Welcome to the Mississippi State University 2010 Annual Security Refresher
Briefing.
The annual security refresher briefing is required by the Department of Defense manual
5220.22-M, the National Industrial Security Program Operating Manual, for all personnel
that possess a security clearance. Consequently all individuals who possess MSUsponsored clearances must receive refresher briefings at 12-month intervals. These
briefings reinforce and update awareness of DOD safeguards and security policies and
remind individuals of their security responsibilities.
A security clearance is a privilege, not a right. When you accept the privilege of access
to classified information, you are also accepting the responsibilities that accompany this
privilege.
This is lifelong responsibility.
CONTENTS
1.
2.
3.
4.
Clearance Debriefing
U.S. Government Hot Line Information
Reporting Requirements for Cleared Individuals
DOD Policy Encryption of Unclassified Sensitive Data at Rest on Mobile
Computing Devices and Removable Storage Media
5. Clearance Requests & Retention
6. Briefing Acknowledgement
1. Clearance Debriefing
The National Industrial Security Program Operating Manual or NIPSOM states in Chapter 3,
section 3-108 that “Contractors shall debrief cleared employees at the time of termination of
employment (discharge, resignation, or retirement) ; when an employee’s personal clearance is
terminated, suspended, or revoked; and upon termination of the facility clearance.”
Consequently when you no longer have the need for your security clearance for whatever reason,
the contract on which you were working that required a clearance has been completed or you are
leaving MSU employment, etc. it is your responsibility to notify the Facility Security Office so a
debriefing can be scheduled.
Your clearance and/or access can be reinstated within 2 years after it was removed. If you are
outside of the 2-year window then you will have to go through the entire security clearance
process again. This information is for collateral clearances only, for the SAP (Special Access
Program(s) and SCI (Sensitive Compartmented Information) the rules are different.
Contact the FSO if you are in doubt about when to debrief.
1
2. U.S. Government Hotline Information
Federal agencies maintain hotlines to provide an unconstrained avenue for government and
contractor employees to report, without fear of reprisal, known or suspected instances of serious
security irregularities and infractions concerning contracts, programs, or projects. These hotlines
do not supplant contractor responsibility to facilitate reporting and timely investigation of security
matters concerning its operations or personnel, and contractor personnel are encouraged to
furnish information through established channels. However, the hotline may be used as an
alternate means to report this type of information when considered prudent or necessary.
The DOD Hotline address, telephone number & Internet info is as follows:
Defense Hotline
The Pentagon
Washington, DC 20301-1900
(800) 424-9098
E-mail: hotline@dodig.osd.mil
Web: http://www.dodig.osd.mil/hotline
Other Hotline numbers:
Federal Bureau of Investigation
The FBI has 56 field offices – Columbus, MS (662) 328-5299
Defense Department
1-800-424-9098, (703) 693-5080
Defense Security Service (DSS)
(256) 876-1548 Huntsville Field Office
Defense Intelligence Agency
(703) 907-1307
National Security Agency
(301) 688-6911
Department of Army
1-800-CALLSPY
Naval Criminal investigative Service
1-800-543-NAVY
Air Force Office of Special Investigations
(202)767-5199
Central Intelligence Agency
Office of the Inspector General
(703) 874-2600
2
Department of State
Bureau of Diplomatic Security
(202) 663-0739
When traveling overseas, suspect incidents should be reported to the Regional Security Officer
(RSO) or Post Security Officer (PSO) at the nearest U.S. diplomatic facility.
Department of Energy
(202) 586-1247
U.S. Nuclear Regulatory Commission
Office of the Inspector General
1-800-233-3497
3. Reporting Requirements for Cleared Individuals
All Cleared Personnel Have the Following Reporting Responsibilities:
1. Adverse Information
Adverse information is any information that adversely reflects on the integrity or
character of a cleared employee, which suggests that his/her ability to safeguard
classified information may be impaired, or that his/her access to classified
information clearly may not be in the interests of national security. You must report
the following types of information about yourself or other employees:
 arrests or convictions for criminal offenses including drunk driving;
 financial difficulties, including bankruptcy, excessive indebtedness, and wage
garnishments;
 bizarre or notorious behavior;
 alcoholism, use of illegal drugs, or abuse of legal drugs;
 emotional or psychological problems requiring treatment or hospitalization;
 affluence (wealth, acquisitions, investments) beyond known sources of
income.
2. Change in Personal Status
If you have a collateral CONFIDENTIAL, SECRET, or TOP SECRET clearance, you
must report:
 a change in name;
 a change in marital status (i.e., marriage or divorce);
 a change in citizenship;
 when access to classified information is no longer required due to a change
in job assignments.
Note that if you have access to SAP/SAR/SCI or National Programs, you must report
other changes in personal status including family deaths and births, change of
address, and inheritances.
3. Representative of a Foreign Interest (RFI)
You must report when you begin to act as a representative of or consultant to any
foreign entity, including a government, a government agency, a commercial
business, or a person.
4. Security Violations/Vulnerabilities
3
You must report any known or suspected security violation or vulnerability of which
you become aware, independent of who is responsible or at fault for the situation.
Security violations/vulnerabilities include:
 the careless or unintentional failure to comply with security requirements for
safeguarding classified information;
 the intentional disregard of security requirements;
 any failure to comply with security requirements, regardless of intent, that has
resulted in the loss, compromise, or suspected compromise of classified
information;
 the unauthorized receipt of classified material;
 significant vulnerabilities discovered in equipment or systems designed to protect
classified information.
5. Suspicious Contacts
You must report:
 any efforts by any individual, regardless of nationality, to obtain illegal or
unauthorized access to classified information or to compromise any cleared
employee;
 any contact by a cleared employee with known or suspected intelligence officers
from any country;
 any contact which suggests you or another employee may be the target of an
attempted exploitation by the intelligence services of another country.
All reports should be made to the Mississippi State University Facility Security
Office. Also if you have any policy concerns with any of the above Reporting
Requirements contact the Facility Security Office, telephone 662-325-8682 and email, nelewis@fso.msstate.edu
4. DOD Policy – Encryption of Unclassified Sensitive Data at Rest on Mobile
Computing Devices and Removable Storage Media
The policy and Frequently Asked Questions document regarding the encryption of
unclassified sensitive data at rest on mobile computing devices and removable storage
can be found by accessing the following links, DOD Memo Encryption for Data at
Rest.pdf and faq_dar_encryption_policy_memo_18mar08_update-6_final.docx
The DOD originally targeted Personally Identifiable Information or PII, since the DOD
had numerous incidents of losing, the stealing or just downright negligence of not
sanitizing before disposal of mobile computing devices and removable storage media.
Since the trend is towards utilizing highly mobile computing devices and removable
storage media the DOD was also concerned about unclassified data that may be
contained on these devices. This is why they decided to go the extra step and encrypt
all unclassified sensitive data which is defined as “any data that has not been authorized
by the DOD for public release.”
For now this pertains to DOD data and information only, however it is good security
practice to protect any sensitive data whether it is U.S Government, commercial industry
4
or MSU owned. Also remember this is unclassified data or information. When it comes
to classified data or information the rules and regulations are much stricter.
If there are any questions, please contact the FSO.
6. Clearance Requests & Retention
Per the National Industrial Security Program Operating Manual, better known as the
NISPOM section 2-200 d:
“The contractor shall limit requests for personal clearance levels (PCLs) to the minimal
number of employees necessary for operational efficiency, consistent with contractual
obligations and other requirements of this Manual. Requests for PCLs shall not be
made to establish “pools’ of cleared employees.”
This can also be stated as, “Am I actively engaged in a contract or other university
obligation that requires me to have a security clearance?” If the answer is no, then you
need to have your access removed. The key word in the preceding sentence is
“access”. Your security clearance never really goes away just your access to classified
information is what is cancelled.
Security Clearance + Need to Know = Access
Please take the time to review your security clearance requirement. Ask yourself the
following questions:


Am I actively engaged in a contract that requires a security clearance?
Do I require a security clearance to represent MSU in classified meetings,
presentations, seminars, etc. that are actively benefiting the university?
When in doubt, or if have questions, please contact the FSO.
7. BREIFING ACKNOWLEDGEMENT
Please email Neil Lewis (nelewis@fso.msstate.edu) to acknowledge that you have read
this version of the ORED/FSO Security Refresher Briefing. Include the following
statement in the body of your message:
I acknowledge that I have received and read the 2010 ORED/FSO Annual Security
Refresher Briefing in compliance with U.S. Department of Defense security training
requirements.
It is important to include your name after the above statement.
I will be contacting you if your email statement is not received by the time stated in the
email notifying you of the annual security refresher requirement. If there are any
questions please do not hesitate to contact me.
5
6