AJ's Consulting

* Industrial Security * Marketing * Training *

Industrial Security & You
Are You Still In Compliance?
August 2008
Greetings!
 
Is your security program ready for your Security Review?  Have you crossed all the t's and dotted all of the i's?  Are you aware of the additional policy memorandums posted on the Defense Security Service's website?
 
If you are unsure, do not hesitate to reach out to local security professionals to assist in an overview or asking for pointers regarding common findings resulting in reviews with ratings of "Satisfactory" or lower.  That is what local NCMS Chapters and local Brown Bags are there for -- to assist, commiserate, and educate.  Isolation can result in quicker burn out.
 [Y]our class was the best thing this office could have done to get their security up and running.
Eugene Turner
Huntsville, AL
Our Focus This Month
Understanding Compliance Expectations
Where's George?
JPAS Tips & Techniques
Compliance & Beyond
Ann was very knowledgeable not only in JPAS, but also DISCO information and Reg's, etc.  She conducts the training in a clear & concise manner.
Elizabeth Marcotte
Little Rock, AR
Understanding Compliance Expectations
What do we as Facility Security Officers (FSOs), Special
ReviewerSecurity Officers (SSOs), and alternate security professionals have to comply with and why? 
 
The most basic requirement to comply with is either the current National Industrial Security Program Operating Manual (NISPOM) or a specific version and the corresponding Industrial Security Letters (ISLs). and any other regulations or policy memorandums mentioned in the contract including Director of Central Intelligence Directives (DCIDs) or Intelligence Community Directives (ICDs).
 
Have you noticed that your Industrial Security Representative quotes the NISPOM section and or ISL item number when requesting an action or documentation?  You as FSO or SSO should be just a familiar with the NISPOM and ISLs as your representative.  It comes in handy when you are asked "why must we do this?"  It also shows your representative that you are aware of your compliance requirements and may even result in high marks on your security review.
 
Are you familiar with the the following DSS Memorandums posted on the DSS website?  How do they affect your security program's operations?

 We security professionals must work within the framework of these security rules and regulations to effectively and efficiently serve both our facility and the customer.  This work is complex and demanding, often requiring quick decisions and rapid implementation of new policies.  Security issues are an important and integral part of this challenging process.
 
One advantage is that the NISPOM is a guide, allowing contractors to tailor specific company policies to implement compliance (sometimes with input from their COSR).  Defense Security Service (DSS) is the usual administrator of Industrial Security oversight through their Industrial Security Representative(s).  
 
DSS Representatives are available to advise on security questions, but you, the contractor's representative, remain obligated to comply with the NISPOM and any other regulations specified in your contracts.

 One way to stay up-to-date on compliance expectations is to attend training sessions like AJ's FSO & SSO Personnel Security Administration or chapter webinars like Understanding NSIPOM Compliance. 
 
Sign up for training or chapter webinars now or update your subscriber profile to indicate your interest in webinars or other training. 
 Training was on target and met our needs.  [We] learned the info required to perform our jobs as FSO.
Timothy Pullen
San Antonio, TX
Where's George? 
by John Hille, ISP 

Hope everyone is staying cool during this hot August.  It is also that time of the year to think about your annual security refresher training for employees.  Don't procrastinate -- you know how time slips away - isn't there a song like that "slip sliding away" - never mind I won't go there.
 
NISPOM (3-107) Security Training and Briefings.

 Two objectives:
  1. Comply with the NISPOM and 
  2. Employee awareness/education of security issues. 

Feel free to modify the contents to fit your facility operations.  Remember to keep records of the training and education you provide your employees.
 
Where's George? 

OK all you college grads, remember back when you took Statistics? Oh, why did I bring that up? What a nightmare class, especially if you were not too great at math. Well I have a friend who is involved in the "Where's George" project. This worldwide Internet tracking project takes one dollar bills and records their serial numbers and tracks all the places they show up. Amazing results. In a 72 hour period a single dollar bill can go from a Florida ski shop to Washing DC to Hollywood, CA. Researchers are using the project to track how fast flu epidemics and other civil / social problems could spread. The Defense Security Services (DSS) uses the same type of analytical study to produce their Technology Collection Trends* publication for assisting U.S. cleared defense contractors in identifying and reporting foreign collection attempts. Their goal is to provide collection trends to enhance threat awareness and protect U.S. technology from foreign entities.
 
