Suggested Contractor File Folder Headings



Similar documents
Self-Inspection Handbook for NISP Contractors TABLE OF CONTENTS

Webinar Questions and Answers

Defense Security Service (DSS)

Obtaining a Facility Security Clearance A Pinkerton Government Services White Paper


Defense Security Service Industrial Security Field Operations. FCL Orientation Handbook

DD FORM 254 Preparation Guide

Department of Defense MANUAL

DEPARTMENT OF DEFENSE DEFENSE SECURITY SERVICE, INDUSTRIAL SECURITY PROGRAM OFFICE INDUSTRIAL SECURITY LETTER

Commanding Officer and Executive Officer. Information and Personnel Security Reference Handbook

TRAINING PRODUCTS & RESOURCES

DSS Monthly Newsletter

Outside Director and Proxy Holder Training: Module 2: Managing Foreign Ownership, Control, or Influence (FOCI) Mitigation Defense Security Service

2014 DSS Vulnerability Assessment Rating Matrix Vulnerabilities and NISP Enhancement Categories

How To Do A Vulnerability Assessment

Outside Director and Proxy Holder Training: Module 1: Intro to DSS and Foreign Ownership, Control, or Influence (FOCI) Defense Security Service

Information Security Program Management Procedures and Guidelines

DoD M NATIONAL INDUSTRIAL SECURITY PROGRAM OPERATING MANUAL

Joint Personnel Adjudication System (JPAS) Account Management Policy

Joint Personnel Adjudication System (JPAS) Account Request Procedures

Selected Troublesome/Unacceptable Clauses Related to Information Release and Foreign Nationals

COST ACCOUNTING STANDARDS NOTICES AND CERTIFICATIONS

Joint Personnel Adjudication System (JPAS) Account Management Policy Document Version /23/2015

DSS Electronic Facility Clearance System (e-fcl) Submission Site User Guide

INDUSTRIAL SECURITY. 2. Welcome Ms. Mary Griggs as DSS Deputy Director for Industrial Security

NATO SECURITY BRIEFING NATO/ATOMAL SECURITY BRIEFING

03/21/2013. Security Incident Requirements. Information Security Webinar. Administrative Announcements. Security Incident Requirements

Department of Commerce Office of Security. Initial Information Security Briefing

SIMS v7 Release Notes

Privacy Impact Assessment of. Personal Identity Verification Program

This directive applies to all DHS organizational elements with access to information designated Sensitive Compartmented Information.

The Security Clearance and Investigation Process

Using Technology Control Plans in Export Compliance. Mary Beran, Georgia Tech David Brady, Virginia Tech

Defense Security Service

Privacy and Data Security Update for Defense Contractors

Annual DoD Security Refresher Training

Consultant Annual DoD Security Refresher

2. Completing Specific Sections of the Questionnaire for National Security Positions (SF 86)

A. Executive Order 12333, United States Intelligence Activities. B. Executive Order 12829, National Industrial Security Program.

Department of Defense INSTRUCTION

There are many examples of sensitive information falling into the wrong hands. What s the worst that can happen? The worst has already happened.

Department of Defense MANUAL

Defense Security Service

Gatekeeper PKI Framework. February Registration Authority Operations Manual Review Criteria

Introduction. Derivative Classification Training JOB AID

GUIDE SECURITY CLEARANCES & FACILITY CLEARANCES. or Call (202)

EnCase Implementation Statement of Work

3. SUPERSEDENCE: This schedule supersedes State Agencies Records Retention Schedule S5: Higher Education Records (Revised: 01/2010).

Commercial Solutions Opening (CSO) Office of the Secretary of Defense Defense Innovation Unit (Experimental)

KAREN E. RUSHING. Audit of Purchasing Card Program

CONTROL PROCEDURES FOR UNCLASSIFIED TECHNICAL DATA DISCLOSING MILITARILY CRITICAL TECHNOLOGY

UNITED STATES MARINE CORPS INFORMATION AND PERSONNEL SECURITY PROGRAM MANUAL (SHORT TITLE: MARINE CORPS IPSP)

EnCase Implementation Statement of Work

United States Visitor and Immigrant Status Indicator Technology Program (US-VISIT)

Hiring Information Tracking System (HITS)

Information Security Policy

DSS Secret Internet Protocol Router Network (SIPRnet) Processing Procedures

United States Department of State Privacy Impact Assessment Risk Analysis and Management

Department of Defense MANUAL

Security and Emergency Services Community of Interest 0080-Information/Personnel Security Administration Career Road Map

