Contractor CEO: My company, BuildGen Contracting, just won its first classified government contract. What are our NISP responsibilities? What are contractor responsibilities according to the NISP?
Establish NISP requirements for the protection of classified information
Provide advice, assistance, and oversight
Implement NISP requirements for the protection of classified information
Identify whether the following statements describe CSAs or CSOs. These organizations establish industrial security programs and oversee security requirements.
CSA
CSO
Identify whether the following statements describe CSAs or CSOs. These organizations administer the NISP and provide security guidance, oversight, and policy clarifications.
Which of these are DSS responsibilities or functions? Select all that apply.
Provide security guidance and oversight
Provide policy clarifications
Conduct Security Vulnerability Assessments (SVAs)
Provide installation-specific procedures for work performed on a government installation
Provide contract-specific security classification guidance
Identify whether the following roles are filled by government or industry employees.
Facility Security Officer (FSO)
Government
Industry
Information System Security Professional/Security Control Assessor (ISSP/SCA)
Information System Security Manager (ISSM)
Industrial Security Representative (IS Rep)
Counterintelligence Special Agent (CISA)
Insider Threat Program Senior Official (ITPSO)
This DSS employee serves as the contractor’s primary point of contact for security.
This DSS employee oversees authorized contractor Information System use.
This contractor employee administers and oversees the contractor security program.
This contractor employee manages Information Systems and ensures Information System security requirements are met.
This contractor employee establishes and maintains the insider threat program.
What is the first step of the contracting process?
The GCA defines the acquisition strategy for the contract.
The GCA publishes a Request for Proposal (RFP).
The government identifies a need for a product or service.
The GCA defines the initial requirements for the product/service.
Who has authority to enter into, administer, and terminate contracts?
Contracting Officer (CO)
Contracting Officer’s Representative (COR)
Who serves as Subject Matter Expert (SME) for individual contracts?
Who provides contractual oversight and has responsibility for multiple programs?
Who closely monitors contractor performance on individual contracts?
Contracting Officer
Identify which document contains the information described.
Security requirements and classification guidance:
Statement of Work (SOW)
DD Form 254: DoD Contract Security Classification Specification (DD 254)
DD Form 441: DoD Security Agreement (DD 441)
Contract details such as project scope, deadlines, and steps:
A security agreement between a contractor and the DoD in order to prevent the unauthorized disclosure of classified information:
Once the company’s FCL is in place, contractors may begin to access classified materials.
True
False
Key Management Personnel must be cleared before the FCL will be granted.
An employee’s approved national security eligibility determination, or PCL, is the same as his/her access.
What is the first step of the PCL process?
Employee completes SF-86
Program Manager determines need for access
PMSO-I validates the request
Investigative agency conducts investigation
DoD CAF grants and records PCL
FSO initiates PCL process
What is the second step of the PCL process?
What is the third step of the PCL process?
What is the fourth step of the PCL process?
What is the fifth step of the PCL process?
What is the sixth step of the PCL process?
Which of the following organizations conducts periodic Security Vulnerability Assessments (SVAs) of contractor facilities as the CSO to the Department of Defense?
Federal Bureau of Investigations (FBI)
Federal Acquisition Service (FAS)
Defense Security Service (DSS)
Department of Homeland Security (DHS)
Select ALL the correct responses. What does the Facility Security Officer (FSO) need to do when an employee no longer needs access to classified information?
Remove the employee's eligibility in the DoD System of Record
Debrief the employee
Remove the employee's access in the DoD System of Record
Remove the employee's name from access rosters and/or any active Visit Authorization Letters (VALs)
Select ALL the correct responses. Which of the following are Information System Security Professional/Security Control Assessor (ISSP/SCA) responsibilities?
Receive changed conditions and suspicious contact reports
Oversee day-to-day personnel security program operation
Respond to security violations involving authorized classified Information Systems
Perform classified Information System assessments
Select ALL the correct responses. Which of the following are Facility Security Officer (FSO) responsibilities?
Ensure the security program is compliant with the National Industrial Security Program Operating Manual (NISPOM)
Administer and oversee the contractor's security program
After a need is identified, the Government Contracting Activity (GCA) ___________________.
awards the contract
evaluates the contractors' proposals
defines the initial requirements for the product/service
publishes a Request for Proposal (RFP)
True or false? Each Cognizant Security Agency (CSA) has one or more Cognizant Security Offices (CSOs) that administer the National Industrial Security Program (NISP) on their behalf.
Select ALL the correct responses. Which of the following are Contracting Officer's Representative (COR) responsibilities?
Initiates sponsorship for a Facility Clearance (FCL) if necessary
Closely monitors contractor performance
Enters into, administers, and terminates contracts
Communicates security requirements to the contractor
Select ALL the correct responses. The National Industrial Security Program (NISP) is:
a voluntary program for cleared contractor facilities
established by Executive Order 12829
designed to safeguard classified information entrusted to industry
a government-industry partnership
What form must employees complete in order to initiate the Personnel Security Clearance (PCL) process?
DD Form 441, DoD Security Agreement
DD 254, DoD Contract Security Classification Specification
SF 312, Non-Disclosure Agreement
SF 86, Questionnaire for National Security Positions
True or false? The Facility Clearance (FCL) is contingent upon all Key Management Personnel (KMP) being granted a Personnel Security Clearance (PCL).
True or false? Once an individual is granted a Personnel Security Clearance (PCL), he or she may access all classified information entrusted to the facility.
Select ALL the correct responses. During classified visits, visitors may supply clearance information via ______________.
a Visit Authorization Letter (VAL)
the DoD System of Record
an invitation acceptance form
Select ALL the correct responses. Who helps to conduct Security Vulnerability Assessments (SVAs)?
Select ALL the correct responses. By signing DD Form 441, Department of Defense Security Agreement, the contractor agrees to _______________.
Acknowledge government authority to review the company's security program
Determine whether a sub-contractor has appropriate Facility Clearance (FCL)
Implement and maintain a security program that complies with the National Industrial Security Program Operating Manual (NISPOM)
Adhere to end-product objectives
True or false? A contractor facility may access and store classified material as soon as the Facility Clearance (FCL) is granted.
Which contracting document contains information such as project background, scope, deadlines, and steps for project completion?
DD Form 254, Department of Defense Contract Security Classification Specification
DD Form 441, Department of Defense Security Agreement
Select ALL the correct responses. Which of the following are Information System Security Manager (ISSM) responsibilities?
Receive company changed conditions and suspicious contact reports
Conduct Information System awareness and training
Establish Information System programs and procedures
Develop facility procedures for handling media with classified information
Select ALL the correct responses. Which of the following roles are filled by government employees?
