|
Industrial Security & You: Are You Prepared? -- What About Your Staff? |
Man has been concerned about security since ancient times; the protection of life and property is probably as old as man. From protecting fellow tribes-men from marauding animals to controlling crime and keeping the peace, early societies have been concerned with security. Halibozek, Edward P. and Dr. Gerald L. Kovacich. The Manager's Handbook For Corporate Security: Establishing and Managing A Successful Assets Protection Program. © 2003, Elsevier Science (USA). Page 49.
September and October are usually full of ending contracts and new ones just starting -- have you reviewed your contracts and DD-254s to be sure that all is as it should be?
If you have been as busy as I have been putting out fires, you may not have set aside the time for planning, forecasting, and the normal day-to-day tasks. Too often important items seem to slip through the cracks, especially if we are rushed or overbooked. Take the time to check your security department's pulse.
Are you and your staff prepared for - The new Fiscal Year?
- JPAS Changes?
- The new NISPOM?
- More Educational Opportunities?
- Your Next Security Review?
Stay calm, cool, and collected and you will not lose your focus. |
|
|
Changing Access to JPAS |
Be sure and read the JPAS Acceptance Screen prior to scrolling down, accepting, and logging into JPAS. This particular screen has been changing over the last two months -- to provide insight into the latest timeline and expectations on how DMDC will secure JPAS from unauthorized logins.
DMDC is preparing to rollout several security enhancements to the Joint Personnel Adjudication System (JPAS) over the next several months. These security enhancements will reduce vulnerabilities to unauthorized access while enhancing data protection. Recent security incidents and violations of policies require the quick implementation of these enhancements. DMDC will be implementing a JPAS 'Get-Well' Plan that includes 5 major components:
- Require Public Key Infrastructure (PKI) for JPAS logon
- Improve Auditing
- Identify and Map User Population
- Enhance Data Integrity/Data Quality
- Ensuring Security Compliance
The biggest concern many of you may have is the change to JPAS logon procedures. JPAS will require PKI for logon tentatively scheduled for the mid- to late-2011 timeframe based on the current implementation schedule. As an interim measure, JPAS will be capable of dual logon (i.e., users can logon using either their current username/password or CAC - if already issued a CAC) starting in January 2011. For users who currently have a CAC, there will be no impact; you'll simply insert your CAC into a card reader, enter your PIN and click to login. For users without CACs, you can continue using your username and password for JPAS access. We are currently evaluating several non-CAC PKI options for use later in 2011 and understand that this may result in an impact to current processes for some users. Therefore, over the next several weeks, you'll be receiving additional information to assist in this transition.
A set of Frequently Asked Questions (FAQ) will be available at a later date at http://www.dss.mil/discs/JPAS/docs/DMDC_CAC_Enabling_JPAS.pdf. This document is a living document and will be updated as more information becomes available. |
|
Benefits of On-Demand Support |  Have you considered the benefits of On-Demand Support? Whether it is On-Demand Support for JPAS, for NISPOM Compliance, System Security Plans, or your very own FSO surrogate, On-Demand support is available to you.
Available when you need it -- during the work day, after hours, on weekends, and during holidays -- that is On-Demand Support. Customized to your specific needs and including tidbits that are of particular interest to you and your facility. Do you need part-time support or just on-going access to a subject matter expert? Contracts with negotiable terms and rates are available -- Call (512-650-4819) or email ajsconsulting@earthlink.net to see how I may assist you today. |
|
What is Classified? |
 Have you educated your staff on what classified information is in general? Do they understand their responsibilities and the penalties for distributing classified to unauthorized persons? Are your staff aware that there is a right way to challenge a classification rating and a wrong way?
Classified information is that information owned or developed for or by our government agencies or military branches that has been deemed by its owners (same government agencies or military branches) to require protection as a national secret. There are a few individuals in each agency or military branch (~2500 total) that have been given the responsibility of identifying classified information and why it is classified -- original classifiers documenting their decisions and guidance on Security Classification Guides -- basing their decisions on restrictive categories like the ones detailed in paragraph 1.4 of Executive Order (EO) 13526. This guidance flows down to you and your staff members with the award of a contract for use in derivatively classifying information as needed.
If there is a question on whether something should be classified at a higher or lower level, then it should be forwarded up the chain to the respective originator/owner of the information with the reasons for disputing the level assigned. This is the Right way to challenge a classification -- no information has been disclosed to unauthorized persons, national security has not been harmed, and the right decision can be determined by the owner of the information.
