By now, you have all (hopefully) completed your NISS PSI Survey and can check another annual compliance item off your list, just in time for some new stuff!
- DISS released a new update to the reports. Records that had “Other” or “Deferred” will now be reflected as “Enrolled”. But double check that to be sure!
- DCSA is in the process of designing a new, updated, public-facing website (DCSA.mil) and expects to launch the new website on April 26, 2023.
- CDSE recently released a new insider threat case study: Robert Gilbeau – this case study involves the crime of bribery and fraud.
- REGISTER FOR 2023 VDSCI – Registration is now open for the 2023 Virtual DCSA Security Conference for Industry (VDSCI) on April 26 and 27, 2023! This will feature topics such as NISP 101, Facility Clearance Process, How to Run an Effective Self-Inspection Process, Cyber Hygiene, Personnel Security and more! To register, visit 2023 Virtual DCSA Security Conference for Industry.
TIPS for FSOs!
We provide a LOT of resources to our FSO PRO Members to help with the transitions and new requirements, but that doesn’t mean we do not have good tips for every- one. Based on our meetings with DCSA, here are some of the actions we recommend:
Keep this handy!
Phone: The Applicant Knowledge Center: 724-738-5090.
While on hold with the government, it’s a good time to do your annual clean up for your security records. Such as? Glad you asked!
Make sure your Facility Information is current in NISS. In addition to the PSI Survey, the government is sending instructions to check your Facility Profile in NISS and request changes. This is as good a time as any to do that! You have to be in there anyway for the survey. Make sure you update:
- DD254 List
- Contact information for your KMPs
- Numbers of cleared and uncleared personnel.
Audit personnel files:
a) Training Records
You know when you send out the Annual Refresher of the Insider Threat training and everyone responds im- mediately and gets it done? Yeah, we don’t either.
The problem is, after a few “courtesy reminders” it is easy to move on with life and forget that there a few slackers training acknowledgements that are still due. Training acknowledgements are very important, so now is a good time to find out if anyone is still pending and bring down the hammer follow up to get it done.
A LOT of organizations do their annual performance reviews in the Spring. If you are having trouble getting employees to complete the government-required training promptly, you can use this as a recourse action to make it more important to the employee. Or, better yet, (because who likes to be the bad guy?) give kudos to quick responders for a nice bump to their performance reviews.
CFR 117 prohibits the keeping of SF86s of clearance candidates after they have received the final adjudication. While you are auditing the personnel files, make sure you delete or shred any SF86s. Note: This will be VITAL if/when the government switches to eAPP!
c) Report gaps
This is a good time to review and update your “Insider Threat” plan and make sure you have an active work- ing group: IT, Finance, and HR, to see if there are any indicators for Insider Threats. Are you noticing that you are low on self reporting? Maybe it is time to plan a reminder for personnel.
d) Old records
Do you need to keep training records/spreadsheets
from 2002? DCSA typically looks at records from one Security Review to the next. If you have all your infor- mation electronically, move it to an archive folder or delete it. If you have hard copies, a shredder works fine.
e) Master List
Finally, list everything you need to do regarding your security program and start prioritizing items before the year gets away from you.
Experts tell us to pick the top three from that list and focus on those immediately until they are completed. Our favorite subject matter ex- pert (SME) calls this “Worst First”.
Yes, the SME here is our Mom, but she is pretty right most of the time. She also recommends that we take probiotics, eat our vegetables, hide a scoop of collagen in our coffee, spray fresh produce with vinegar, and pray daily.
We are not arguing with any of that!
If you have “possessing” facilities remember: during periods of system inactivity (e.g. hibernation) or when a facility plans to stop work for an extended period of time (e.g. virus shutdowns), an audit variance may be authorized. When requesting an audit variance, Industry must have a SPP that specifies how the system will be protected in a dormant state. The SPP will include a process for protecting the system through the use of physical security controls, technical controls, and immediate updates upon return to service. Be sure to coordinate with your DCSA Rep if you have items to safeguard!
4/20 Reminders: Update on CBD Oil
The government does have new policy guidelines regarding the purchase and use of medical marijuana, CBD Oil, and investments.
However – we still notice that the interpretation of the guidance changes a lot depending on the rep! We recommend that you work directly with your DCSA Rep on a case-by-case basis to provide to your cleared personnel so that everyone is on the same page.
Most consider involvement in drug-related activities to be a “reportable incident” in DISS to help mitigate any adverse impact on a clearance. Make sure your personnel are aware and reporting!