39C-1 Records Management Program 39C-3

28042 Federal Register / Vol. 75, No. 96 / Wednesday, May 19, 2010 / Notices

5 FAM 440 ELECTRONIC RECORDS, FACSIMILE RECORDS, AND ELECTRONIC MAIL RECORDS

Integrated Security Management System (ISMS)

NWX-DTSW-DEFENSE SECURITY SERV. Moderator: Nancy McKeown March 12, :30 am CT

SECURITY STANDARD OPERATING PROCEDURES

Audit of Tax Data Security. Final Report Approved by Internal Audit Committee on June 29, 2005

Background Check Service

Basic Records Management Practices for Saskatchewan Government*

Flexible Circuits Inc. Purchase Order Standard Terms and Conditions

Privacy Impact Assessment Of the. Office of Inspector General Information Technology Infrastructure Systems

Supplier Awareness. Export Control/ ITAR

ATTACHMENT A SUPPLIER CERTIFICATIONS PACKAGE

Protected Critical Infrastructure Information Program Procedures Manual

UNIT 34: COST ACCOUNTING STANDARDS

Department of Defense MANUAL. DoD Information Security Program: Overview, Classification, and Declassification

GENERAL GOVERNMENT ADMINISTRATION EXECUTIVE RECORDS RETENTION AND DISPOSITION SCHEDULES (ERRDS) ERRDS, DIVISION OF VOCATIONAL REHABILITATION REPEALED

Industrial Security Facilities Database (ISFD) Job Aid. December 2014

NAVY RECORDS MANAGEMENT PROGRAM COMMAND PROGRAM GUIDE

Additional Terms And Conditions E-2D Advanced Hawkeye (AHE) Pilot Production (Prime Contract No. N C-0057)

Blanket Purchase Agreement Attachment C Ordering Guide. DLT Solutions/Autodesk. Blanket Purchase Agreement (BPA): N A-ZF30

Practice Test Security Fundamentals Professional Certification (SFPC) Multiple Choice. Multiple-Choice Sample Question # 1

DHS DIRECTIVES INSTRUCTION HANDBOOK DHS INSTRUCTION HANDBOOK THE DEPARTMENT OF HOMELAND SECURITY PERSONNEL SUITABILITY AND SECURITY PROGRAM

Hosting Foreign Nationals at DOE Sites

1.3 There have been no material or substantive changes to the Code since last year.

28 CFR Ch. I ( Edition)

Department of Defense INSTRUCTION

PRIVACY IMPACT ASSESSMENT (PIA) For the

Information Security Policy


Transcription:

Suggested Contractor File Folder Headings 1. Facility Clearance 2. Personnel Clearances 3. Recurring Security Education 4. Self-Inspection 5. Security Correspondence 6. Standard Practice Procedures 7. Incident Reports 8. Suspicious Contact Reports 9. Visits-Incoming 10. Visit Letters Incoming Non-Contract Related 11. Visit Letters Incoming Foreign 12. Visit Letters Outgoing Foreign 13. DD Form 254 Active Contracts 14. DD Form 254-Completed Contracts/Retention 15. Security Container Combination Change Record 16. Information Management System (IMS) 17. Classified Material Receipts Outgoing/Suspense 18. Physical Security Information 19. Destruction Certificates 20. IS Accreditation Letters 21. International 22. Industrial Security Letters (ISLs) NOTE: JPAS is the system of record to verify Personnel Access and Eligibility information, briefings and terminations. As a result, contractors are not required to maintain obsolete paper records (e.g. Visit Letters, SF 312 s, briefings, etc.). Suggest adding folder for Outgoing Visits. Classified visits to non-dod customers (e.g. State Department) may require the FSO to still send a paper visit letter to the customer with a hard copy printout of the person s JPAS clearance eligibility information.

File Folders #1 through #5 should be maintained by ALL cleared facilities. FOLDER #1 FACILITY CLEARANCE 1. Every cleared facility should have: a. DD Form 441 DoD Security Agreement or DD Form 441-1 Appendage to Security Agreement (if a division or operating location of an MFO) b. KMP List (also include those KMP s who are excluded from access) c. SF 328 Certificate Pertaining to Foreign Interests 2. The following should be retained when applicable: a. Resolution for Exclusion of Certain Officers and/or Directors b. Letter temporarily Excluding Certain Officers and/or Directors from Access to Classified Material Pending a Formal Resolution by the Board c. Resolution for Exemption of Parent Organization d. Subsidiary Board Resolution Noting Parent s Exclusion and Resolution to Exclude Parent Organization e. Certificates by Officers and/or Directors (Interlocking Officers and/or Directors) f. Resolution of the Board of Directors of a Subsidiary Noting Non-Disclosure Certificates by Cleared KMP s serving in the same or similar capacities or positions with both the Subsidiary and Parent Organization (Interlocking Officers and/or Directors) g. Certificate Covering Licenses, Patents, and other Foreign Affiliations (Resolution by the Board of Directors) h. Letter indicating Assignment of CAGE Code FOLDER #2 PERSONNEL CLEARANCES 1. JPAS is your official record of all cleared employees at your facility. 2. SF 86 and signed releases are required to be maintained until the time that the eligibility process is complete (these records should then be destroyed or returned to individual). 3. Consultant Agreement, if applicable. 4. Additional records you may elect to keep but are not required: a. Copy of SF 312 b. Special briefings/refresher briefings

