DSS Oversight of AA&E Facilities

Similar documents
Department of Defense INSTRUCTION

Physical Security of Arms, Ammunition, and Explosives

Acquisitions and Contracting Basics in the National Industrial Security Program (NISP)

Introduction to Industrial Security, v3

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

DEFENSE SECURITY COOPERATION AGENCY WASHINGTON, DC

DEFENSE LOGISTICS. Enhanced Policy and Procedures Needed to Improve Management of Sensitive Conventional Ammunition

Department of Defense DIRECTIVE

Department of Defense INSTRUCTION

Contract Security Classification Specification. DD-254 Guidance

A Guide. Preparation. DD Form 254. for the. of a. National Classification Management Society. Defense Security Service

PREPARATION OF A DD FORM 254 FOR SUBCONTRACTING. Cal Stewart ISP

Naval Security Enterprise Newsletter

Munitions Support for Joint Operations

DEPARTMENT OF THE NAVY OFFICE OF THE CHIEF OF NAVAL OPERATIONS 2000 NAVY PENTAGON WASHINGTON, DC

Overview of Physical Security and Protective Measures

NAVSEA STANDARD ITEM CFR Part 61, National Emission Standards for Hazardous Air Pollutants

Subj: MISSING, LOST, STOLEN, OR RECOVERED (MLSR) GOVERNMENT PROPERTY REPORTS AND FINANCIAL LIABILITY INVESTIGATION OF PROPERTY LOSS, DD FORM 200

Ammunition Peculiar Equipment

GAO INDUSTRIAL SECURITY. DOD Cannot Provide Adequate Assurances That Its Oversight Ensures the Protection of Classified Information

The DD254 & You (SBIR)

UNIFIED FACILITIES GUIDE SPECIFICATIONS

SECURITYFACTS IN THIS ISSUE:

Ammunition and Explosives related Federal Supply Classes (FSC)

U.S. ARMY SERGEANTS MAJOR ACADEMY (FSC-TATS) PRERESIDENT TRAINING SUPPORT PACKAGE

Chemical Biological Defense Materiel Reliability Program

A udit R eport. Office of the Inspector General Department of Defense. Report No. D October 31, 2001

OFFICE OF THE INSPECTOR GENERAL FUNCTIONAL AND PHYSICAL CONFIGURATION AUDITS OF THE ARMY PALADIN PROGRAM

Report No. D May 14, Selected Controls for Information Assurance at the Defense Threat Reduction Agency

Procedure Number: Procedure: Weapons on Campus Effective Date: 03/01/2017 Revision Date: 03/01/2017 Approved by: Scott Forshee, Chief of Police

Defense Logistics Agency Instruction. Organic Manufacturing

Supplement 2 Department of Defense FAR Supplement (DFARS) Government Contract Provisions

Balancing Requirements

REPORT ON COST ESTIMATES FOR SECURITY CLASSIFICATION ACTIVITIES FOR 2005

Virginia Commonwealth University Police Department

Overview of Electronic Security Systems

IND 205 LESSON #11 DEMILITARIZE GOVERNMENT PROPERTY

Department of Defense INSTRUCTION

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

Report No. D September 25, Controls Over Information Contained in BlackBerry Devices Used Within DoD

DoD Countermine and Improvised Explosive Device Defeat Systems Contracts for the Vehicle Optics Sensor System

1. Definitions. See AFI , Air Force Nuclear Weapons Surety Program (formerly AFR 122-1).

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

McAlester Army Ammunition Plant

Industrial Security Program

Suggested Contractor File Folder Headings

Export-Controlled Technology at Contractor, University, and Federally Funded Research and Development Center Facilities (D )

RANGE 8A. Range 8A is an active; Light armor assault range located at Grid It is accessible from route 610.

Air Force Officials Did Not Consistently Comply With Requirements for Assessing Contractor Performance

Report No. D September 25, Transition Planning for the Logistics Civil Augmentation Program IV Contract

Department of Defense INSTRUCTION

Department of Defense MANUAL

Department of Defense MANUAL

Security Classification Guidance v3

NAVSEA STANDARD ITEM CFR Part 61, National Emission Standards for Hazardous Air Pollutants

Question Distractors References Linked Competency

ARMY

Procedural Guidance for Conducting DoD Classified Conferences

Department of Defense Defense Commissary Agency Fort Lee, VA DIRECTIVE. Records Management Program

