Presentation is loading. Please wait.

Presentation is loading. Please wait.

Section Five: Security Inspections and Reviews Note: All classified markings contained within this presentation are for training purposes only.

Published byOsborn Webb Modified over 8 years ago

Similar presentations

Presentation on theme: "Section Five: Security Inspections and Reviews Note: All classified markings contained within this presentation are for training purposes only."— Presentation transcript:

1 Section Five: Security Inspections and Reviews Note: All classified markings contained within this presentation are for training purposes only.

2 {Company} is a cleared defense contractor with {Confidential, Secret, or Top Secret} facility security clearance (FCL) – As such, we are subject to both scheduled and un-scheduled inspections by various government agencies and other entities to include:  Defense Security Service  Various Intelligence Community Agencies  Department of Justice  Corporate Security Audit Team  Other special customers Inspections ensure that security procedures, methods, and physical safeguards are adequate and in compliance with government and/or {Company} security regulations Security Inspections and Reviews Purpose

3 Government Inspections – The Security Department continuously works with personnel to prepare for Government inspections  Review security container holdings  Review end-of-day checks  Closed Area documentation Self Inspections – Go above and beyond Government Inspections to ensure we are meeting all requirements Information Systems Security Reviews (Included in Government and Self reviews) ‒All Classified Information Systems inspected annually Note: PII review is a component of all security inspections Security Inspections and Reviews Types

4 Security Inspections and Reviews What should you expect? Government inspections include a review of: – Public Release Reviews – Subcontractor DD254s – Consultant Purchase Orders – Visit Requests – Courier letters – Security Containers and Holdings – System Security Plans – Audits and Logs Interviews with personnel – Security Container Assessment (if applicable)

5 Have you been involved in a security violation? When was the last time you have had security education? What level security clearance do you have? How do you use your security clearance? What is adverse information? What are some things that must be reported? Who do you report adverse information to? Are you part of an end-of-day security check? If yes, do you know what it consists of? Have you traveled locally or abroad for {Company}? If yes, did it include hand-carrying classified material? Do you know what the classified hand-carrying process is? Security Inspections and Reviews Types of questions that will be asked

6 Security Inspections and Reviews Information everyone should know You are required to obtain and maintain a DoD security clearance while employed at the {Company} Know your security clearance level – In process, Interim Secret, Secret, and Top Secret Know how you use or can use your security clearance – Classified activities and work (i.e., Classified meetings or presentations, hand-carrying, classified projects, etc.) – Never say “I do not have a need for my clearance” Education is provided daily, weekly, and annually through different means – Publications, posters, emails, presentations, courses, etc.

7 Ensure relevant portions of System Security Plan (SSP) are available – Have documentation for the following on hand  Profile  System Requirements Specification ( SRS)  Hardware and software listing (Current and Past)  Up-to-date, signed and relevant U ser Briefing Statements and accounts  Configuration Management Record  Audit Log Review  Hardware sanitization records  Records of degaussed hard drives  Seal log – Copies of the most current accreditation letter and system additions Security Inspections and Reviews Records to maintain and have available

8 Auditing ‒Know procedures for log file review and retention requirements ‒Unless specified and approved in the SSP, weekly audits are required Security Seals, Seal Log, and Sign-out Sheet –Seals must be placed over –Laptops hard drive to prevent tampering and to assist visual inspection –IR ports and unused network ports –The Security Seal Log should record location and serial number of the seal –Sign-out sheet used to maintain accountability and must be used for systems with more than one user Periods Processing –Proper start-up and shut-down procedures must be documented and accounted for Trusted Downloading –Users trained and approved for trusted downloading must be identified on the User Briefing statement  Listed users may be asked to demonstrate Trusted Downloading –Specific approved procedures and file types used during Trusted Downloading must be identified within the SSP Security Inspections and Reviews Records to maintain and have available (cont.)

9 Ensure system is configured as documented in SSP – User Accounts  Delete unnecessary accounts  Ensure User Briefing Statements are signed by the users of all active accounts  Verify that no Users have passwords set to ‘Never Expire’ – Antivirus  Definitions must be updated weekly or monthly at minimum  Document updates in configuration record – BIOS Settings  Password protect  Boot sequence should be set to only boot from the internal hard drive  Wireless, Bluetooth, IR and unnecessary ports disabled – Screensaver  All systems should have a password protected screensaver set to automatically engage after 15 minutes of inactivity Security Inspections and Reviews System Configurations

10 The Security Department centrally oversees and supports the Self Security Review Program for all {Company} facility activities ‒Assess the overall security posture for unclassified and collateral classified programs ‒The scope exceeds and offsets government assessment Methodology ‒Visit and discrepancies recorded and corrective action documented ‒Examples:  Self Security Review (industrial and information systems)  Information System (IS) Review  Dumpster and Recycle Program Audit  After Hours Review  Package Checks and Compliance  Personally Identifiable Information (PII) Review Security Inspections and Reviews Self Inspections

11 Scope: ‒Interviews are conducted with personnel to discuss their understanding of security responsibilities ‒Refresher briefings provided annually ‒Reviews consist of:  100% classified holding review  Administrative documentation  Closed/Restricted Areas documentation and compliance  IT Compliance  ITAR  Workplace Violence  EOD checks  Classified and Unclassified systems  Audit records  Personally Identifiable Information (PII) Security Inspections and Reviews Self Inspections (cont.)

Download ppt "Section Five: Security Inspections and Reviews Note: All classified markings contained within this presentation are for training purposes only."

Similar presentations

Software Quality Assurance Plan

Software Quality Assurance Plan
Introduction to Records Management Policy

Introduction to Records Management Policy
Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
EPA Regions 9 & 10 and The Federal Network for Sustainability 2005

EPA Regions 9 & 10 and The Federal Network for Sustainability 2005
Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
Software Quality Assurance Plan

Software Quality Assurance Plan
What’s the path to a SSP? Information System Profile Contractor: Lockheed Martin, Missiles and Fire Control Address: 1701 W. Marshall Dr. Grand Prairie,

What’s the path to a SSP? Information System Profile Contractor: Lockheed Martin, Missiles and Fire Control Address: 1701 W. Marshall Dr. Grand Prairie,
How to Document A Business Management System

How to Document A Business Management System
Responsibility Overview Upon Enrollment of a New Participant.

Responsibility Overview Upon Enrollment of a New Participant.
HOW TO PREPARE FOR A NATIONAL SECURITY INFORMATION INSPECTION 1 SECRET Updated 09/27/11 Security is Everyone's Responsibility – See Something, Say Something!

HOW TO PREPARE FOR A NATIONAL SECURITY INFORMATION INSPECTION 1 SECRET Updated 09/27/11 Security is Everyone's Responsibility – See Something, Say Something!
2010 Region II Conference Corporate Compliance Panel June 3, 2010

2010 Region II Conference Corporate Compliance Panel June 3, 2010
Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.

Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
EMS Auditing Definitions

EMS Auditing Definitions
1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.

1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.
REQUEST FOR PROPOSALS RFP #08-56 Project Management and Procurement Assistance Consultant for an Intelligent Transit System Solution (I.T.S.S.) October.

REQUEST FOR PROPOSALS RFP #08-56 Project Management and Procurement Assistance Consultant for an Intelligent Transit System Solution (I.T.S.S.) October.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
Information Systems Security Officer

Information Systems Security Officer

Similar presentations

Ads by Google