| Reading the National Industrial Security Program | | | | not the organization is capable of providing |
| Operating Manual (NISPOM) will certainly have one | | | | continuous protection of classified information |
| learning new jargon and acronyms necessary to | | | | while following the guidance of the Department of |
| becoming fluent in Industrial Security Professional | | | | Defense. This would work in similar circumstances |
| language. Throughout the exam there are | | | | within each federal agency. The CSA is primarily |
| questions referring to roles of government | | | | concerned with administering clearances and |
| agencies. Such questions concern which | | | | oversight. They support the stipulations of the |
| organization has oversight, which organization | | | | GCA. |
| would a security manager report a particular | | | | The GCA is appointed by a federal agency to |
| incident to, or which organization inspects a certain | | | | handle all acquisition functions. They provide |
| security program. The answer could be any | | | | contract support between the government |
| possibility such as government contracting agency | | | | agency and contractor. In our DoD example, the |
| (GCA), general services administration (GSA), | | | | GSA provides contractual support to the defense |
| Cognizant Security Agency (CSA), or any other | | | | contractor from the DoD. The GCA also provides |
| acronym of a critical federal organization listed in | | | | the stipulations of the contract include the |
| the NISPOM. | | | | statement of work, DD Form 254, and other |
| Consider the letters CSA which stand for | | | | guidance on how to perform the classified work. |
| Cognizant Security Agency. This acronym appears | | | | The GCA is also an approval authority for any |
| 250 times throughout the NISPOM between | | | | classified performance taking place between |
| chapters one and eleven. The multiple listings | | | | agencies and governments. The GCA is |
| pretty much conclude that the CSA plays an | | | | concerned with supporting and administering |
| important role in managing the National Industrial | | | | specifics of a contract. The GCA provides the |
| Security Program. This is also one of those | | | | guidance that the CSA will monitor. |
| acronyms that a potential Industrial Security | | | | The GSA approves equipment used in support of |
| Professional must know to successfully pass the | | | | the security and mission. Locks, security |
| Industrial Security Professional Certification exam. | | | | containers, overnight delivery services and etc are |
| Primary questions a security manager should be | | | | approved for use by the general services |
| able to describe are: What is a Cognizant Security | | | | administration. |
| Agency (CSA)? How does the Cognizant Security | | | | Let's check your knowledge: |
| Office (CSO) fit in? To answer those questions, | | | | 1. Which organization would provide direction as to |
| we can go to the source. However, I will answer | | | | how classified information is disseminated (USPS, |
| them here. The CSAs are four primary federal | | | | Overnight delivery, courier):a. GCAb. NSAc. GSAd. |
| agencies. They have cognizance or oversight | | | | CSA |
| authority over their own federal organizations. | | | | Remember that all classified work is stipulated by |
| The CSAs are the Department of Defense, | | | | the contract. The GCA is the organization |
| Department of Energy, Nuclear Regulatory | | | | responsible for providing the specifics of how to |
| Commission and the Central Intelligence Agency. | | | | perform on the contract. The answers can be |
| Each of the federal organizations has authority | | | | found in the statement of work, DD Form 254, |
| and oversight over their own organizations. Each | | | | or the security classification guide. Questions |
| agency can delegate oversight to any office | | | | concerning performance and specifics of a |
| within their federal organization or to another | | | | contract will point to the GCA. |
| CSA. The CSAs have Cognizant Security Offices | | | | 2. Which organization would an FSO report loss, |
| (CSO) that take care of administrative functions. | | | | compromise or suspected compromise?a. CSAb. |
| The CSAs are identified with their CSOs as | | | | GSAc. CIAd. GCA |
| follows: | | | | The answer is CSA. The Cognizant Security |
| CSA: Department of Defense | | | | Agency provides oversight of the contractor |
| CSO: Defense Security Services (DSS) | | | | protecting the federal agency's classified |
| CSA: Department of Energy | | | | information. All questions concerning oversight |
| CSO: Department of Energy Field Offices | | | | belong to the CSA. |
| Safeguards and Security Divisions | | | | 3. Which organization provides a list of authorized |
| CSA: Central Intelligence Agency | | | | overnight delivery services?a. CSAb. GCAc. NSAd. |
| CSO: Contract Officer's Security Representative | | | | GSA |
| (COSR) | | | | Many questions concerning approved products or |
| CSA: Nuclear Regulatory Commission | | | | services belong to GSA. |
| CSO: Offices within the Nuclear Regulatory | | | | Acronyms and jargon are part of any |
| Commission | | | | professional organization. The FSO, security |
| For example, the Facility Security Officer in a | | | | manager, security specialist and ISP certified |
| contractor organization under the Department of | | | | individuals not only understand the jargon, but |
| Defense (DoD) follows guidance of their CSA, the | | | | how it applies to protecting classified information |
| Department of Defense. Oversight and | | | | and implementing classified programs. The ISP |
| administrative functions are assigned to the DSS. | | | | candidate would do well to understand the broad |
| The DSS provides support to the contractor as | | | | and general roles of the GCA, CSA, GSA and |
| well as conducts analysis to determine whether or | | | | other agencies identified in NISPOM. |