SPēD SFPC: All Areas Exam
Questions and Answers
The three categories of
Special Access Programs - ANSWER-acquisition, intelligence, and operations and
support
Three different types
of threats to classified
information - ANSWER-Insider Threat, Foreign Intelligence Entities (FIE) and
Cybersecurity Threat
The concept of an insider threat - ANSWER-An employee who may represent a threat
to
national security. These threats encompass potential espionage, violent acts against the
Government or the nation, and unauthorized disclosure of classified information,
including the vast amounts of classified data available on interconnected United States
Government computer networks and systems.
The purpose of the
Foreign Visitor Program - ANSWER-To track and approve access by a foreign entity to
information that is classified; and to approve access by a foreign entity to information
that is unclassified, related to a U.S. Government contract, or plant visits covered by
ITAR.
Special Access
Program - ANSWER-A program established for a specific class of
classified information that imposes safeguarding and access requirements that exceed
those normally required for information at the same classification level.
Enhanced security requirements for protecting Special Access Program (SAP)
information - ANSWER-Within Personnel Security:
• Access Rosters;
• Billet Structures (if required);
• Indoctrination Agreement;
• Clearance based on an appropriate investigation completed within the last 5
years;
• Individual must materially contribute to the program in addition to having the
need to know;
• All individuals with access to SAP are subject to a random counterintelligence scope
polygraph examination;
• Polygraph examination, if approved by the DepSecDef, may be used as a
mandatory access determination;
,• Tier review process;
• Personnel must have a Secret or Top Secret clearance;
• SF-86 must be current within one year;
• Limited Access;
• Waivers required for foreign cohabitants, spouses, and immediate family
members.
Within Industrial Security:
The SecDef or DepSecDef can approve a carve-out provision to relieve Defense
Security Service of industrial security oversight responsibilities.
Within Physical Security:
• Access Control;
• Maintain a SAP Facility;
• Access Roster;
• All SAPs must have an unclassified nickname/ Codeword (optional).
Within Information Security:
• The use of HVSACO;
• Transmission requirements (order of precedence).
Principle incident/
events required to be reported to DoD counterintelligence (CI) organizations -
ANSWER-espionage, sabotage, terrorism, cyber
Indicators of insider threats - ANSWER-1. Failure to report overseas travel or contact
with foreign nationals
2. Seeking to gain higher clearance or expand access outside the job scope
3. Engaging in classified conversations without a need to know
4. Working hours inconsistent with job assignment or insistence on working in private
5. Exploitable behavior traits
6. Repeated security violations
7. Attempting to enter areas not granted access to
8. Unexplainable affluence/living above one's means
9. Anomalies (adversary taking actions which indicate they are knowledgeable to
information)
10. Illegal downloads of information/files
Elements that
should be considered in
, identifying Critical Program
Information - ANSWER-Elements which if compromised could:
1. cause significant degradation in mission effectiveness,
2. shorten the expected combat-effective life of the system
3. reduce technological advantage
4. significantly alter program direction; or
5. enable an adversary to defeat, counter, copy, or reverseengineer the technology or
capability.
asset, threat, vulnerability, risk, countermeasures - ANSWER-Elements that a
security professional should
consider when assessing and
managing risks to DoD assets
Responsibilities of the Government SAP Security Officer/Contractor Program
Security Officer (GSSO/
CPSO) - ANSWER-From Revision 1 Department of Defense Overprint to the National
Industrial Security Program Operating Manual Supplement - 1 April
2004:
• Possess a personnel clearance and Program access at least equal to
the highest level of Program classified information involved.
• Provide security administration and management for his/her
organization.
• Ensure personnel processed for access to a SAP meet the prerequisite
personnel clearance and/or investigative requirements specified.
• Ensure adequate secure storage and work spaces.
• Ensure strict adherence to the provisions of the NISPOM, its
supplement, and the Overprint.
• When required, establish and oversee a classified material control
program for each SAP.
• When required, conduct an annual inventory of accountable
classified material.
• When required, establish a SAPF.
• Establish and oversee a visitor control program.
• Monitor reproduction and/or duplication and destruction capability
of SAP information
• Ensure adherence to special communications capabilities within the
SAPF.
• Provide for initial Program indoctrination of employees after their
access is approved; rebrief and debrief personnel as required.
• Establish and oversee specialized procedures for the transmission of
SAP material to and from Program elements
• When required, ensure contractual specific security requirements
such as TEMPEST Automated Information System (AIS), and
Operations Security (OPSEC) are accomplished.
