Does management understand their responsibilities and yours as specified in the NISPOM and Industrial Security Letters (ISLs)?  How can they support you and assist in promoting your security program with out understanding?

• DD-Form 441 -- Security Agreement between your company and DSS specifies that you will follow the NISPOM and ISLs.
• Name change or Address change must be reported
• Organization change must be reported
• DD-254 -- Contract Specification Form which spells out security guidelines and indicates the level of access the contract will require you or your company to have
• Indicates level of Facility Clearance Required by your company
• Indicates whether you will have Safeguarding or not
• Indicates what accesses you will need -- i.e., NATO, FGI, SCI, non-SCI, etc.
• Indicates whether you will be generating classified and need an accredited information system for processing
• Indicates who will be the Cognizant Security Office (CSO) -- DSS or other government agency
• Facility Security Officer (FSO) -- must be an employee
• Must complete DSS Approved Training within 1 year of appointment (New Online Curriculum for Facility Security Officers)
• Must be listed as Key Management Personnel (KMP)
• Provides oversight of all aspects of security program under DSS' cognizance.
• Liaisons between company and government security representatives
• Information System Security Manager (ISSM) -- must be an employee
• Required for all accredited classified information systems
• Must be trained in the complexities of the accredited classified information system
• Preferably not the same person as the FSO
• Key Management Personnel changes must be reported
• New management structure
• Change in KMP personnel
• Exclusion of KMP personnel
• SF 328 -- Certificate Pertaining to Foreign Influence and Ownership must be kept up-to-date
• Foreign influence or ownership may require specific policies or actions by management
• NISPOM Chapter 2 Section 3
• Protection of sensitive, but unclassified information or Critical Unclassified Information (CUI) may soon fall under DSS' cognizance.
• Cooperate with all government agencies & representatives
• sending a report to another government agency -- be sure and cc your DSS ISR
• send any suspicious contact reports to DSS
• send any reports of intrusions into your company networks to DSS
• Complete surveys sent out by DSS
• PSI Survey -- asking for number of investigations and types you will be requesting over the next 3 years
• Cost Survey -- asking for an estimate in the costs of complying with the NISPOM

When management is knowledgeable about the requirements they and you have, they will contribute to your security program and you can better document management support of your security program.  Your security program will also better support the mission of your company, because you will be able to provide assistance rather than roadblocks to profitability.

If I can be of assistance in developing or customizing your security briefings, please do not hesitate to call (512) 650-4819 or email me at ajsconsulting@earthlink.net. 

 Why choose AJ's Consulting's training?  My training is hands-on, intensive, and customized for the attendees.  Whether the number of attendees is one, two, three, or more, the training focuses on specific challenges facing the attendees and incorporates the compliance expectations of DSS Memos: Procedures Governing the Use of JPAS and General Principles of NISPOM Compliance for Cleared Contractors. 

Combined FSO & Personnel Security Administration & JPAS & e-QIP Immersion Training Special 

 2 Days of Training now available for $1,000*

Note: Ann J. Martick, ISP has joined JPW Security Solutions' team as an instructor.  Check out the scheduled training here.