c. Violations d. Clearance justification, if applicable e. Evidence of citizenship f. Extra fingerprint cards g. Anything else you might find beneficial FOLDER #3 RECURRING SECURITY EDUCATION 1. Date and List of employees briefed. 2. Description of what was briefed to include copies of any materials provided: newsletters or articles used, etc. FOLDER #4 CONTRACTOR SELF-INSPECTION 1. Date self-inspection was conducted. 2. Maintain results of the self-inspection to include any corrective action taken. NISPOM Paragraph 1-206b states: Contractors shall review their security program on a continuing basis and shall also conduct a formal self-inspection at intervals consistent with risk management principles. Additional Guidance for Self-Inspection Records: a. Suggest placing a copy of the SELF-INSPECTION HANDBOOK in this folder. It is a helpful guide to you when performing your self-review. This handbook can be found at: http://www.cdse.edu/documents/cdse/self_inspect_handbook_nisp.pdf b. Suggest that you review the report in JPAS that reflects all personnel associated with your PSM-Net prior to conducting your self-inspection. Not only will this report assist you in determining who in your company is eligible for access to classified, but it can also be used to determine when periodic reinvestigations are required to be submitted. FOLDER #5 SECURITY CORRESPONDENCE 1. File by latest date on top.

2. All material in this folder should be reviewed for disposition during each self-inspection. - - - - - - - - - File folders #6 through #27 should be maintained ONLY if they apply to the classified activities at your facility. FOLDER #6 STANDARD PRACTICE PROCEDURE (SPP) 1. Copy of your Standard Practice Procedure (SPP), if applicable. NISPOM Paragraph 1-202 states: The contractor shall implement all terms of the Manual applicable to each of its cleared facilities. Written procedures shall be prepared when the FSO believes them to be necessary for effective implementation of this Manual or when the Cognizant Security Office (CSO) determines them to be necessary to reasonably exclude the possibility of loss or compromise of classified information. NOTE: Discuss this requirement with your Industrial Security Representative and decide whether or not a SPP would be of benefit to your company s classified operation. FOLDER #7 INCIDENT REPORTS 1. In addition to completing the electronic Incident Report in JPAS, contractors may, if necessary, provide supplemental documentation (in hardcopy) relating to the incident report directly to the designated DSS entity. 2. Place in order by date of submission, last date on top, in alphabetical order by employee s name or in any other order you prefer. FOLDER #8 SUSPICIOUS CONTACT REPORTS 1. File all suspicious contact reports received, last date on top. FOLDER #9 VISITS (INCOMING) 1. Although not required by the NISPOM, some contractors elect to maintain a record of incoming classified visitors. (Records are still required for foreign visitors - maintain for 1 year - and NATO visitors -maintain for 3 years.)

2. JPAS is authorized to verify the visitor s personnel security access level (the visitor s access level and affiliation must be reflected in JPAS), thereby, eliminating the requirement for classified Visit Authorization Letters (VAL s). 3. If the visitor s personnel security access level cannot be verified in JPAS, a Visit Authorization Letter is required. a. Facilities must still have procedures in place to verify the identification of visitors and determining need-to-know prior to disclosing classified information. FOLDER #10 VISIT LETTERS (INCOMING-IF APPLICABLE) 1. Place in order by date of the letter, last date on top, in alphabetical order by the visitor s name, by company name or in any other order you prefer. FOLDER #11 VISIT LETTERS (INCOMING FOREIGN) 1. Pertains to personnel visiting your facility from foreign countries. 2. Place in order by date of the letter, last date on top, in alphabetical order by visitor s name or by any other order you prefer. 3. Maintain for one year. FOLDER #12 VISIT LETTERS (OUTGOING FOREIGN) 1. Pertains to employees making visits described in Chapter 10, Section 5, Paragraph 10-502, NISPOM. 2. Place in order by date of the letter, last date on top, in alphabetical order by employee s name or by any other order you prefer. FOLDER #13 DD FORM 254 (ACTIVE CONTRACTS) 1. DD Form 254(s) pertaining to active contracts and solicitations. 2. A listing of all current classified contracts should be placed in the front of each of these folders. 3. Copies of classification guides received for all classified contracts. 4. Public Disclosure Requests (see NISPOM paragraph 5-511a).

