“We were fantastic this year.” – Leonardo DiEffesso

Looking Back

Hopefully, as you scroll through the photo gallery on your smart phone you see great memories of 2017 such as family vacations, birthday gatherings, festive events (Star Wars Movie!! Look at Bob in the sombrero!, etc.), and even that weird thing you cooked which looked sketchy but tasted delicious. You may realize that you have paid more than your fair share of tourism funds to the city of Orlando (Harry Potter!!) but in reflection, you can say “this has been a good year.”

Please selfie responsibly.

…Same Goes for your Security Year

What FSO PRO tries to offer our subscribers, members, and clients are ways to build a successful, NISPOMCompliant Program with a series of small security practices performed consistently each month and year so FSO Superheroes can look back and say “this has been a good year.”

How’d you do?

While all government offices are resembling the Ghosts of Christmas past, present, and future (‘cuz no one is there – get it?) let’s take a moment to take stock over what was achieved for your organization.

This should be a great exercise. It will either tell you that you are doing fantastic or identify areas where you want to “take it up a notch” in 2018. If it stresses you out, enjoy some holiday chocolate while completing it and use that sugar buzz to plan for next year! Have you …

DSS hit the DELAY button. And it’s OK!

• Completed all FSO Courses within one-year of beginning FSO Work? (NISPOM 3-102)
  (Newly appointed FSOS only – but it is a good idea to review some.)
• Completed a formal Self-Inspection (NISPOM 1-206b) and updated eFCL?
• Updated the Consultant List (NISPOM 2-212) with active Independent Contractors?
• Reviewed DD254s for compliance and correctness? (NISPOM 4-101, 4-103, 4-104)
  Obtained a copy of the new DD254 for future use or modifications?
• Completed all prep-work for Security Vulnerability Assessment? (NISPOM 1-206a2)
• Received NATO Briefings if required? (NISPOM 10-706)
• Administered the Insider Threat Briefing (NISPOM Conforming Change 2) to cleared personnel?
• Established good communication with your Insider Threat “working group” (IT, HR & Finance) to report any indicators of an Insider Threat at your organization?
• Updated badge information and perm cert visit requests in JPAS for other agencies or installations? (This is usually Contract-Related.)
• Created an Annual Training Calendar based on Contract SOW and Best Practices? (NISPOM 3-106, 107, 108)
• Enrolled for a NISS Account through the DSS Portal?

One question I hope isn’t asked: Can you think of a funny caption for a self-test? Because that answer is clearly ‘no.’

So Far, So Good? Great! Let’s take it a bit further…

Have you, on a monthly basis, completed the following:

• Logged into JPAS? (DMDC JPAS Policy 4.1)
• Run Periodic Reports in JPAS? (“FSO Notification of PCL Validation”
  NISPOM 2-200a and 2-200d)

(This also works quarterly or semi-annually for smaller staff!)

• Initiated Periodic Re-investigations as needed? (NISPOM 2-201d)
• Run Personnel Report in JPAS? (“FSO Notification of PCL Validation”
  NISPOM 2-200a and 2-200d)
• Checked visitor requests to ensure if they need to be extended or if
  personnel need to be added/removed? (“FSO Notification of PCL
  Validation” NISPOM 2-200a and 2-200d)
• Removed/Added personnel and access as needed from all system
  of record (JPAS, ACCS, other)? (NISPOM 2-105)
• Updated security metrics for proposals/DSS review?
• Distributed Threat Awareness: newsletters, alerts? (NISPOM 3-
  106)
• Conducted any monthly training that is on the annual calendar?
  (NISPOM 3-106, 107, 108)

If you have done all these so far, you can wear a ‘smug mug’ on your face. Like this one.

Superheroes with Donuts. The true essence of an excellent FSO. And occasionally brownies.

The Extra Credit!

AKA: “NISP Enhancements” – Not required – but can lead to higher audit ratings if there is an impact to your security program. Here are a few ideas:

• Join and attend NCMS, Infragard or ASIS events; sit on committees, hold posi
  tions, etc. 
• Conduct Personnel Training Audits. 
• Host internal security events: Red Dart Briefing, Security Awareness Week.
• Take additional FSO Courses: COMSEC, Certifications, Brown Bag Training, WebEx’s.
• Share alerts and information with other cleared companies (save the
  email).
• Create/update an SPP for off-site personnel.
• Create a strong counter-intelligence program: guest speaker, SCR Training, distribute the Collection Report.
• Host an annual Defensive Travel event.
• Create a physical security SPP for your organization.
• Run penetration test on Information Systems, check cyber-activity, create user
  guidance for your employees.
• Have all cleared personnel provide a required self-report on the 13 adjudicative
  guidelines.

As we learn of great ideas, we will share them with our FSO Superheroes!

Some of you may be saying—This is nice, but there a jazzier way to see how we are doing?

Well, yes – FSO PRO has created a “Survey” in Survey Monkey in which you can answer these questions and have a snazzy report card completed just in time to give to your boss before holiday bonuses are handed out!

If you are comfortable answering these yes/no questions in Survey Monkey, this guy can send you the link.

Awards! Well, not yet but as we grow – we plan to distinguish many of you with annual awards. Stay tuned!

We have a questionnaire that we can provide for “Self-Attestation” if you would like to review it and modify it for your organizations!

Should auld acquaintance be forgot … Let’s not leave out your cleared personnel!

If you did, you sicken me.

Remember those 13 Adjudicative Guidelines?

FSO PRO is preparing to sell the “Ultimate FSO Planner” this December. However, if you are a member of our “FSO PRO” club, you will get monthly planner printables for FREE.

This should be handled with care – talk to your HR Department to confirm the correct wording, but it is important to remember that holding a clearance is a FEDERAL privilege and offering personnel the opportunity to self-report is important to National Security and your organization’s Insider Threat program.

We have a questionnaire that we can provide for “Self-Attestation” if you would like to review it and modify it for your organization. Again- this is the guy you want to ask!

Get Ready to Plan your Best Year Yet!

FSO PRO is preparing to sell the “Ultimate FSO Planner” this December. However, if you are a member of our “FSO PRO” club, you will get monthly planner printables for FREE.

Also with the members club:

• Company newsletter for your team.
• Free worksheets, checklists, and planner items.
• Announcements and text alerts.
• Audios of key NISPOM items to review conveniently.
• Contests with Prizes for FSOs.

To join the “FSO Superhero” club go to: https://thefsopro.comshop/

Need more explanation or assistance with any items mentioned this month?
Contact FSO PRO!

Thank You from our Team to all the FSO SuperHeroes for an Amazing 2017!

FSO PRO started the “FSO Success” newsletter a little over a year ago with a handful of subscribers – since then, we have grown by over 40 times that amount! (not an exaggeration) We are a small and niche community, but VITAL to our nation’s security and we appreciate every single one.

We have learned that there are a LOT of small business FSOs out there who want ideas for a successful program!

We also wanted to take a moment and let you know how much we appreciate you. Your feedback helps us create products and your ideas help us stay on the front edge of the industry.

To say thanks, we want to send you the “One Page – 2018 Security Planner Checklist” to help you plan a great Security year. Just ask and we will send it to you!

We have had an amazing year with you and hope you enjoy your holidays and time with family and friends. We look forward to an excellent 2018 with you all. Have a wonderful holiday and please contact us anytime with ideas or just to say hello. Or to tell us your thoughts on the new Star Wars movie – we are always up for talking about that!