In order to accomplish their goal, contractors are asked to do two things. First, to report suspicious contacts and second they are encouraged to conduct security education, training and awareness at their facilities. This monthly newsletter article [can be] part of [y]our education program.
 
Foreign entities target defense contractors because we research, develop and manufacture advanced dual-use (commercial & military) technologies and products. Collection trends such as Requests for Information (34%) - Acquisitions (32%) - Solicitations' (9%) - Foreign Visits (4%) - Conventions, Expositions, Seminars and many others on the list are reported throughout the booklet that the Counterintelligence office of DSS compiles annually.
 
They demonstrate in graphic charts and pictures, Methods of Operation, Technology systems targeted, Activities by Region worldwide, suspicious Internet Activity and Targeting of U.S. Personnel Abroad. They also site recent cases and give real examples of whom, where and when. Statistical analysis of real espionage right here in our own backyard.
 
The Trends magazine is available for all employees at the security office and if you haven't seen one I would encourage you to pick one up. Properly trained, security conscious employees are the best defense against foreign collection. And, yes it is important for you to report any suspicious activities, after all, they are working on next year's report. 
 
* The Technology Collection Trends linked to above is from 2006 -- published in 2007.  We should be either receiving copies or be able to download a copy of the trends for 2007-2008 soon -- per a report received at the JSAC Seminar in Dallas, TX.
 Tailored the training to the areas I needed and provided me with updated Information.  Awesome continuity book!  Thanks for the great class!
Erin O'Connor
Peterson AFB, CO
JPAS Tips & Techniques
 
Please send your questions or tips and techniques you wish to share to ajsconsulting@earthlink.net.
 
Q:  What is the difference between the Reports "Personnel" and "PSM Net Personnel?"  
 
A: While logged in as a User, look over at the menu on the Left of the screen.  Select "Reports" and see a breakdown of reports that can be very useful.  Once you have filled in the forms to generate the reports, you are able to print the reports, save them as PDF files, and/or save them as Microsoft Excel files.
 
Difference between "Personnel" and "PSM Net Personnel" reports:
  •  The Personnel report is really -- "Personnel by Eligibility and Access Report" and therefore the information provided can assist you in determining if there is an individual whose data is not updated or validated properly.  If an individual shows an eligibility but does not show access granted, then that individual should be "indoctrinated."
  • The PSM Net Personnel report is basically a printout of your PSM Net with date of birth and place of birth included.
For more tips & techniques, to refresh your JPAS knowledge, or to learn how to effectively use JPAS, register now for either JPAS & e-QIP Immersion or JPAS & e-QIP Proficiency & Troubleshooting
 
For more information on delegating JPAS maintenance actions please call (512) 650-4819.
[FSO] class was outstanding - Very good for new FSO's.  Would highly recommend.  The instructor was very knowledgeable and answered all my questions - made the class.
Kevin Cloud
Austin, TX
Compliance & Beyond
 
Security On My MindCompliance with the NISPOM, ISLs, and contractual regulations is usually verified by visits from either your DSS Industrial Security Representative or your client's Cognizant Security Office Representative (COSR) or both.  Defense Security Services has provided a memo advising us of the principles we can expect our reviewers to apply -- General Principles of NISPOM Compliance for Cleared Contractors -- as well as a 2006 Self Inspection Guide.  These two documents along with the NISPOM and ISLs (especially ISL 2006-02) can assist us in meeting the minimum requirements.
 
ISL 2006-02 Item # 2 Defines the rating scale and gives some information on how the DSS Industrial Security Representatives decide on the rating.  Compliance with the NISPOM, ISLs, and contractual security requirements will most likely garner a Satisfactory."  To achieve a "Commendable" it is best to document your effective security program, training, management support, and how your program or you as FSO exceed the basic requirements with no serious findings.  Achieving a "Superior" rating requires a well documented and consistent superior security program, sustained high involvement of management, a heightened security awareness among the facility's staff, and evidence of the company or FSO fostering "a spirit of cooperation among the security community." 
 