• Establish security training and briefings specifically tailored to the
Questions and Answers
The three categories of
Special Access Programs - ANSWER-acquisition, intelligence, and operations and
support
Three different types
of threats to classified
information - ANSWER-Insider Threat, Foreign Intelligence Entities (FIE) and
Cybersecurity Threat
The concept of an insider threat - ANSWER-An employee who may represent a threat
to
national security. These threats encompass potential espionage, violent acts against the
Government or the nation, and unauthorized disclosure of classified information,
including the vast amounts of classified data available on interconnected United States
Government computer networks and systems.
The purpose of the
Foreign Visitor Program - ANSWER-To track and approve access by a foreign entity to
information that is classified; and to approve access by a foreign entity to information
that is unclassified, related to a U.S. Government contract, or plant visits covered by
ITAR.
Special Access
Program - ANSWER-A program established for a specific class of
classified information that imposes safeguarding and access requirements that exceed
those normally required for information at the same classification level.
Enhanced security requirements for protecting Special Access Program (SAP)
information - ANSWER-Within Personnel Security:
• Access Rosters;
• Billet Structures (if required);
• Indoctrination Agreement;
• Clearance based on an appropriate investigation completed within the last 5
years;
• Individual must materially contribute to the program in addition to having the
need to know;
• All individuals with access to SAP are subject to a random counterintelligence scope
polygraph examination;
• Polygraph examination, if approved by the DepSecDef, may be used as a
mandatory access determination;
,• Tier review process;
• Personnel must have a Secret or Top Secret clearance;
• SF-86 must be current within one year;
• Limited Access;
• Waivers required for foreign cohabitants, spouses, and immediate family
members.
Within Industrial Security:
The SecDef or DepSecDef can approve a carve-out provision to relieve Defense
Security Service of industrial security oversight responsibilities.
Within Physical Security:
• Access Control;
• Maintain a SAP Facility;
• Access Roster;
• All SAPs must have an unclassified nickname/ Codeword (optional).
Within Information Security:
• The use of HVSACO;
• Transmission requirements (order of precedence).
Principle incident/
events required to be reported to DoD counterintelligence (CI) organizations -
ANSWER-espionage, sabotage, terrorism, cyber
Indicators of insider threats - ANSWER-1. Failure to report overseas travel or contact
with foreign nationals
2. Seeking to gain higher clearance or expand access outside the job scope
3. Engaging in classified conversations without a need to know
4. Working hours inconsistent with job assignment or insistence on working in private
5. Exploitable behavior traits
6. Repeated security violations
7. Attempting to enter areas not granted access to
8. Unexplainable affluence/living above one's means
9. Anomalies (adversary taking actions which indicate they are knowledgeable to
information)
10. Illegal downloads of information/files
Elements that
should be considered in
, identifying Critical Program
Information - ANSWER-Elements which if compromised could:
1. cause significant degradation in mission effectiveness,
2. shorten the expected combat-effective life of the system
3. reduce technological advantage
4. significantly alter program direction; or
5. enable an adversary to defeat, counter, copy, or reverseengineer the technology or
capability.
asset, threat, vulnerability, risk, countermeasures - ANSWER-Elements that a
security professional should
consider when assessing and
managing risks to DoD assets
Responsibilities of the Government SAP Security Officer/Contractor Program
Security Officer (GSSO/
CPSO) - ANSWER-From Revision 1 Department of Defense Overprint to the National
Industrial Security Program Operating Manual Supplement - 1 April
2004:
• Possess a personnel clearance and Program access at least equal to
the highest level of Program classified information involved.
• Provide security administration and management for his/her
organization.
• Ensure personnel processed for access to a SAP meet the prerequisite
personnel clearance and/or investigative requirements specified.
• Ensure adequate secure storage and work spaces.
• Ensure strict adherence to the provisions of the NISPOM, its
supplement, and the Overprint.
• When required, establish and oversee a classified material control
program for each SAP.
• When required, conduct an annual inventory of accountable
classified material.
• When required, establish a SAPF.
• Establish and oversee a visitor control program.
• Monitor reproduction and/or duplication and destruction capability
of SAP information
• Ensure adherence to special communications capabilities within the
SAPF.
• Provide for initial Program indoctrination of employees after their
access is approved; rebrief and debrief personnel as required.
• Establish and oversee specialized procedures for the transmission of
SAP material to and from Program elements
• When required, ensure contractual specific security requirements
such as TEMPEST Automated Information System (AIS), and
Operations Security (OPSEC) are accomplished.
• Establish security training and briefings specifically tailored to the
