Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

FSO Training > Introduction To Industrial Security > Flashcards

Introduction To Industrial Security Flashcards

1
Q

NISP

A

National Industrial Program Security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Can a Classified Contract be less restrictive than the NISPOM?

A

No.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Do Unclassified contracts require rules to safeguard information?

A

Yes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

NISPOM

A

National Industrial Security Program Operating Manual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the purpose of the NISPOM?

A
  1. Defines NISP requirements
  2. Provides guidance for contractors.
  3. Ensures uniform security requirements.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CSA

A

Cognizant Security Agencies
Establish and oversees security requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

CSO

A

Cognizant Security Offices
Administer the NISP on behalf of the CSA and provide security guidance, oversight, and policy clarifications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

GCA

A

Government Contracting Activities
* Issues the contract
* Provides contract-specific security classification guidance
* Manage acquisitions
* Oversee security outside of the NISP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Contractor Responsibility According to NISP

A

Implement NISP requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How many CSAs are there?

A

5

  1. Department of Defense (DoD) - largest with the most classified contracts
  2. Office of the Direction of National Intelligence (ODNI)
  3. Department of Energy (DOE)
  4. Nuclear Regulatory Commission (NRC)
  5. Department of Homeland Security (DHS)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Who is the CSO for DOD?

A

The Defense Counterintelligence and Security Agency DCSA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Where can you find a list of CSOs?

A

On the CSA website.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Defencse Counterintelligence and Security Agency (DCSA) Responsibilites

A
  • DCSA is the CSO for the DoD
  • Provides security guidance, oversight, and policy clarifications
  • Conducts security reviews
  • Oversees:
    Storage of classified information, visit procedures, security awareness and training, Information System (IS) procedures, Personnel Security Clearances (PCLs), Changes in ownership management or foreign involvement, Compliance with reporting requirements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Contractors at their own facility

A

follow all NISPOM procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Contractors at government facilities

A

follow installation SOPs

The SOPs must be more restrictive than the NISPOM and clearly outlined in the contract

Overseen by installation commander and can ask DCSA to assume cognizance

DCSA is not involved in unclassified work if the contractor is performing on a government installation

SAP (Special Access Program) PMs may retain security cognizance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Classified Information System (IS)

A

If this IS is at the contractor site and owned by the contractor then they must follow the NISPOM

Governement owned system at contractor site are governed by the NISPOM

Government owned-system has the security requirements provided by the system owner and should be outline in the contract

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

DSCA - Industrial Security

A
  • Provides oversight
  • Conducts security reviews
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

DCSA Field Office Strcutre

A
  • located around the US
  • Led by a Field Office Chief (FOC)
  • maintained by Industrial Security Representatives (IS Reps)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

DCSA Administration of FCL, PCL, and A&A

A

Facilities Clearances (FCL)
- Processes companies for FCLs
- Issues FCLs
- Monitors companies that hold FCLs

Personnel Clearances (PCL)
- Processes PCLs
- Monitors personnel security eligibility
and access for contractors

Assessment and Authorization
- determinations for contractor information systems to process classified information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

IS Rep

A
  • contractor primary POC for security
  • Works closely with the FSO to provide advice, assistance, and oversight
  • conducts security reviews of the contractors security program
  • Receives changed conditions and suspicious contact reports
  • Receives security violation reports, conducts inquiries, reports security violations to the GCA
  • Coordinate with other entities within DCSA to oversee all aspects of contractor security (international operations, personnel security, counterintelligence’s, authorized information systems, specials programs.
21
Q

ISSP/SCA

A

Works with IS Reps and contractor personnel authorization and maintenance of Information Systems

  • perform classified Information Systems assessments and make recommendations
  • security reviews, evaluate vulnerabilities, identify potential cyber security threats and help develop mitigation strategies
  • respond to security violations involving authorized classified Information Systems
  • Develop and maintain technical proficiency
22
Q

CISA

A

Contractors
- Identify potential threats to US technology
- Develop employee CI awareness/reporting
- assist with foreign travel briefings and debriefings

IS Reps
- provide advice, assistance, and guidance regarding CI best practices
- help conduct security reviews

23
Q

Installation Commander/Agency Head Responsibilities

A
  • servers as CSO for government-controlled and government-leased facilities
  • Oversee installation security
    -review and update installation directives to reflect NISPOM guidance for contractors working on the installation
24
Q

Contractor Facility Roles

A

FSO: Facility Security Officer
- effectively manages the security program
- oversees day to day security program operation

ISSM: Information Security Manager
- Manages classified IS security if applicable

ITPSO: Insider Threat Program Senior Official
- establish and execute an Insider Threat Program

FSO can serve as all three
All 3 roles must be filled in order to serve on a classified contract

25
Q

FSO Responsibilities

A
  • administer and oversee the security program
  • FCL
    -PCL
  • security education, reporting, safeguarding, self-inspections
  • Ensure the program is compliant with
  • NISPOM
    -Contract documentation (DD Form 441 and DD Form 254)
  • Work with DCSA to:
  • Monitor classified ISs, storage, processing, and removal of classified information
  • Maintain classified visit procedures
  • Educate all cleared and non-cleared (recommended) personnel on their security responsibilities
  • Must be US Citizen and have the same clearance as the FCL
26
Q

ISSM Responsibilities

A
  • appointed when there is a contractor owned IS or a government owned IS in a contractor facility
  • works with FSO to make requirements are met
  • implement NISPOM requirements
  • Establish, document, maintain, and monitor classified IS programs and procedures
  • Conduct IS awareness and training
  • Identify and document threats and vulnerabilities
  • Notify CSO of changes
    *Carry out periodic self-inspections
  • Develop facility procedures for
    • Handling media/equipment with classified information
    • incident reporting
    • user acknowledgment of responsibility
    • threat detection
27
Q