The wrong way of challenging a classification is to access information regardless of whether you have Need-to-Know or not, leaking the information to the press or Wikki-Leaks (like Top Secret-cleared/SCI-indoctrinated Army SPC (35F) Bradley Manning decided to do), or selling the information to interested parties due to mis-placed sense of justice due to a foreign nation.
This is the crux of the issue -- how to protect our nation's secrets (classified information) from those who would willy-nilly give them away (i.e., Jonathan Pollard), sell them to the highest bidder, or even plot to assist our enemies (i.e., Ana Montes).
In the end, it does not matter why we disclose information, it only matters that we agreed not to disclose this information in return for being granted access. Here is an SF 312 Briefing Booklet which discusses the various EOs and legislation referred to and the history of the SF 312. Always remember there is no statute of limitations for treason and being procescuted to the full extent of the laws in the Non-Disclosure Statement (SF 312) can result in either life in prison or the death penalty.
As a matter of national security and employment discipline, it is important that leakers face repercussions for improper disclosure of classified information. -- Senator Sheldon Whitehouse (D-RI)
If I can be of assistance in developing or customizing your security briefings, please do not hesitate to call (512) 650-4819 or email me at ajsconsulting@earthlink.net. |
|
Aware of Recent DSS Postings? |  Best ways to keep up with the latest and greatest information is to network with local and national colleagues at NCMS meetings, local Brown Bags, seminars, and newsletters like this one (Industrial Security & You).
Of course occasionally checking the DSS website (www.dss.mil) and the JPAS Application screen for the latest postings and news is also recommended.
Recent postings include: - (10/15/10) New DSS CI tri-fold brochures available View available training, brochures, and Technology Trends Reports here.
- (10/13/10) e-FOCI Excluded Parent Processing effective as of November 1, 2010 except for companies in process for or operating under FOCI mitigation agreements: Special Security Agreement, Proxy Agreement, or Voting Trust Agreement.
- (10/12/10) 2010 Targeting US Technologies: A Trend Analysis of Reporting from Defense Industry and 2010 Targeting US Technologies: A Trend Analysis of Cyber Reporting from Defense Industry are both available from your local DSS Industrial Security Representative or the Field Counterintelligence Specialist.
- (09/24/10) DSS answers question on applicability of Executive Order 13526, Classified National Information
- (09/22/10) Notification that the Voice of Industry Survey would be deployed on October 4, 2010.
- (09/16/10) DSS notification that Director Kathleen M. Watson is leaving for a private sector position and that Barry E. Sterling is the Acting Director of DSS effective October 10, 2010.
Please do not hesitate to call (512) 650-4819, email, or visit AJ's Consulting's website for more information and resources. |
|
Invest For You & Your Company | |
We are always busy, almost always in demand, our  schedules fill up on their own, but we must make time and schedule training. Scheduling training provides benefits for us as well as our companies. The benefits include --
- Awareness of Changes at DSS, or other Government Agencies
- Acquiring new skills or improving current skills
- Discussions of various viewpoints on dealing with different topics and finding solutions to challenges
- Step by Step knowledge in how to use JPAS, e-FCL, or templates for System Security Plans or Electronic Communication Plans, etc.
- Threat and Defensive Briefings to share with management and staff
- Networking with other Subject Matter Experts which increases our abilities to provide alternative solutions or know where to get advice
- Downtime -- the ability to relax and recuperate, even if we stay connected by phone, email, and laptop and increase our knowledge
So where do we find the training? Local NCMS Chapters like the Gulf Coast NCMS Chapter provide workshops where DSS Reps discuss future trends, current trends, compliance, expectations, and provide briefings. Then there are annual seminars by NCMS, Inc., JSAC, and IOSS. Along with the training offered by DSS and ENROL, there are companies that offer training for security professionals and staff in JPAS & e-QIP, NISPOM Compliance, Personnel Security, and Physical Security among other topics like AJ's Consulting, Kenneth Sudol & Associates, JPW Security Solutions, and others. If you are a subscriber to John Waller's newsletter, you know that I have joined other professionals like Ms. Kathy Dolan, Mr. Rusty Jones, Mr. Ray Semko, and Ms. Diana Thornton in working with John Waller to provide training this next year.