Be aware of your local Industrial Security Representatives' findings and ensure that you avoid these issues.  Some examples of findings might include:
  • Performing the self-inspection just prior to their scheduled Security Review
    • NISPOM 1-206 b states the self-inspection should be done at an interval consistent with risk management principles like annually, semi-annually, or when there has been a change in security personnel, etc.
    • Not performing a self-inspection or performing it just prior to the Security Review is considered bad form, unless a valid reason can be provided.
  • Security Education (or briefings) do not include detail on Adverse Information and how or why to report Suspicious Contacts
    • NISPOM 1-205 & 3-106 thru 108 describe the information that should be given and training all cleared staff should receive
    • It is also a good idea to have an unclassified briefing for your uncleared staff -- in case they should run across something classified
    • Documentation of what your training & briefings cover can compensate for the interviewed employees not remembering what they were briefed on.

One way to be more aware of your local Industrial Security Representatives' findings or findings in general is to attend local NCMS chapter meetings.  Another way is to network with other local FSOs and security professionals.  Then there is always attending training such as AJ's Consulting provides.

Send an email requesting a copy of 20 Responsibilities of Cleared Individuals and/or a Sample Initial Briefing Outline/Checklist and I will send them to you by return email ready for your customization.  Good Luck!
The class was excellent.  The small group size was very conducive to learning and the ability to practice with our own data made the session practical.
Michelle Stalder
Charlotte, NC
Thank you for reading my newsletter.  If you know of someone who could benefit from the information shared, please pass it on.  If you have a topic suggestion, or a how-to-question, please submit it to ajsconsulting@earthlink.net.
 
What I do best is assist you with solutions to difficult industrial security challenges.  How may I assist you today?
 
Sincerely,
 

Ann J. Martick, ISP
AJ's Consulting
 
P.S.  Feel free to send an email requesting a customizable sample DoD Initial Briefing Outline and a customizable handout of 20 Responsibilities of Cleared Individuals
What I Do Best
Consulting
AJ's Consulting
17+ years experience in the Industrial Security arena.
  • On-Demand JPAS & e-QIP Support
  • On-Demand FSO Surrogate Support
  • Industrial Security Training
    • JPAS & e-QIP Immersion
    • JPAS & e-QIP Proficiency & Troubleshooting
    • FSO/SSO Personnel Security Administration
  • Marketing
    • Internal Newsletters
    • External Newsletters

Call: (512) 650-4819 or email ajsconsulting@earthlink.net for a solution to your industrial security challenges.

Quick Links
Join Our Mailing List
Security Resources
Networking Opportunities 
Remember it is always who you know...
NCMS LoneStar Chapter
August 13, 2008
11:45-1:00 PM
Signature Science, LLC
 8329 North MOPAC Expressway
Austin, TX 78759 
Lunch: $15.00
Cash or check only 
NCMS Alamo Chapter
 August 14, 2008
11:45-1:15 PM
Dave & Busters
San Antonio, TX 
Austin FSO BB
  
3rd Wednesday Monthly
11:00-12:30 PM
1205 Sam Bass Road
Round Rock, TX 
For more information
contact: Bob Morgan
Join Our Mailing List
Specialists Available
Looking for Contract Support?
Contact:  Tami Lahav
512-338-1945 ext. 113
Looking for FSO Support?
Contact: Ann J. Martick
512-650-4819 
Looking for JPAS &
e-QIP Support?
Contact: Ann J. Martick
512-650-4819 
Products & Services
for Purchase 
Awareness Presentations, Training Sessions, & Webinars
To Be Aware
5 Threat Awareness & Defensive Security Presentations (w/ handouts) on 1 CD for $75 (a $100 Value)
Buy Now 
 
JPAS & e-QIP Proficiency & Troubleshooting
(1/2 Day Session)

Monday, August 18th
(12:30-4:30 PM)
Buy Now 
Got JPAS Access Now What?
Sign up now to receive an invite to a 45 minute JPAS Webinar!
 
Update your subscriber profile to indicate an interest in webinars