|
Part ONE:
For
professionals with background in information security, a significant
portion of the material presented in the NISPOM is basing on common and
well known security principles and is nothing special at all. What could
possibly get in the way are the specific terms, definitions and
requirements written in the DoD language. After all, the NISPOM is never
intended to serve as an exam prep tool.
Part 1 of the ISP ExamFOCUS Study Notes is
developed with the goal of delivering only those DoD toned information
that would give exam candidates difficulties in picking the right
answers. General common-sense type information is not retained,
therefore candidates can have their time spent most effectively.
Essential topics are arranged in a logical flow to facilitate
understanding of the information. Guiding questions are used to help
address key exam concerns.
ORIGIN AND BASIC BACKGROUND
WHAT IS THE NISPOM FOR, AND WHO
DEVISED IT?
WHAT ARE THE LEVELS OF SECURITY CLEARANCES? WHO ADMINISTER SECURITY
CLEARANCE? WHO CAN BE GRANTED CLEARANCES?
WHAT DETERMINES ACCESS TO CLASSIFIED INFORMATION?
CAN CLEARANCE BE GRANTED ON A TEMPORARY BASIS?
WHAT ARE THE VALID CLASSES OF INFORMATION?
WHAT ARE THE ROLES INVOLVED?
WHAT IF CLEARANCE IS NOT GRANTED? ANY EXCEPTIONS ALLOWED?
GENERAL REQUIREMENTS
WHAT IS THE FSO REQUIREMENT?
WHAT ARE THE RESPONSIBILITIES OF THE CONTRACTORS?
WHAT ARE TO BE DONE WITH THE SECURITY REVIEWS, AND HOW ARE THEY
DONE?
HOW TO HANDLE DUPLICATIVE SECURITY REVIEWS?
WHAT IS RISK MANAGEMENT, AND HOW DOES IT WORK?
REPORTING
WHAT KINDS OF EVENT MUST BE
REPORTED?
WHO REVIEWS CLASSIFIED/UNCLASSIFIED REPORTS?
HOW DOES REPORT SUBMISSION WORK?
FACILITY CLEARANCE
WHAT IS A FCL, AND HOW IS IT
APPLIED?
HOW IS FCL PROCESSED WHEN A PARENT-SUBSIDIARY RELATIONSHIP EXISTS ON
THE SIDE OF THE CONTRACTOR?
WHAT ARE THE RESPONSIBILITIES OF A CONTRACTOR UNDER A FCL?
WHAT IS A MFO AND HOW WOULD CLEARANCE WORK FOR MFO?
WHAT IF THE FCL COMES TO AN END?
WHAT IF SUBCONTRACTORS ARE INVOLVED?
PERSONNEL CLEARANCE
WHO DETERMINES ELIGIBILITY OF
ACCESS, AND WHO KEEPS THE RECORD?
WHAT KINDS OF INVESTIGATION MAY NEED TO TAKE PLACE?
WHAT GUIDELINES SHOULD A CONTRACTOR FOLLOW WHEN APPLYING FOR PCLS?
WHO ARE FOR SURE NOT ELIGIBLE FOR PCLS?
WHAT GUIDELINES SHOULD CLEARED PERSONNEL FOLLOW?
FOREIGN INTEREST
WHAT IS FOCI?
WHAT IS SPECIAL ABOUT FCL UNDER FOCI?
HOW ABOUT LIMITED FCL?
HOW ABOUT SSA?
WHAT ARE THE REQUIREMENTS WHEN FOCI COMES INTO PLAY?
WHAT IS A GSC AND WHAT DOES IT DO?
WHAT IS TCP? WHO ESTABLISH IT AND HOW DOES IT WORK?
SECURITY TRAINING
WHO PROVIDES THE NECESSARY TRAINING
AND BRIEFING? IN WHAT MANNER?
WHAT SHOULD BE COVERED IN THE SECURITY BRIEFINGS?
WHAT IS SF312 AND HOW IS IT PROCESSED?
INFORMATION CLASSIFICATION
WHAT IS CLASSIFIED INFORMATION AND WHAT IS NOT?
WHAT IS AN ORIGINAL CLASSIFICATION AND WHAT ARE THE MARKING
REQUIREMENTS?
HOW ARE DERIVATIVE CLASSIFICATION DECISIONS MADE?
WHO IS RESPONSIBLE FOR PROVIDING THE NECESSARY SECURITY CLASSIFICATION
GUIDANCE?
WHAT SHOULD BE COVERED BY A CONTRACT SECURITY CLASSIFICATION
SPECIFICATION? WHO SHOULD MAINTAIN IT?
WHAT SHOULD BE DONE UPON CONTRACT COMPLETION?
WHAT SHOULD BE DONE IF THE EXISTING CLASSIFICATION IS BELIEVED TO BE
INACCURATE?
CLASSIFICATION MARKINGS
HOW SHOULD MARKING BE DONE IN GENERAL?
WHO IS RESPONSIBLE FOR THE MARKINGS?
HOW SHOULD MARKING BE DONE FOR COMPLEX DOCUMENTS?
HOW ABOUT PORTION MARKING?
WHAT OTHER MARKINGS MAY HAVE TO BE USED?
HOW ABOUT THE PROCESSING MATERIAL?
SAFEGUARDING REQUIREMENTS
WHAT ARE THE SAFEGUARDING REQUIREMENTS FOR THE CONTRACTORS?
WHAT PROCEDURES AND POLICIES WOULD BE NECESSARY?
WHAT ABOUT ACCOUNTABILITY?
WHAT ABOUT TRANSMISSION AND SHIPMENT?
WHAT ABOUT STORAGE?
COMSEC & TEMPEST |
