|
Latest JPAS Requirements |
 Have you viewed your Security Management Office (SMO) data recently in JPAS? Do you know if it is up-to-date? If it requires updating, do it soon. In one of the most recent Industrial Security Newsletters (ISL 2010-01) there is a requirement for JPAS Account Managers to update the SMO to reflect the latest information regarding the facility. It even specifies that the email field is for emails only.
In the same ISL, we are informed that the release of JPAS records are restricted by the Privacy Act and only authorized by the appropriate Privacy Act Authority. Do not share screen prints or reports without authorization.
Back in June 2009, the JPAS Account Manager Policy was reissued. Some of the revisions included requirements for the Primary Account Manager to keep updated lists of Account Managers and Users and to ensure that access to JPAS remained only for those users and Account Managers who were currently assigned those duties.
It has also been reported that there are still JPAS Account Managers and Users who have not taken the Personally Identifiable Information (PII) training. This 45-minute training is available on ENROL and is required for any user of government computers or application. JPAS is a government application.
Require more information regarding JPAS requirements? Register for a Got JPAS Access -- Now What? webinar or for either the JPAS & e-QIP Immersion training or the JPAS & e-QIP Proficiency & Troubleshooting training. If you would like On-Demand JPAS Support, please email ajsconsulting@earthlink.net for more information. |
|
Cooperation with Federal Representatives |
The FSO or SSO is tasked (NISPOM § 1-204 & ISL 2010-01) with facilitating relationships with the  Cognizant Security Agency's (CSA) Representative. For DoD that includes the Defense Security Services' (DSS) Industrial Security (IS) Representative as well as your sponsoring agency's security representative. Facilitating includes cooperating with investigators and other federal agency representatives that visit.
The Office of Personnel Management (OPM) is usually the designated contractor for investigations. While this organization is a contractor for the government, the investigator's task is to interview you, other staff members, but especially the person submitted for a clearance investigation. Cooperation is as simple as providing a room where the interviews can be held in private.
DSS' task includes reviewing your security program and ensuring that the client's information and assets are protected according to the NISPOM, other federal regulations, and contractual classification guidelines. Their goal, as is yours and your organization's, is to protect national security and enable contracted services to be provided.
Teaming with the security representatives is beneficial to your security program in many ways. The representatives facilitate specialized visit requests, provide briefings for foreign travel or on specialized topics, keep you informed regarding future regulations or changes in interpretations as well as what they may be auditing on your next security review, and assist you with developing protection plans that will enable co-workers to fulfill the tasks assigned with minimal obstacles.
Wondering what kind of training is required or what additional training might be beneficial? Ask your security representative. Your IS Representative will point you toward Enrol and may have a list of suggestions beyond the required training. More specific additional training in the areas of physical, information, and personnel security might be offered by your sponsoring agency, so check with your cognizant security representative.
Make time to network at NCMS, ASIS International, or government sponsored meetings and seminars with your security representatives. Socializing and networking can lead to mutual understanding and facilitate better relationships with your security representatives and your peers.
|
|
Moving Beyond Personnel Security |
Have you been asked what is the next step? Or are you noticing a tendency in the proposals to lead to accessing data from your current facility as well as offsite? Has it reached the point that if the business is going to grow and prosper that your facility's security needs must get more complicated? Welcome to the club!
How do you start? It all begins with the DD-254. Does your DD-254 state that you need safeguarding at a certain level? This would be in the top right hand corner -- right underneath the required Facility Security Clearance. Without a requirement for safeguarding, you will be stuck.
Then you would look in boxes 10 and 11 for more details like if you will be accessing information requiring special handling like Restricted Data (RD), Formerly Restricted Data (FRD) or NATO. You can also discover there if you will be only receiving and storing or if you might also be generating. This is also the section where the client indicates if you need access to Communications Security (COMSEC) or the Defense Courier Service.
Box 12 on the 2nd side of the DD-254 tells you if there are Public Release requirements you need to meet or where you would get authorization for any public releases related to the contract.
Box 13 on the 2nd side of the DD-254 tells you of any special security requirements that may or may not be spelled out in the contract. This is where you usually will find handling guidance for unclassified or FOUO information.
The NCMS website's member resources have presentations and guidance on filling out DD-254s, either as suggested guidelines for your customer, or if you need to fill one out for your subcontractor.
Tune in next month for more steps Beyond Personnel Security.... |