Office of Inspector General

Army Needs to Improve Contract Oversight for the Logistics Civil Augmentation Program s Task Orders

MARINE CORPS ORDER A Administrative Change. Subj: PROCESSING CATALOGING ACTIONS REQUESTS (CAR)

Defense Security Service DELIVER! A Pamphlet On. How to Transmit and Transport Your Classified Materials. Prepared by

Revision of DoD Design Criteria Standard: Noise Limits (MIL-STD-1474) Award Winner: ARL Team

JAVELIN ANTITANK MISSILE

Report No. D February 9, Internal Controls Over the United States Marine Corps Military Equipment Baseline Valuation Effort

Department of Defense MANUAL

FSO Role in the NISP. Student Guide. Lesson 1: Course Introduction. Course Information. Course Overview

Personnel Clearances in the NISP

Standards in Weapons Training

FLORIDA DEPARTMENT OF JUVENILE JUSTICE POLICIES AND PROCEDURES

Appendix C DA Form 7632 Instructions

Table of Contents. I. Philosophy and Scope II. Definitions for the Purpose of this Policy and Procedures III. Exceptions...

DEFENSE SECURITY COOPERATION WASHINGTON, DC

Short Learning Programmes in Explosives Science and Engineering THE SCHOOL OF MECHANICAL AND NUCLEAR ENGINEERING RHEINMETALL DENEL MUNITION.

Kenosha Police Department Policy and Procedure Manual

DOD MANUAL , VOLUME 1 DOD MANAGEMENT OF ENERGY COMMODITIES: OVERVIEW

Program Information. March 2012

(Billing Code ) Defense Federal Acquisition Regulation Supplement: Defense. Contractors Performing Private Security Functions (DFARS Case

EXPLOSIVE ORDNANCE DISPOSAL

Project Manager Munitions Executive Summit

Defense Logistics Agency INSTRUCTION

DEPARTMENT OF DEFENSE (DFAR) GOVERNMENT CONTRACT PROVISIONS

COMPLIANCE WITH THIS PUBLICATION IS MANDATORY

Joint Electronics Type Designation Automated System

Department of Defense MANUAL

Assessment of the DSE 40mm Grenades

IMMEDIATE POLICY CHANGE

Department of Defense DIRECTIVE

(2) Identification of operations and activities where hazardous chemicals are used or stored.

Department of Defense INSTRUCTION. SUBJECT: Security of Unclassified DoD Information on Non-DoD Information Systems

Defense Federal Acquisition Regulation Supplement: Amendments. Related to Sources of Electronic Parts (DFARS Case 2016-D013)

Department of Defense DIRECTIVE

Blasting in Nova Scotia

UNCLASSIFIED. AUD-MERO Office of Audits March 2017

Department of Defense INSTRUCTION

September 02, 2009 Incorporating Change 3, December 1, 2011

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE

Transcription:

DSS Oversight of AA&E Facilities September 2017 Center for Development of Security Excellence

Lesson 1: Course Introduction Introduction Welcome The Department of Defense makes use of a wide variety of Arms, Ammunition, and Explosives, or AA&E, much of which is produced and stored by industry. Because the compromise, sabotage, theft, or misuse of AA&E has the potential to significantly jeopardize the safety and security of personnel and missions, at home and around the globe, the security and protection of AA&E is of critical importance. Welcome to the DSS Oversight of AA&E Facilities course. Objectives As an Industrial Security Representative, or IS Rep, you should be aware of your role and responsibilities regarding the AA&E program. This course will review both the pre-award security survey, or PASS, and the AA&E inspections that take place after contract award. The AA&E Inspection Form is a valuable tool for both surveys and inspections, and this course will review it in detail, along with key conduct and safety requirements for surveys and inspections. Here are the course objectives. Take a moment to review them. Identify the policies that authorize and support DSS oversight of AA&E Describe the IS Rep s roles and responsibilities related to AA&E Recognize the steps required to carry out a Pre-award Security Survey (PASS) Identify the content to be covered in an AA&E Physical Security Inspection Apply appropriate safety requirements for AA&E facility surveys and inspections September 2017 Center for Development of Security Excellence Page 1-1