FOLDER #14 DD FORM 254 (COMPLETED CONTRACTS) 1. DD Form 254 pertaining to inactive contracts, RFQ s, RFP s and IFB s filed in numerical order by last four or five digits of contract, RFQ, RFP or IFB. Separate by categories listed above. 2. Letter requesting authority to retain classified material, OR; 3. Final DD Form 254 or other correspondence authorizing retention of classified material beyond the automatic 2 year retention period. NOTE: You have an automatic two year retention authority from contract completion UNLESS you hear otherwise from your GCA or prime contractor. FOLDER #15 SECURITY CONTAINER COMBINATION CHANGE RECORD 1. A record of the names of persons having knowledge of the combination. 2. A record indicating the date of changes of security container combinations is optional. NISPOM paragraph 5-309 list the events requiring the combination to be changed. NOTE: Combinations for containers storing NATO classified information shall be changed annually (NISPOM Paragraph 10-712b). FOLDER #16 INFORMATION MANAGEMENT SYSTEM 1. Your Information Management System (IMS) shall be capable of facilitating the retrieval and disposition of your classified holdings in a reasonable time frame. This record could be an automated or a manual system. 2. Information captured in your IMS might include any combination of the following: a. Date of material b. Date material received c. Where material was received from d. Date material sent out/transmitted e. Where material was sent f. Classification level of the material g. Unclassified description of material h. Disposition of material & date thereof (required for TOP SECRET only) i. Location of material/custodian

j. Contract number/retention authority for material k. Control number (if applicable) l. Number of copies (required for TOP SECRET only) m. Any other information you find beneficial 3. For TOP SECRET, material must be numbered in a series (the copy number shall be placed on TOP SECRET documents and on all associated transaction documents.) and the transmittal must be covered by a continuous receipt system both within and outside the facility. FOLDER #17 CLASSIFIED MATERIAL RECEIPTS OUTGOING/SUSPENSE 1. File in chronological order by the date the documents were sent out, earliest date on top. 2. Check weekly. Follow-up letter should be forwarded to addressee if signed receipt is not received in a reasonable length of time. 3. Remove and destroy when signed receipt is received. FOLDER #18 PHYSICAL SECURITY INFORMATION 1. Retain a copy of the DSS Form 147, Controlled Area Agreement, issued by the Cognizant Security Office. 2. Closed Area Self Approval Letter 3. UL Alarm Certificates 4. Shared Services Agreements 5. Letters Authorizing Security-In-Depth 6. MOAs or MOUs 7. Approval for Open Storage in Closed Areas 8. Any other physical security documentation that may apply to your security program.

FOLDER #19 DESTRUCTION CERTIFICATES-REQUIRED FOR TS ONLY 1. File in order by date the material was destroyed, last date on top. 2. Include control number assigned by the facility on the Destruction Certificate. 3. Include the words LAST ITEM under the last document listed on the form. 4. Each page of the Destruction Certificate will be signed by the destroying and witnessing official. 5. Destruction Certificates may be numbered with the last digits of the year, followed by a dash and numerical sequence (e.g., 00-01, 00-02, 00-03, etc.). 6. Could annotate/sign TOP SECRET Information Management System instead of above, if appropriate. FOLDER #20 INFORMATION SYSTEMS (IS) ACCREDITATION LETTERS 1. File all accreditation letters received from the Defense Security Service Field Office for the use of IS equipment for processing of classified material. 2. File in order by date of the authorization or by system number or identification. 3. Self-Accreditation Letters FOLDER #21 INTERNATIONAL 1. Copies of all current export licenses involving classified materials (these would be received from the Department of State). 2. Technical Assistance Agreement (TAA) 3. Technology Control Plan (TCP) 4. Any other records pertaining to your company s international operation. FOLDER #22 INDUSTRIAL SECURITY LETTERS 1. File all Industrial Security Letters (ISL s) published from January 1995 to present, last date on top. NOTE: ISL s (2006 and beyond) are also posted and available on our internet web-site at: http://www.dss.mil/isp/fac_clear/download_nispom.html

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information