NISPOM_DoD Manual 5220.22-M (CH 1)
Hotline may be used as an alternate means to report information when considered _______________ or _______________.
1. Prudent 2. Necessary
Security reviews may be conducted not more often than once every _______________ unless special circumstances exist.
12 months
Implementation of changes to the NISPOM by contractors shall be effected no later than _____________________ from the date of the published change, with the exception of changes related to US-UK and US Australia (AUS) Treaty requirements, in Chapters 4 and 10, Section 8 of this Manual, which must be implemented immediately.
6 months
Contractors shall provide complete information to enable the CSA to ascertain whether classified information is ____________________.
Adequately protected
A corporate family may choose to establish a ______________________ insider threat program with one senior official designated to establish and execute the program.
Corporate-wide
What is the DoD Manual for NISPOM?
DoD Manual 5220.22-M
Federal agencies maintain _____________________________ to provide an unconstrained avenue for government and contractor employees to report, without fear of reprisal, known or suspected instances of serious security irregularities and infractions concerning contracts, programs, or projects.
Hotlines
The _________________ shall not detract from the authority of other applicable provisions of law, or the authority of any other Federal department or agency head granted according to U.S. statute or Presidential decree.
NISPOM
Each cleared legal entity using the corporate-wide Insider Threat Program Senior Official must ____________________ designate that person as the Insider Threat Program Senior Official for that legal entity.
Separately
Every effort will be made to avoid ______________________ into the personal effects of contractor personnel.
Unnecessary intrusion
The NISP was established by Executive Order (E.O.) 12829 (reference (a)) for the protection of information classified under what?
- E.O. 13526 (reference (b)) - or its successor or predecessor orders - and the Atomic Energy Act of 1954, as amended (reference (c)).
Responsible for prescribing that portion of the Manual that pertains to information classified under reference (c).
- Secretary of Energy - Chairman of NRC
Retain authority over access to information under their respective programs classified under reference (c), and may inspect and monitor contractor, licensee, certificate holder, and grantee programs and facilities that involve access to such information.
- Secretary of Energy - Chairman of NRC
The contractor shall implement _______________________ of the NISPOM at each of its _______________________.
1. All applicable terms 2. Cleared facilities
Waivers and exceptions will not be granted to impose more stringent protection requirements than the NISPOM provides for _________________, _________________, or _________________ information.
1. CONFIDENTIAL 2. SECRET 3. TOP SECRET
The contractor will retain the formal report for ________________ review through the next ________________ inspection.
1. CSA 2. CSA
All contractor requests for interpretations of the NISPOM shall be forwarded to the ____________ through its designated ____________.
1. CSA 2. CSO
Requests for interpretation by contractors located on any U.S. Government installation shall be forwarded to the _____________ through the _____________ or _____________.
1. CSA 2. Commander 3. Head of the Host installation
For one-person facilities, the current combination of the facility's security container shall be provided to the __________, or in the case of a multiple facility organization, to the __________.
1. CSA 2. Home Office
It is the obligation of each ________________ to inform industry of the applicable ________________.
1. CSA (Cognizant Security Agency) 2. CSO (Cognizant Security Offices)
Responsibility for security administration may be further delegated by a ____________________ to one or more ____________________.
1. CSA (Cognizant Security Agency) 2. CSO (Cognizant Security Offices)
Security reviews necessarily subject all ___________________ and all ___________________ and receptacles under the control of the contractor to examination.
1. Contractor employees 2. Areas
Provisions of the NISPOM do not apply to ___________________ and ___________________ contractors or their employees to release classified information in connection with any criminal proceedings.
1. Criminal proceedings in the courts 2. Do not authorize
Contractors shall submit reports to the ___________ and to their ___________ as specified in section 3 (Reporting Requirements) of the NISPOM.
1. FBI 2. CSA
Written procedures shall be prepared when the _____________ believes them to be necessary for effective implementation of this Manual or when the _____________ determines them to be necessary to reasonably exclude the possibility of loss or compromise of classified information.
1. FSO 2. CSA
Contractors shall establish such internal procedures as are necessary to ensure that cleared employees are aware of their responsibilities for reporting pertinent information to what organizations?