Lesson 2: AA&E Background Policy Introduction Objectives As an industrial security representative, or IS Rep, you should be familiar with the role DSS plays in overseeing facilities that manufacture, use, or store Arms, Ammunition, and Explosives, or AA&E. Here are the lesson objectives. Take a moment to review them. Identify AA&E program authorization and guidance Describe DSS AA&E authority and its limits Recognize the general types of Missiles & Rockets, Arms, and Ammunition and Explosives that are categorized in each of the Security Risk Categories (SRCs) DSS AA&E Program AA&E Program History and Background In 1980, the Industry AA&E mission along with the program which was known at the time as the Defense Industrial Security Program was transferred from the Defense Contracts Administration Services, or DCAS, to the Defense Investigative Service, which later became today s Defense Security Service, or DSS. Today, AA&E programs are spread out across the country. In 2017 there were a total of 149 AA&E facilities. Some areas have a higher number of AA&E programs than others. Many of the contractors who already have established AA&E contracts with the DoD sometimes pursue new contracts for their existing facilities. Even though AA&E represents less than 5% of the DSS workload, all IS Reps must be familiar with AA&E processes and procedures. AA&E Program Authorization and Guidance Two authorities authorize DSS to conduct AA&E activities that fall outside of the National Industrial Security Program, or NISP: the Defense Federal Acquisition Regulation Supplement, or DFARS, Clause 252.223-7007: Safeguarding Sensitive Conventional Arms, Ammunition, and Explosives; and DoDM 5100.76, Physical Security of Sensitive Conventional AA&E. September 2017 Center for Development of Security Excellence Page 2-1

The DFARS clause defines and describes the AA&E. It ensures that any AA&E developed, produced, manufactured, or purchased for the Government, or provided to the Contractor as Government-furnished property, is inserted into AA&E contracts. The DFARS clause specifies that the contractor must comply with the security safeguards identified in DoDM 5100.76 and grants DSS representatives entry authority for surveys and inspections. The AA&E Manual, DoDM 5100.76, sets the minimum standards and criteria for physical security of AA&E, and establishes requirements to adequately protect sensitive conventional AA&E stored in DoD and DoD contractor AA&E facilities during peacetime. Finally, as an IS Rep you should be aware that the Industrial Security Operating Manual, or ISOM, Section 13 contains directions and guidance for DSS responsibilities related to AA&E. DSS AA&E Authority The DFARS clause and DoDM 5100.76 authorize DSS to conduct a Pre-award Security Survey, or PASS, of prospective AA&E contractor facilities, as well as initial, recurring, and closeout inspections of current AA&E contractors. A PASS is usually conducted before contract award to assess contractor compliance with physical security provisions contained in contracts that involve sensitive conventional AA&E. Note that there may be times when the PASS is requested after the contract has been awarded, but in these cases the PASS is still conducted as normal. Information from a PASS can help the Government Contracting Activity, or GCA, determine whether or not to make the contract award. Note that in the AA&E manual, the GCA is referred to as the procuring command/activity. There are times when the PASS is requested after the contract has been awarded. In this case, proceed with the PASS as normal. After a contract has been awarded, DSS conducts initial, recurring, and closeout inspections of AA&E contractors. After the initial survey, recurring inspections on new contracts are conducted on a 12 month review cycle, although grandfathered contracts issued prior to the 2012 AA&E manual may still have 18 month review cycles. Limits of DSS AA&E Authority You should be aware that DSS AA&E authority is different from NISP authority; therefore your AA&E responsibilities are different from your usual industrial security responsibilities. Under AA&E, IS Reps do NOT mandate corrective actions that is the responsibility of the GCA and only the Government Contracting Officer can instruct facilities on corrective actions. The DD 441 instructs the contractor that the cost incurred to meet NISP requirements will not be reimbursed directly. There is no equivalent of the DD 441 in place for AA&E, and therefore there is no clause that protects the Government from costs incurred. The IS Rep should not direct any action as they do not have the authority to obligate the government. IS Reps DO, however, report their inspection results to the GCA, who can discuss and potentially approve any cost-associated actions. IS Reps can also provide contractors with guidance and instructions. September 2017 Center for Development of Security Excellence Page 2-2

