Reporting is something that seems straightforward on paper until you’re in the middle of a weird situation and unsure what to do about it. So, whether you made a mistake at work, you had a basic life event, or you feel like you were being approached at the bar the other night by someone that seemed more interested in your national security job than your amazing looks, there are different ways to report those activities. It can be confusing, and it can also feel a little gray at times. To help you out on your reporting journey, the editorial team chatted up some general examples for the different reporting requirements that the National Industrial Security Program Operating Manual (NISPOM) and the Security Executive Agent Directive (SEAD) 3 fully list out for security professionals.
Top Reporting Requirements
| Reporting Category | Examples | What and How to Report |
|---|---|---|
| Espionage, Terrorism, Sabotage | The incident with the Tesla employee in August 2020 is an extreme example of a foreign actor approaching an employee with a sabotage attempt. But espionage can come find you at many points. | Typically, this report is done in writing to the FBI. However, if the event is a timely issue, make sure you pick up the phone to call the FBI, and of course, notify your information security (IS) rep. |
| Adverse Information | Reporting in this category is based on the SEAD 4 Adjudicative Guidelines, so this reporting focuses on an employee’s ability to safeguard classified information. Items that fall under scope of adverse information are personal conduct issues, financial considerations, substance abuse, criminal conduct, allegiance to the U.S., foreign influence, and IT mis-use. It should go without saying, but if you happen to over hear a rumor, that does not constitute a reportable incident for you to submit. | Incident reports need to be submitted in the Defense Information System for Security (DISS). |
| Suspicious Contacts | Regardless of the nationality, any efforts to get classified information or targeting efforts by foreign intelligence officers need to be reported in writing. If something felt off in an exchange on a business trip, it’s important to document. | IS Rep/CISA |
| Change in Status | Any changes in name, citizenship, employment termination, or death of an employee need to be documented. If you go through any legal name changes, don’t forget to ping security so that your records line up. | This change needs to be made in DISS. |
| Security Equipment Vulnerabilities | While your security officer has an eye on the equipment capabilities, if you happen to see lights or cameras out or anything off, be sure to let someone know. But any hiccups in intrusion detection systems, information security, communications security hardware, software, or equipment needs to be reported. | Reports are in writing to the IS Rep. |
| Change in Facility Security Clearance | It’s common to make changes – acquisitions or key employee turnover, and the devil is sometimes in the details. So, in the midst of larger changes, it’s important to manage reporting requirements. | Update this in the National Industrial Security System (NISS). |
| Disregarding Security Clearance Requirements | Perfection is not expected in national security. But the reality is that mistakes can cost lives. Cleared professionals are expected to have an overall pattern of reliability, truthfulness, and carefulness. While there may not be a tally board for someone’s whoopsies, a pattern of negligence or carelessness does require reporting. This report needs to be specific: dates, incidents, and administrative actions taken. | The initial and final report are submitted to the IS Rep. |
| Receiving Unauthorized Classified Email | In a fast paced environment, it can be challenging to make sure documents make their way to the right person and that they are handled properly – in digital or print. However, any unauthorized sharing of classified information – intentional or accidental needs to be reported. Be sure to include the sender, originator of the materials, classification level, as well as the quantity of information, date, and title. | This needs to be submitted in writing to the IS Rep. |
| Change in Facility’s Storage Requirement | Anytime a facility has a change in their ability to safeguard classified information – cyber vulnerabilities or even an emergency situation like a hurricane, those incidents need to get reported. | Reports should be made in writing to the IS Rep. |
| Citizenship by Naturalization | When a non-U.S. citizen who has a Limited Access Authorization (LAA) becomes a naturalized U.S. citizen, the report should include naturalization location (city, state, county), naturalization date, court, and certificate number. | Make this change within DISS. |
| Won’t Sign NDA or Doesn’t Want Access | If an employee won’t sign the Classified Information Nondisclosure Agreement or they just do not want to be processed for a clearance, this information needs to be updated. | Enter the reason for the change in DISS.
|
Bottom Line: Check in With Your Security Officer
It’s important to keep your security officer in the know. They play an important role in safeguarding your organization’s classified materials and abiding by the rules and guidelines. So, maybe bring them a drink and a snack, and make sure they have all the information they need to keep records up-to-date. It’s a team effort to keep everything dotted and crossed where it needs to be. You can download our infographic to post in your at-home or office workspace.
