government’s role in DoD Security Agreement (DD Form 441)?

Answer 21

• Establishes authority to review the contractor’s security program to ensure compliance
• Makes a commitment to process PCLs for contractor employees
• Agrees to provide security classification guidance and oversight

Question 22

What is required in order to obtain a Personnel Security Clearances (PCL)?

Answer 22

• Favorable clearance eligibility determination at the proper level
• Possess a need-to-know
• Execute a Classified Information Non-Disclosure Agreement (SF 312)

Question 23

What are the steps in the Personnel Security Clearances (PCL) Process?

Answer 23

• The GCA and RFP (not PM) decide if an employee needs a PCL based on requirements to perform on the classified contract
• The FSO initiates the process and the employee completes the SF-86
• The FSO sends the SF-86 to the Personnel Security Management Office for Industry (PSMO-I)
• PSMO-I determines whether the request for a clearance is legitimate and forwards the application to the investigative agency that will conduct the background investigation
• The investigative agency puts all of the information collected into a report that the DoD CAF reviews
• The DoD CAF uses the national standards laid out in the DoDM 5200.2, Procedures for the DoD Personnel Security Program, to make a national security eligibility determination
• If the determination is favorable, the DoD CAF records the eligibility level in the DoD system of record
• The FSO may then grant the employee access to classified information, up to the level for which the employee is eligible.

Question 24

Who determines the level of clearance for the PCL?

Answer 24

The GCA based on the RFP

*Not the PM

Question 25

Personnel Security Clearances (PCL) Process

Answer 25

1. FSO initiates the process
2. Employee completes the SF-86
3. FSO sends the SF-86 to Personnel Security Management Office for Industry (PSMO-I)
4. PSMO-I determines if the request for a clearance is legitimate
5. PSMO-I forwards the application to the investigative agency that will conduct the background investigation
6. Investigative agency puts all of the information collected into a report
7. DoD Consolidated Adjudications Facility (DoD CAF) reviews the report
8. DoD CAF uses the national standards laid out in the DoDM 5200.2 to make a national security eligibility determination.
9. If the determination is favorable, the DoD CAF records the eligibility level in the DoD system of record
10. FSO may then grant the employee access to classified information, up to the level for which the employee is eligible

Question 26

What is the FSOs role in Terminating Access?

Answer 26

• Debrief employees who no longer require access
• Remove their names from any access rosters and/or any active visit certs
• Remove the employee’s access in the current DoD system of record

*Eligibility remains in the system of record even when access is terminated by the FSO

Question 27

Who is responsible for ensuring visitors have the appropriate PCL and need to know?

Answer 27

The party who is disclosing the classified information (the host contractor) is responsible

Contractors are responsible for supplying their employee’s clearance information to the host facility prior to the visit through the current DoD system of record, or if that is not available, with a visit cert

Question 28

How is a visitor’s PCL verified?

Answer 28

Review of a CSA designated database that contains the information

or

By a visit cert provided by the visitor’s employer

Question 29

What is a contractor’s main responsibility?

Answer 29

Implement NISP requirements for the protection of classified information

Question 30

What is the government’s role in the NISP?

Answer 30

• Establishing requirements

- Providing advice, assistance, and oversight