One (somewhat) New AAB!

Hello Everyone,

   At our annual security council meeting, last week, one senior agent stated the following as AAB:

      - including uncleared personnel in all security training.

   Although many of you may already know this, I wanted to include it here, for all to see and use.

   Unfortunately, that was the only example given. I'm not sure what the climate is that makes people fearful to share such valuable (and unclassified!) information...

Be back soon!

We're Back...with two new AAB's!

Hi Everyone,

   I'm back from a much-needed vacation! While I was gone, the Quantico Area Industrial Security Council (QAISC), of which I am a member, had their monthly meeting on July 27. They discussed DSS inspections and AAB.

   One item that came out of that meeting that I had never heard before was providing a list to the inspector of contracts held by the company, with an accompanying list of employees working on each specific contract, and the employees' clearance level. This may be a lot of work for many of us, but it may be worth a try.

   Another one: inspections of personal effects. My rep wants me to have proof of such inspections every quarter. What if those inspections are done on a monthly basis? This may be AAB. I'll check with my current rep and see what they think.
   If you have some tidbits, please post them for all to see. Thank you!

Judy's comments, 15 Jul 11

Daniel:

We won the Cogwells Award this year -- a great honor!!  The following would be my suggestions for your blog:

Develop a good working relationship with your IS rep so that you're comfortable asking for advice.

I know it's not always easy to do but convince your management of how important your security program is.

When in doubt, report it (at least to your IS rep and then he/she can advise you on where else you should go with it).  Research it first in the NISP  but if you're not sure if it's reportable, talk with your IS rep.

Remind your cleared people of their reporting responsibilities by providing security educational materials quarterly, rather than just the required annual.  Also provide information to your  uncleared employees and keep a list of your education program. 

Your blog is a great idea -- good luck!

Judy Santo, FSO, Oxford Global Resources

Shari's AAB Comments

This is a great idea. thanks for starting this.  I'm happy to contribute.  I am an experienced FSO and have received nothing less than a Commendable rating during my career.  Working with smaller non-possessing facilities it is very difficult to receive a Superior rating but it is possible.

To receive a rating of Commendable here are some tips:

Make sure your Personnel Security files are in impeccable order. They should include, at a minimum, a recent screen print of the JPAS summary page, Proof of Citizenship, executed copy of the SF312 if necessary.
At a minimum, perform 4 security briefings per year. The NISPOM says the only requirement is the Annual Security Reftesher briefing.
Make sure you document the briefings given. Have a sign-in sheet, and excel sporeadsheet as well as an acknowledgment form signed and dated if you sent the briefing via email
Make sure you have completed at least 2 Self Inspections during the year. Quarterly is better for the smaller to medium size companies.
Make sure you run the Periodic Reinvestigation report in JPAS to ensure everyone who is due for a reinvestigation has already been initiated in JPAs and notified
Make sure you run the Personnel Listing report in JPAS and ensure everyone listed should be listed and has the proper Accesses listed based on your FCL. Don't have people listed with TS access if your faciility only has a Secret FCL
Be organized when you meet with your DSS Rep for your security review. Have everything out that you need so you have it in front of you when asked for something, e.g. 381-R, DD 441, SF 328, Contract List completed, etc.

To be rated as Superior in a non-possessng facility make sure you have all of the above but also try to have a Security Day or host a seminar on a security topic, be a member of NCMS or ASIS, send out security updates to employees or have an Employee Security Newsletter at least quarterly.

I'm sure there are more. Hopefully others will contribute to this question as well.

No need to give me any credit for this. You posting it for me is credit enough. No worries.....

Thanks again. Hope this works. It will be a good resource for all.

Shari Duncan
President & CEO
Government Security Solutions LLC

Kevin's AAB Comments

I am an ex DSS buba. What I would look for in "above and beyond" is Robust OPSEC initiatives, demonstrate how you are complying with the DD-254's that call out unique or special handling. Have a full accountibility for all classified items yes that means an inventory. Keeping the 701 and 702s for at least a year. Holding/sponsering CI or other type security related seminars, classes or  forums. Conducting quaterly self inspections. Having records of beyond NISPOM training (E.g. quaterly vice annual, container locations with managed/current access lists. Emergency action plans that are exercised and in depth. These are just a few things that would elevate an FSO's program above his/her peers in the community. Obviously these thing are hard to do as they effect people and money but gaining the management buy-in is the key. The importance of keeping of these type of records is for investigative purposes. Having these records assist in keeping your programs integrity and can be critical in an espionage case. Real world.. An employee was suspected of a class A felony and was facing prosecution, the records kept at thier place of employment showed that the employee was at work after hours and provided an iron clad alibi. Without an "above and beyond" security program the prosecution of the individual was eminent. I share that as an example of; you never know how a good program, will protect not only the asset but the people in the program. – Kevin

Management Buy-In

Hey Folks,
   Still looking for that first person to add to the blog...please do so...we need your input to make this work!

   Another AAB is "management buy-in," that is: does management accept the importance of a well-rounded, legitimate security program for the company, or not? Examples of this would be:
      - emails of acknowledgement from senior management regarding security actions (e.g., self-inspection findings, results of employee security training, etc.);
      - notifications to all company employees regarding the importance of completing security education training and being in compliance with security requirements put forth by the FSO;
      - responses to security training, readings, etc., and the value they hold for employees.

I'm sure there's many more, so help me out here!  Thanks!

Welcome Everyone!

Hello Everyone!
    I've notice over the years that, although many FSOs have expressed the importance of going "above and beyond" what the NISPOM requires, in order to get Commendable or Superior ratings on a DSS inspection, only once have I found anything available as to how to go "above and beyond."
   This blog has been created by me to help all of us FSOs who want to go "above and beyond" on our annual DSS inspections and achieve Commendable or Superior ratings!
   The intent is for FSOs to make postings to this blog that will be useful to other FSOs in helping them go "above and beyond" during their next inspection and hopefully achieve a better rating.
   The primary focus is the Self-Inspection Checklist, and each area it covers. My intent is to obtain "above and beyond" examples via this blog for every possible area of the self-inspection checklist as we can.
   In the future, FSOs can:
       - add their own examples of how they went "above and beyond" during a DSS inspection;
       - view the contents of the blog for "above and beyond" examples that they can use;
       - inquire from FSOs on the blog for examples

So...here we go! In my inspection in May of this year, I was "above and beyond" (from now on, we'll shorten that to AAB!) in security training/education. Below are some examples of my security training/education AAB:

-         quarterly training presentations, including quizzes;

-         Excel spreadsheet showing employee participation, scores, and dates of completion;

-         Various training, which included an annual refresher, counterintelligence brief, “Geotags” brief and others;

-         Report to managing company directors regarding employee participation, percentage of participation, etc.;

                        -     Response from company president, showing “management buy-in” (a big thing for our  DSS reps)

Again...welcome everyone! Please post your AAB, and be a mentor to other FSOs. Hey, you never know...maybe we can all use this blog in the future as AAB for our inspections!

With kindest regards,


Dan