The Defense Security Service (DSS) is charged with ensuring facilities which are handling classified materials adhere to the National Industrial Program Operating Manual (NISPOM). This is accomplished through a variety of mechanisms, which include Field Security Officer (FSO) self-inspections, periodic inspections by a DSS representative and full-on audits.
When the DSS Industrial Security Representative (ISR) visits your facility, unannounced, that’s when you know you have your standard-operating-procedure (SOP) in order or you don’t in a hurry. Those entities where the FSO keeps tabs on the NISPOM updates and the effect on his facility and cleared personnel will normally weather these inspections with grace and aplomb.
There will, however, be those entities which fall short of the mark, and the ISR is directed to adjudicate in accordance with the DSS Vulnerability Assessment Rating Matrix. The shortcomings identified are given a ranking of “Acute Vulnerability”, a “Critical Vulnerability” or a “Vulnerability.”
Vulnerabilities
- Acute Vulnerability: Immediate action required, classified material is at risk, imminent risk.
- Critical Vulnerability: Action required, classified materials could possibly be put at risk.
- Vulnerability: Compliance issues which don’t fall into the critical or acute category.
In each instance, of acute or critical vulnerability, the ISR is tasked with determining if the vulnerability is isolated, systemic, or a repeat offense.
DSS Directive
Now, if you are running the NISP at your company and your FSO contacts you and advises that the company has been issued a vulnerability notice, it is a really big deal. If classified materials are at risk of compromise, the contracting entity is quickly brought into the loop. Adjudication is necessarily swift. For those issues which are minor in nature, often times corrective action takes place on the spot, in more complex issues, the ISR will issue formal guidance to bring the entity into compliance with the requisite directives. The action plan will be monitored and progress duly noted. It is a straightforward exercise, generally with little wiggle room in interpreting the existence of the vulnerability.
DSS Recommendation
Generally speaking the ISR is there to enhance your program’s security posture. From time to time, recommendations are made, which might warrant conversation. For example, this author had occasion to have received recommendations, via his FSOs which the ISR felt would enhance the overall security of the program. The suggestion, 24-manned security at the facility, would indeed increase the security posture. However, neither the level of activity nor the contracting authority required such, and thus the recommendation remained unfulfilled, yet present on the inspection. The bottom line, the cost to the contracting entity to cover the number of security personnel made the engagement untenable from a business perspective. It was resolved by the contracting authority and the DSS ISR, with the author’s team stepping out of the discussion.
Subscriber Query
Recently, ClearanceJobs was asked a question by a subscriber, an FSO. The FSO explained how at the conclusion of a recent inspection, the iISR requested the FSO, in coordination with human resources remove all reference to any of the personnel requisition (job vacancies) requiring the individual currently possess or be eligible for a security clearance at a given level. The FSO cited DSS FL 381(r) (Facility Clearance Letter) letter that states: “The fact that your organization has qualified for and has been granted a facility clearance may not be used for advertising nor promotional purposes…”
Before offering up advice, a couple of online searches were conducted to determine what the current practice was with respect to job vacancies which require the candidate to have a security clearance. The first search, was conducted on USA JOBS, using the keyword TOP SECRET. The search resulted in a number of job descriptions popped up, all of which identified that the level of security clearance required was at the TOP SECRET level. We then did a second search on the website of one of the 2016 Cogswell Award winner’s site (more on the Cogswell Award below), and they too had the level of security clearance clearly detailed.
Satisfied that it is acceptable practice to include the security clearance requirement in one’s vacancy notices, it is this author’s opinion the FSO should, together with the company senior executive sponsor, appeal the ISR’s recommendation. The appeal should focus on what constitutes advertising and promotional materials. A requisition for a specific position, which requires a current or eligibility for a security clearance would seem to make sense.
The Cogswell Award
Each year DSS presents the Cogswell Award at the National Classified Management Society annual conference. The competition for the Cogswell Award is always fierce. The recipients are nominated by their DSS Industrial Security Representative, but only after two successive years of receiving a superior rating on their annual security audit. In 2016, 42 programs were awarded the Cogswell Award out of the approximately 13,500 programs nationwide.
It is human nature to want to improve and enhance the security posture of each facility which is charged with protecting classified materials. The DSS monitors the overall profile and compares the profiles to those of the entities peers. The enthusiasm of the ISRs in their work is important, as who doesn’t want a Cogswell winner among the company’s which the assist? The issuance of directives and recommendations are to be expected by all entities, and should be welcomed as they enhance the overall security. From time to time, contracts may go by the wayside when the cost of compliance exceeds the contract opportunity.