1. FSO 2. FBI 3. Other Federal authorities as required by the NISPOM, the terms of a classified contract, and U.S. law.
Contractors are required to report certain events that: impact the status of what?
1. Facility Clearance (FCL) 2. Personnel Security Clearance (PCL) 3. May indicate employee poses an insider threat 4. Affect proper safeguarding of classified information or indicate classified information has been lost or compromised
Contractors shall cooperate with ____________________ and their officially ____________________ during official inspections, investigations concerning the protection of classified information and during personnel security investigations of present or former employees and others.
1. Federal Agencies 2. Credentialed Representatives
A contractor performing work within the confines of a __________________________ shall safeguard classified information according to the procedures of the __________________________.
1. Federal installation 2. Host Installation or Agency.
The contractor will establish and maintain an insider threat program that will _______________, _______________, and _______________ relevant and available information indicative of a potential or actual insider threat, consistent with E.O. 13587 (reference (ac)) and the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs (reference (ad)), as required by the appropriate CSA.
1. Gather 2. Integrate 3. Report
Reference (a) requires the ____________________________ to enter into agreements with the Secretary of Defense as the Executive Agent for the NISP. This is designated by _____________________ guidance that establishes the terms of the Secretary's responsibilities on behalf of these agency heads.
1. Heads of Agencies 2. Presidential
Contractors shall provide security training as appropriate, according to Chapter 3, to cleared employees by ________________, ________________, and ________________.
1. Initial Briefings 2. Refresher Briefings 3. Debriefings
Each CSA is responsible for ensuring that __________________ and __________________ security review and audit activity of its contractors is held to a minimum, including such activity conducted at common facilities by other CSA's.
1. Redundant 2. Duplicative
Hotlines do not supplant contractor responsibility to facilitate ______________________ and ______________________ of security matters concerning its operations or personnel, and contractor personnel are encouraged to furnish information through established company channels.
1. Reporting 2. Timely investigation
Contractor will prepare a formal report describing the __________________, __________________, and __________________ of issues found.
1. Self-inspection 2. Its findings 3. Resolution
The FSO will __________________ and __________________ security measures necessary for implementing applicable requirements of this Manual and related Federal requirements for classified information.
1. Supervise 2. Direct
When the reports are _________________________ and _________________________, the Privacy Act of 1974 (5 U.S.C. 552a)(reference (l)) permits withholding of that information from the individual only to the extent that the disclosure of the information would reveal the identity of a source who furnished the information to the U.S. Government under an expressed promise that the identity of the source would be held in confidence.
1. Unclassified 2. Contain information pertaining to an individual
An initial report may be made by phone, but it must be followed in _____________, regardless of the disposition made of the report by the FBI. A copy of the written report shall be provided to the _____________.
1. Writing 2. CSA
The term ______________________ has the meaning provided in Title 5 United States Code (U.S.C.) Section 552(f) (reference (h)).
Agency Head
_____________________ security reviews of all cleared contractor facilities will be conducted to ensure that safeguards employed by contractors are adequate for the protection of classified information.
Aperiodic
The NISPOM is comprised of a _________________ portion (Chapters 1 through 11).
Baseline
The ___________ provides procedures for access to classified information by defendants and their representatives in criminal proceedings in U.S. District Courts, U.S. Courts of Appeal, and the U.S. Supreme Court.
CIPA (Classified Information Procedures Act)
Unannounced reviews may be conducted at the discretion of the ____________.
CSA
When the reports are classified or offered in confidence and so marked by the contractor, the information will be reviewed by the ___________ to determine whether it may be withheld from public disclosure under applicable exemptions of the Freedom of Information Act (5 U.S.C. 552) (reference (k)).
CSA
Who determines the frequency of security reviews, which may be increased or decreased consistent with risk management principles?
CSA
_________________________ addresses and telephone numbers are as follows: Defense Hotline The Pentagon Washington, DC 20301-1900 (800) 424-9098 U.S. Nuclear Regulatory Commission Office of the Inspector General Hotline Program, MS 05 E13 11555 Rockville Pike Rockville, MD 20852-2738 1-800-233-3497 TDD: 1-800-270-2787 DOE Hotline Department of Energy Office of the Inspector General 1000 Independence Avenue, S.W. Room SD-031 Washington, D.C. 20585 (202) 586-4073 (800) 541-1625 DNI Hotline Director of National Intelligence Office of the Inspector General Washington, D.C. 20511 (703) 482-2650
CSA hotline
Contractors are responsible for advising all _______________________, including those outside the United States, of their individual responsibility for safeguarding classified information.
