Transcript Basics-NISPOM Chapter 1 July 2013

NISPOM Chapter 1 Basics
General Requirements
Reporting Responsibilities
Steven Rivera, FSO
July 10, 2013
Need-to-Know Basics
NISPOM Chapter 1
• Facility Security Officer (FSO) (NISPOM 1-201)
– Protection of classified information
• Standard Practice Procedures (NISPOM 1-202)
– Highly recommended
– Tailored to local requirements
• Standard template available FISWG site
• Security Training and Briefings (NISPOM 1-205)
– Advising all cleared employees
• Chapter 3
Energy | Environment | National Security | Health | Critical Infrastructure
Need-to-Know Basics
NISPOM Chapter 1
• Government Reviews (NISPOM 1-206a)
– Every 12 to 24 months
• Contractor Reviews (NISPOM 1-206b)
• Self-inspections
• Defense Hotline (NISPOM 1-207)
The Pentagon
Washington, DC 20301-1900
Energy | Environment | National Security | Health | Critical Infrastructure
Reporting Requirements
•
Reporting events that have an impact (NISPOM 1-300)
–
Facility Clearance
– Personnel Security Clearance
– Safeguarding
• Lost or compromised classified information
•
NOTE: Consideration will need to be taken based on report sensitivity or level
•
Reports submitted to the FBI (NISPOM 1-301)
–
Actual, probable, or possible espionage, sabotage, terrorism, or subversive
activities
• Reporting Requirements for Cyber Intrusions (ISL 2013-05) ISL 2010-02 cancelled
» Activities, anomalies, or intrusions that are suspicious and may constitute a threat to the protection of
classified information, information systems, or programs that are covered by the NISPOM
» Hacking, phishing, malware
Energy | Environment | National Security | Health | Critical Infrastructure
Reporting Requirements to the CSA
(NISPOM 1-302)
• Adverse Information
• Suspicious Contacts
• Change in Cleared Employee
Status
• Citizenship by Naturalization
• Employees desiring not to
perform on Classified Work
• Change conditions affecting
the Facility Clearance
–
e-FCL update required (mandatory)
• Change in Storage Capability
• Inability to Safeguard Classified
Material
• Security Equipment
Vulnerabilities
• Unauthorized Receipt of
Classified Material
• Employee Information in
Compromise Cases
• Disposition of Classified Material
Terminated From Accountability
• Foreign Classified Contracts
Energy | Environment | National Security | Health | Critical Infrastructure
Adverse Information
ISL 2011-04
Adverse Information - “Any information that adversely reflects on the integrity or
character of a cleared employee, that suggests that his or her ability to
safeguard classified information may be impaired, or that his or her access to
classified information clearly may not be in the interest of national security.”
• Examples of adverse information:
•
•
•
•
•
•
Security violation culpability
Use of illegal drugs/Excessive use of alcohol
Financial difficulties (excessive/recurring)
Serious mental or emotional problems
Criminal behavior
Overt loyalty to other countries other than the U.S.
Energy | Environment | National Security | Health | Critical Infrastructure
Reporting Requirements
•
Reports of Loss, Compromise, or Suspected Compromise (NISPOM 1-303)
–
Preliminary Administrative Inquiry
• Who? What? Where? When? Why? How?
–
Initial Report
• TS (within 24 hours)
• S (within 72 hours)
–
Final Report
• Submitted to DSS within 15 days
•
Individual Culpability Reports (NISPOM 1-304)
–
Coordinate with DSS
• The violation involved a deliberate disregard of security requirements
• The violation involved gross negligence in the handling of classified material
• The violation involved was not deliberate in nature but involves a pattern of negligence or
carelessness
•
Reference Information Posted
–
FISWG March 2012 & December 2012
Energy | Environment | National Security | Health | Critical Infrastructure
Summary
Questions?
8
Energy | Environment | National Security | Health | Critical Infrastructure
© 2008 Science Applications International Corporation. All rights reserved. SAIC and the SAIC logo are registered trademarks of Science Applications International Corporation in the U.S. and/or other countries.