Regardless of where you plan on obtaining your training, remember to schedule it and include it your Fiscal Year (FY) 2011 budget. Investing in training is investing in yourself and your future and provides benefits to both you and your company. |
|
AJ's Consulting's Training Schedule |  Why choose AJ's Consulting's training? My training is hands-on, intensive, and customized for the attendees. Whether the number of attendees is one, two, three, or more, the training focuses on specific challenges facing the attendees and incorporates the compliance expectations of DSS Memos: Procedures Governing the Use of JPAS and General Principles of NISPOM Compliance for Cleared Contractors. |
|
|
Thank you for reading my newsletter and passing it on to others who may benefit. What I do best is assist you with solutions to challenging industrial security challenges. How may I assist you today?
Sincerely,
Ann J. Martick, ISP
AJ's Consulting
|
Best money spent on consulting services in my career.
Current Customer
|
|
|
Very well organized training material. Instructor, knowledge and training techniques were the best I've experienced. I thoroughly appreciate the small class size that allowed personalized training and allowed extra time for specific questions and exercises.
Gail Madriaga
Honolulu, HI |
 |
|
Preparing for a Security Review | |
| |
Tending to your security program even during the busiest times can keep you prepared for your annual security review.
What do I mean by tending? Holding mini-self inspections in addition to the main one mid-year between annual security reviews. Document each time you review or inspect an aspect of your security program. Ensuring that staff retain the main points of your briefings with quizzes, email reminders, articles that illustrate your points, and/or prizes. Reviewing your processes to ensure that you or your staff are not skipping over important steps (like seeing proof of U.S. Citizenship or that briefings touch on the required topics listed in NISPOM 3-106 & 107).
Check in with management and project leads to ensure that there have not been any major changes in ownership, revenue sources, or in security guidance and DD-254s, like changes in the User Agency Point of Contact.
Reread the NISPOM chapter 6 when filling out a paper Visit Authorization Request (VAR) to ensure you are not leaving out one of the specified information points. Even if you fill one out often; you do not want your DSS IS Rep informing you that you are missing a required element.
|
Training was on target and met our needs. [We] learned the info required to perform our jobs as FSO.
Timothy Pullen
San Antonio, TX |
|
Newsletter Sponsors | |
|
|
Ann was very knowledgeable not only in JPAS, but also DISCO information and Reg's, etc. She conducts the training in a clear & concise manner.
Elizabeth Marcotte
Little Rock, AR |
Thank you for your time and expertise during our conference call last Friday. Your support on the JPAS is truly amazing. Your support of our profession is a great example.
Thom Holt
FairWinds
Human Resource Solutions, LLC |
|
Acronyms | |
| |
Without definition all acronyms are meaningless.
AIARG -- Austin Information Awareness Resource Group (ISSM Brown Bag)
CAF -- Central Adjudication Facility (Navy, Army, Air Force, Marines, DSS, etc.) CSO -- Cognizant Security Office (DSS, Navy, Army, Air Force, Marines, etc.) CT-G2ASP -- Central Texas Greater Austin Area Security Professionals (FSO Brown Bag) DCII -- Defense Center Investigations Index
DEERS -- Defense Enrollment Eligibility Reporting System DHS -- Department of Homeland Security DISCO -- Defense Security Clearance Office
DMDC -- Defense Manpower Data Center
DOHA -- Department of Hearings and Appeals DSS -- Defense Security Service
EO -- Executive Order of the President of the United States.
FCL -- Facility Security Clearance Level FSO -- Facility Security Officer
e-QIP -- Electronic Questionnaire for Investigations Processing ENROL -- Electronic Network Registration and On-Line Learning
ISFD -- Industrial Security Facility Database
ISP -- Industrial Security Professional (certification) IS Reps -- Industrial Security Representatives of DSS
ISL -- Industrial Security Letter
ISSM -- Information System Security Manager
ISSO -- Information System Security Officer
JAMS -- Joint Adjudication Management System
JCAVS -- Joint Clearance and Access Verification System
JPAS -- Joint Personnel Adjudication System
NTK -- Need-To-Know
OPM -- Office of Personnel Management (contractor for many CAFs)
SIOP -- Single Integrated Operational Plan
VAR -- Visit Authorization Request Acronym(s) not listed? Contact Ann Martick and she may be able to identify and/or add your contributions to the list above. |
|
|
|
