by FSO PRO
What great FSO’s read!
NISS Launch is delayed… again. We need a Power Pellet.
Much Ado About Nothing… Yet.
(cue Pac-man fail noise)
The promised NISS Soft Launch was paused by DSS this month. They seem to have a few kinks to work out before it is available. I imagine this is the way of any soft launch – an opportunity to get it just right. The new date for the soft launch is Monday, October 30th, 2017.
Hopefully, every one of our good readers have already registered your PKI with NCAISS/DSS Portal. That is not on pause and it is wise to already have that completed. As my old Sarge says “You don’t have to get ready if you stay ready!”
Here are those instructions once more:
=> Users must have accounts in NCAISS – this is also known as the “DSS Portal”. You must have a PKI to register (the same one you utilize for JPAS) and you register here. You can – and should – do this now if you haven’t yet.
Not registered? Click that link! (No, seriously!)
- Register with NCAISS/DSS
Portal – seriously, we
- Get all your Independent
Contractors straight in
- Execute “Consultant Certificates”
with 1099/IC’s if
they are working on classified
- Make sure you have
marked your eFCL “Self
Inspection” completed for
2017 before the holiday
season is upon us in full
- Promote CyberSecurity
Awareness with fun
events and ideas.
- Stay tune for the NISS
Soft Launch announcement
– it can come at any
- Find Bob and tell him
about Secret Santa. “No
Why are we doing this again?
For those of you who are wondering – “Why are we doing this? We are barely used to the previous system.” Let
me take the opportunity to remind you what your DSS Rep will say at your next SVA: DSS is in Transition. This
means they are upgrading services and systems to better safeguard classified information. While there will be
“kinks”, there will also be benefits! Here are the benefits (and our notes = told in plain “what’s in it for me” language
for FSOs) of NISS when it launches.
If all that is true, NISS is like a fairy godmother to FSOs who want to know more, do more, and become a
security subject matter expert! Now you are disappointed you have to wait, right? Us too!
We will keep you in the loop as the soft-launch rolls out again!
Let’s start wrapping it up!
In the meantime – the year is nearly over, folks! If you haven’t completed that self-inspection in eFCL yet, you need to get that done!
Over the last few months we have been doing an in-depth walk-thru of a self-inspection. FSO PRO plans to put this on audio before too long so you can listen to it as you dash around … or let it play while you sleep and wake up quoting the NISPOM! (We have zero scientific evidence to support that, but it could happen.)
Not Intended to Swiftly Start?
Never In Seventeen, Silly?
November Is Still too Soon?
(Or October 30th. Don’t worry, they will get it right. Better to delay than have a bad user experience.)
Can my first wish be for a new Fairy Godmother?
Section C of the Self Inspection: Consultants!
“Hey, Why is there a Bob What’s-his-face in our JPAS? I never see him in the break room?”
A lot of small businesses bring in what DSS calls “Consultants” to work on classified contracts. In the business world, we use different language. We call them “Independent Contractors” or “1099 personnel”. It’s the same thing. “Consultant” is the NISPOM title for any non-W2 personnel who are utilized as employees for various classified contract work.
This is usually an easy section to complete for the selfinspection,
but you have to follow the rules:
“I work hard at making the FSO’s job as difficult as
possible, and I enjoy it.- Bob (Classic Bob)
1. Each IC, 1099, or consultant has to jointly-execute the DSS Consultant Certificate identified in NISPOM 2 -212 which outlines the requirements of the consultant and what they can and cannot do. “Sign your form, Bob!“
2. Each Consultant must be a self-incorporated owner of the company. It is PROHIBITED for companies to support the clearances for employees of an un-cleared company. In short, you cannot manage the clearances of three employees from “Acme, Inc.” just because Acme, Inc. is uncleared. Your organization will have to sponsor Acme’s clearance or pay each person as an Independent Contract. “We cut the check to BobWorld, LLC, not Acme.”
3. Each IC in your organization’s JPAS should definitely participate in your Security Education program – newsletters, job aids, events and most of all – NISPOM-required briefings! “Do your briefing, Bob!”
4. Finally, know the difference between “servicing” and “owning” relationships in JPAS for your ICs. If your organization is going to be responsible for their clearance actions, you should “own” them in JPAS. If your organization is going to utilize them on a contract but another organization is responsible for their clearance, you should take a “servicing” relationship with them in JPAS. “We own you Bob – now, do your eQIP!”
5. Having Bob participate in this year’s Secret Santa … well, that is on you.
If you are unclear of the status of your personnel, check with HR or Payroll for clarification.
Wrong kind of briefings. We apologize for the
outrageous nature of this photo.
EEEK! FSO Office of Horrors! And other ideas for fun Security Training!
Each year around this time, we like to take advantage of the “spooky” season with some fun security “events”. Here are a few ideas:
=> Costumes! Hand out prizes for those who show up in securityrelated costumes: Police, Spies, SuperHeroes, Detectives, Infamous Criminals, etc. Take pictures and post them on your social media or company shared drives.
=> Create an “Office of Security Horrors” – fill an empty area or office with (FAKE!!) security violations such as: computer screen left up; access card out in the open; sensitive (FAKE!!) information left un-secured, office unlocked, keys un-attended … on an on. Have personnel go in and see how many they can spot in a certain amount of time. If your employees are offsite – take a picture and send it to them. Ask them how many “security” violations they can spot!
=> CyberSecurity Month – October is CyberSecurity Month. DSS has some great “security shorts” that offer videos and quizzes to entertain and educate your team on Spyware, data spills, personal devices, wireless hackers, Insider Threat …. the list goes on! Send them out to your team for quick but effective reviews!
Is this how hacking works?
by FSO PRO
Get Ready to Plan your Best Year Yet!
FSO PRO is preparing to sell the “Ultimate FSO Planner” this December.
However, if you are a member of our “FSO PRO” club, you will get monthly
planner printables for FREE.
Also with the members club:
- Company newsletter for your team.
- Free worksheets, checklists, and planner items.
- Announcements and text alerts.
- Audios of key NISPOM items to review conveniently.
- Contests with Prizes for FSOs.
To join the “FSO Superhero” club go to: https://www.thefsopro.com/shop/ .