Cleared Employees
Contractors shall report adverse information coming to their attention concerning any of their _________________________.
Cleared employees
The fact that a report is submitted in confidence must be _________________ on the report.
Clearly marked
The term __________________________________ denotes the Department of Defense (DoD), the Department of Energy (DOE), the NRC, and the DNI.
Cognizant Security Agency (CSA)
Contractors shall review their security system on a _________________________ and shall also conduct a formal self-inspection, including the self-inspection required by paragraph 8-101h of chapter 8 of this Manual, at intervals consistent with risk management principles.
Continuing Basis
The physical examination of the interior space of equipment not authorized to secure classified material will always be accomplished in the presence of a representative of the _______________________.
Contractor
The NISPOM applies to and shall be used by ______________________ to safeguard classified information released during all phases of the contracting, licensing, and grant process, including bidding, negotiation, award, performance, and termination.
Contractors
_____________________ shall protect all classified information to which they have access or custody.
Contractors
What includes providing suitable arrangements within the facility for conducting private interviews with employees during normal working hours, providing relevant employment and security records and records pertinent to insider threat (e.g., security, cybersecurity and human resources) for review when requested, and rendering other necessary assistance?
Cooperation
Self-inspections by contractors will include the review of representative samples of the contractor's __________________________________ actions, as applicable.
Derivative classification
Instances of redundant and duplicative security review and audit activity shall be reported to the _____________________________ for resolution.
Director of ISOO
Who will consider and take action on complaints and suggestions from persons within or outside the Government with respect to the administration of the NISP?
Director of Information Security Oversight Office (ISOO)
For purposes of the NISPOM, the ______________ may inspect and monitor contractor, licensee, and grantee programs and facilities that involve access to such information.
Director of National Intelligence (DNI)
Requests for interpretation of Director of Central Intelligence Directives (DCIDs) shall be forwarded to the ____________ through approved channels.
Director of National Intelligence (DNI)
Retains authority over access to intelligence sources and methods, including SCI.
Director of National Intelligence (DNI)
Who is responsible for prescribing that portion of the Manual that pertains to intelligence sources and methods, including SCI?
Director of National Intelligence (DNI)
Who's responsibilities are derived from the National Security Act of 1947, as amended (reference (d)); Executive Order (EO) 12333, as amended (reference (e)); reference (b); and The Intelligence Reform and Terrorism Prevention Act (IRTPA) of 2004 (reference (f))?
Director of National Intelligence (DNI)
Until officially revised or canceled, the existing Carrier Supplement to the former "Industrial Security Manual for Safeguarding Classified Information" (reference (i)) will continue to be applicable to only what?
DoD-cleared facilities
The NISP was established by what Executive Order?
E.O. 12829
The contractor shall promptly submit a written report to the nearest field office of the ___________ regarding information coming to the contractor's attention concerning actual, probable or possible espionage, sabotage, terrorism, or subversive activities at any of its locations.
FBI
The contractor shall appoint a U.S. citizen employee, who is cleared as part of the facility clearance (FCL) to be the ________________.
Facility Security Officer (FSO)
This Insider Threat Program Senior Official may also serve as what?
Facility Security Officer (FSO)
Consistent with paragraph 1-101e, security cognizance remains with each _________________________ or _______________________ unless lawfully delegated.
Federal department or agency
The designation of a CSO does not relieve any ___________________________________ of the responsibility to protect and safeguard the classified information necessary for its classified contracts, or from visiting the contractor to review the security aspects of such contracts.
Government Contracting Activity (GCA)
The contractor will designate a U.S. citizen employee, who is a senior official and cleared in connection with the FCL, to establish and execute an __________________________.
Insider Threat Program
If the designated senior official is not also the FSO, the contractor's ___________________________ will assure that the FSO is an integral member of the contractor's implementation program for an insider threat program.
Insider Threat Program Senior Official (ITPSO)
Nothing in the NISPOM affects the authority of the Head of an Agency to ___________, ___________, or ___________ access to classified information under its statutory, regulatory, or contract jurisdiction if that Agency Head determines that the security of the nation so requires.
