The National Industrial Security Program NISPOM is THE guidance for Cleared Defense Contractors (CDC) performing on classified contracts. However, it doesn’t always answer some questions these FSOs might have about protecting classified information. For example, suppose a defense contractor company has a contract requiring the storage of classified information at the SECRET level. Do they need an alarm?
You might recall in earlier articles that I’ve emphasized the importance of finding out what the threats to classified information are to your particular organization. Be aware of NISPOM vs. Best Practices, vs. Risk Assessment before committing resources that may or may not be required. Industry standards and common practices may almost seem like requirements, but can be expensive endeavors if not necessary to implement. To some, it may be unheard of not to have alarms, cameras or access control systems (door magnets and card readers). However, these are not required in NISPOM (except for intrusion detection systems as identified in certain situations and not in all situations).
Prior to travel, a cleared employee should have a good understanding of their responsibilities to protect national security. A Defensive Security Briefing is for those who travel overseas and may be vulnerable to foreign entity recruiting methods. They should be constructed to make the cleared traveler aware of their responsibilities to protect employees, product, customers and those with which they do business. Topics of the defense security briefing should include threat recognition, how to assess and how to respond when approached for recruitment.
The Facility Security Officer’s successful program depends on developing relationships with employees, managers and executives to facilitate execution of company policies and adherence to NISPOM. This includes security awareness training, participation in continuous evaluation, and tracking changes of status, and proactive action toward expired, existing and future classified contracts. An