ITPSO Responsibilites

A
  • Must be a US Citizen and have clearance the same as the FCL
  • Establish and maintain an Insider Threat Program
    *If a difference individual from the FSO then they must ensure the FSO is a part of the ITP
28
Q

Industry vs Government Roles

A

Industry
- FSO
- ISSM
- ITPSO

Government
- ISSP/SCA
- IS Rep
- CISA

29
Q

The Contracting Process

A

Step 1: The Government identifies a need.
Step 2: The Government Contracting Activity (GCA) defines the initial requirements for the product/service.
Step 3: The GCA defines the acquisition strategy for the contract.
- includes contract deliverables, how those deliverables are defined, and any options
Step 4: The GCA publishes a Request for Proposal (RFP).
- Includes contract form, contract clause, work statements, specifications, delivery schedule, payment terms
Step 5: Contractors respond to the RFP with a written proposal
Step 6: The GCA and the original requestor evaluate the contractors’ proposals
Step 7: The contract is awarded and the contractor conducts the work

30
Q

Classified Contract Details

A
  • Government must verify or sponsor the contractor FCL
    • Initial FCL
    • FCL upgrade
  • GCA must include required contractual security documentation
    • Clause referencing the NISPOM
    • DD Form 254, DoD Contract Security Classification Specification
31
Q

Government Officials Involved in the Contracting Process

A

Contracting Officer (CO)
Contracting Officer’s Representative (COR)

32
Q

Contracting Officer (CO)

A
  • Government employee who has the authority to enter into, administer, and terminate contracts
  • In military it may be called KO
  • may delegate authority to Administrative Contracting Officer (ACO)
  • May delegate termination authority to Termination Contracting Officer (TCO)
33
Q

Contracting Officer’s Representative (COR)

A
  • Government employee designated by the CO
  • Oversee specific contracts
  • For each contract
    • determine the need for classified access
    • verify the FCL
      * initiate sponsorship for an FCL
  • SME
  • communicate security requirements
  • closely monitors contract performance
  • The COR is not authorized to make any commitments or changes to the terms or conditions of the contract, this is the responsibility of the C
    O
34
Q

DD Form 441

A

DoD Security Agreement

35
Q

DD Form 254

A

DoD Contract Security Classification Specification

36
Q

SOW

A

Statement of Work

37
Q

DFARS

A

Defense Federal Acquisition Regulation Supplement (DFARS)

38
Q

FAR

A

Federal Acquisition Regulation (FAR)

39
Q

Contents of an SOW

A

project backgroud
end-product objectives
contract details such as
* project scope, deadlines, and steps
* contractor detials (hours, rates, etc)
* clearance requirements
* travel requirements

40
Q

DD Form 254: DOD Contract Security Classification Specification

A
  • required for all classified contracts
  • contains security requirements and classification guidance
    • security classification guidance
    • specification clearance and access requirements
    • authorization to generate classified information
    • classified storage requirements
    • public disclosure instructions
    • any regulations above and beyond the NISPOM
41
Q

DD Form 441 DoD Security Agreement

A
  • a legally binding contract between the US Government and the contractor
  • must be signed before the contract can begin
  • The contractor agrees to:
    • implement and maintain a NISPOM - compliant security program
    • Determine sub-contractor has appropriate FCL
    • Acknowledge government authority to review the company’s security program
  • The government agrees to
    • process the contractor employees for the appropriate PCL
    • Provide classification guidance and oversight to the contractor
42
Q

FCL Facility’s Clearance

A
  • administrative determination that an entity is eligible to access classified information and lower levels
  • It is the Key Management Personnel (KMP) who must be cleared before an FCL can be granted. Each must have a PCL
  • SMO Senior Mangement Officer
  • FSO
    *ITPSO
43
Q

Obtaining an FCL

A
  • DCSA processes and issues FCLs
  • Reviews facility sponsorship, security agreement, FOCI issues, facility business strcuture/organization
  • ensures KMP are properly cleared
44
Q

Eligibility and Access

A
  • an individual must be eligible before they can access classified information
  • a PCL will be initiated
    • person must have need-to-know
    • SF 312 Classified Information Non-Disclosure Agreement
      *favorable investigation for the clearance level of the information
45
Q

Who makes a determination that an employee needs a PCL?

A

The PM

46
Q

DoD Personnel Security System of Record

A
  1. The PM determines that an employee needs a clearance.
  2. The FSO verifies that they need an clearance.
  3. The employee fills out an SF86
  4. The FSO sends the completed SF86 to DCSA
  5. DCSA review that package to see it’s a legitimate request then sends it to the Investigative Agency
  6. The Investigative Agency compiles the information in the package and send the SF86 back to DCSA
  7. If the determination is favorable DCSA records the eligibility information in the DoD PCL System of Record
  8. The FSO then determines if the employee can access the cleared information
47
Q

Terminating Access

A
  • the FSO removes the employees access from the DoD personnel security system of record
  • debriefs the employee
  • remove names from access rosters and VALs
  • the employee eligibility remains in the DoD PCL System of Record
48
Q

Visit Procedures

A
  • party disclosing clasfied information must confirm:
    *PCL
    • NTK
  • Visitor must supply clearance information via
    • DOD personnel security system of record
      *VAL/VAR
  • short and long-term visitors must follow the host security requirements

FSO Training (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions