The What and How of Security Violation Reporting in Defense Contracting – Digitalmunition




Featured 1150x732-48.jpg

Published on March 29th, 2021 📆 | 3974 Views ⚑

0

The What and How of Security Violation Reporting in Defense Contracting

Reporting Category
Examples
What and How to Report

Espionage, Terrorism, Sabotage
The incident with the Tesla employee in August 2020 is an extreme example of a foreign actor approaching an employee with a sabotage attempt. But espionage can come find you at many points.
Typically, this report is done in writing to the FBI. However, if the event is a timely issue, make sure you pick up the phone to call the FBI, and of course, notify your information security (IS) rep.

Adverse Information
Reporting in this category is based on the SEAD 4 Adjudicative Guidelines, so this reporting focuses on an employee’s ability to safeguard classified information. Items that fall under scope of adverse information are personal conduct issues, financial considerations, substance abuse, criminal conduct, allegiance to the U.S., foreign influence, and IT mis-use. It should go without saying, but if you happen to over hear a rumor, that does not constitute a reportable incident for you to submit.
Incident reports need to be submitted in the Defense Information System for Security (DISS).

Suspicious Contacts
Regardless of the nationality, any efforts to get classified information or targeting efforts by foreign intelligence officers need to be reported in writing. If something felt off in an exchange on a business trip, it’s important to document.
IS Rep/CISA

Change in Status
Any changes in name, citizenship, employment termination, or death of an employee need to be documented. If you go through any legal name changes, don’t forget to ping security so that your records line up.
This change needs to be made in DISS.

Security Equipment Vulnerabilities
While your security officer has an eye on the equipment capabilities, if you happen to see lights or cameras out or anything off, be sure to let someone know. But any hiccups in intrusion detection systems, information security, communications security hardware, software, or equipment needs to be reported.
Reports are in writing to the IS Rep.

Change in Facility Security Clearance
It’s common to make changes – acquisitions or key employee turnover, and the devil is sometimes in the details. So, in the midst of larger changes, it’s important to manage reporting requirements.
Update this in the National Industrial Security System (NISS).

Disregarding Security Clearance Requirements
Perfection is not expected in national security. But the reality is that mistakes can cost lives. Cleared professionals are expected to have an overall pattern of reliability, truthfulness, and carefulness. While there may not be a tally board for someone’s whoopsies, a pattern of negligence or carelessness does require reporting. This report needs to be specific: dates, incidents, and administrative actions taken.
The initial and final report are submitted to the IS Rep.

Receiving Unauthorized Classified Email
In a fast paced environment, it can be challenging to make sure documents make their way to the right person and that they are handled properly – in digital or print. However, any unauthorized sharing of classified information – intentional or accidental needs to be reported. Be sure to include the sender, originator of the materials, classification level, as well as the quantity of information, date, and title.
This needs to be submitted in writing to the IS Rep.

Change in Facility’s Storage Requirement
Anytime a facility has a change in their ability to safeguard classified information – cyber vulnerabilities or even an emergency situation like a hurricane, those incidents need to get reported.
Reports should be made in writing to the IS Rep.

Citizenship by Naturalization
When a non-U.S. citizen who has a Limited Access Authorization (LAA) becomes a naturalized U.S. citizen, the report should include naturalization location (city, state, county), naturalization date, court, and certificate number.
Make this change within DISS.

Won’t Sign NDA or Doesn’t Want Access
If an employee won’t sign the Classified Information Nondisclosure Agreement or they just do not want to be processed for a clearance, this information needs to be updated.
Enter the reason for the change in DISS.
 

originally appeared on Source link

Tagged with:



Leave a Reply