Limit, Deny, or Revoke
Nothing in the _________________ shall be construed to supersede the authority of the Secretary of Energy or the Chairman of the NRC under reference (c). Nor shall this information detract from the authority of installation commanders under the Internal Security Act of 1950 (reference (g)); or the authority of the DNI under reference (f).
NISPOM
What controls the authorized disclosure of classified information released by U.S. Government Executive Branch Departments and Agencies to their contractors?
NISPOM
What implements applicable Federal statutes, E.O.s, national directives, international treaties, and certain government-to-government agreements?
NISPOM
What is available on the Internet from the DoD Issuances Website at http://www.dtic.mil/whs/directives?
NISPOM
What is issued in accordance with the National Industrial Security Program (NISP)?
NISPOM
What prescribes the procedures, requirements, restrictions, and other safeguards to protect special classes of classified information, including Restricted Data (RD), Formerly Restricted Data (FRD), intelligence sources and methods information, Sensitive Compartmented Information (SCI), and Special Access Program (SAP) information?
NISPOM
What prescribes the requirements, restrictions, and other safeguards to prevent unauthorized disclosure of classified information?
NISPOM
The portion of the NISPOM that prescribes requirements, restrictions, and safeguards that exceed the baseline standards, such as those necessary to protect special classes of information, is included in what?
NISPOM Supplement (NISPOMSUP).
Who is responsible for providing overall policy direction for the NISP?
National Security Council (NSC)
The NISPOM applies to classified information ________________________ under a contract, license, certificate or grant, and to foreign government information furnished to contractors that requires protection in the interest of national security.
Not Released
Contractors will normally be provided ______________ of a forthcoming review.
Notice
A facility at which only one person is assigned shall establish procedures for CSA notification after death or incapacitation of that person. What does this describe?
One-Person Facilities
Appropriate intra and/or inter-agency agreements shall be executed to avoid what?
Redundant and duplicate reviews.
Contractors shall inform all employees that the hotlines may be used, if necessary, for what?
Reporting matters of national security significance.
When submitting a ___________________, the contractor shall specify, in writing, the reasons why it is impractical or unreasonable to comply with the requirement.
Request for Waiver
Who has been designated Executive Agent for the NISP by the President?
Secretary of Defense
Who has entered into agreements with the departments and agencies listed below for the purpose of rendering industrial security services?
Secretary of Defense
Who serves as Executive Agent for inspecting and monitoring contractors, licensees, grantees, and certificate holders who require or will require access to, or who store or will store classified information; and for determining the eligibility for access to classified information of contractors, licensees, certificate holders, and grantees and their respective employees.
Secretary of Defense
Who is responsible for the issuance and maintenance of the NISPOM?
Secretary of Defense, in consultation with all affected agencies and with the concurrence of the Secretary of Energy, the Chairman of the Nuclear Regulatory Commission (NRC) and the Director of National Intelligence (DNI)
The Secretary of Defense, the Secretary of Energy, the DNI and the Chairman, NRC, may delegate any aspect of ________________________________ regarding classified activities and contracts under their purview within the CSA or to another CSA.
Security Administration
The FSO, or those otherwise performing security duties, shall complete _____________________ as specified in Chapter 3 and as deemed appropriate by the CSA.
Security Training
_________________________ will be related to the activity, information, information systems (ISs), and conditions of the overall security program, to include the insider threat program; have sufficient scope, depth, and frequency; and management support in execution and remedy.
Self-inspections
A ____________________________________________ at the cleared facility will certify to the CSA, in writing on an annual basis, that a self-inspection has been conducted, that senior management has been briefed on the results, that appropriate corrective action has been taken, and that management fully supports the security program at the cleared facility.
Senior Management Official
The NISPOM does not contain protection requirements for ___________________________.
Special Nuclear Material
TRUE or FALSE: "Releasability and Effective Date" (1-108) is effective as of February 28, 2006.
TRUE
Who is responsible for implementing and monitoring the NISP and for issuing implementing directives that shall be binding on agencies?
The Director of Information Security Oversight Office (ISOO)
What type of requests shall be submitted by industry through government channels approved by the CSA?
Waivers and Exceptions