AA&E Security Risk Categories AA&E Terminology As we review IS Rep AA&E responsibilities, there is some terminology that you should know. In order to submit a PASS request, contractors will need to know the AA&E s Security Risk Category, or SRC. SRC is the classification by risk for AA&E, and will determine the required structural needs, storage, doors, IDS, and guard patrols for AA&E. Contractors must also provide the AA&E s National Stock Number, or NSN, a unique item number applied to items that are repeatedly procured, stocked, issued, and used throughout the federal supply system. Finally, contractors must provide the AA&E nomenclature, or the terms applied to and commonly used to describe AA&E (and other) items. SRC Categories 1-4 You should be familiar with SRCs one through four, as the AA&E risk categorization dictates which security measures are required. Note that DSS does not determine the SRC. Category one contains the highest risk AA&E, and includes man-portable missiles and rockets, and ammunition and explosives with complete explosive rounds. There are no arms in category one. Category two includes crew-served or platform mounted launchers and other missile equipment, light automatic weapons, and ammunition and explosives such as hand and rifle grenades, high explosives, and explosives used in demolition operations. Category three includes the complex hardware and software equipment needed for missiles and rockets to function, launch tube and grip stock, grenade launchers, etc, as well as ammunition that is.50 caliber and larger, explosive filled projectile incendiary grenades, and fuses for high explosive grenades. Finally, category four contains shoulder fired weapons other than grenade launchers, handguns, and rifles up to and including 106mm. Ammunition and Explosives in category four include nonexplosive projectiles, fuses, riot control agents, etc. There are no missiles and rockets in category four. SRC I Missiles & Rockets: o Man-portable (Redeye, Stinger, Dragon, Javelin, LAW, SMAW) Arms: o None SRC II Ammunition & Explosives: o Complete explosive rounds for SRC I missiles and rockets Missiles & Rockets: September 2017 Center for Development of Security Excellence Page 2-3

o Crew-served or platform mounted launchers and other equipment (Missiles Only) Arms: o Light automatic weapons up to.50 caliber o 40mm MK 19 machine guns Ammunition & Explosives: o Hand and rifle grenades, high explosives, and white phosphorous o Mines, antitank or antipersonnel (unpacked weight of 50 lbs or less) o Explosives used in demolition operations (C4, MIL dynamite, TNT, 100 lbs or less) o Warheads for sensitive missiles and rockets SRC III Missiles & Rockets: o Complex hardware and software equipment required to function (e.g. Hellfire missile) Arms: o Launch tube and grip stock for: Stinger, Redeye, Dragon o Mortar tubes up to 81mm o Grenade launchers, rocket and missile launchers 100 lbs or less o Flame throwers o Launchers/missile guidance set for the TOW Ammunition & Explosives: o.50 caliber and larger, with explosive filled projectile o Grenades (incendiary) and fuses for high explosive grenades o Blasting caps, supplementary charges, bulk explosives, and detonating cord o Warheads for sensitive missiles and rockets weighing between 50-100 lbs SRC IV Missiles & Rockets: o None Arms: o Shoulder fired weapons other than grenade launchers, not fully automatic o Handguns September 2017 Center for Development of Security Excellence Page 2-4

o Recoilless rifles up to and including 106mm Ammunition & Explosives: o Nonexplosive projectiles, fuses, grenades (smoke, etc.) o Incendiary destroyers o Riot control agents How is SRC Determined? Although the GCA is responsible for determining the SRC on AA&E items, as an IS Rep, you should be aware of the process used. AA&E SRC is calculated by considering several risk factors, including: the utility risk factor, which considers what type of ammunition or device it is; the casualty/damage risk factor, which considers how lethal or damaging it is; the adaptability risk factor, which considers how easy it is to put together and use, without other required components; and the portability risk factor, which considers how easy it is to carry. September 2017 Center for Development of Security Excellence Page 2-5

Review Activities Review Activity 1 Which of the following policies authorize DSS to conduct AA&E activities? Select all that apply. Then check your answers in the Answer Key at the end of this Student Guide. NISPOM DFARS Clause 252.223-7007 DoDM 5100.76 ISOM, Section 13 Review Activity 2 DSS is authorized to. Select all that apply. Then check your answers in the Answer Key at the end of this Student Guide. Conduct Pre-award Security Surveys (PASS) Conduct initial, recurring, and closeout AA&E inspections Mandate corrective actions Review Activity 3 Which risk category includes handguns? Select the best response. Then check your answer in the Answer Key at the end of this. SRC I SRC II SRC III SRC IV Review Activity 4 Which risk category includes light automatic weapons up to.50 caliber? Select the best response. Then check your answer in the Answer Key at the end of this. SRC I SRC II September 2017 Center for Development of Security Excellence Page 2-6

SRC III SRC IV Review Activity 5 Which risk category includes grenade launchers? Select the best response. Then check your answer in the Answer Key at the end of this. SRC I SRC II SRC III SRC IV Review Activity 6 Which risk category does not include any arms? Select the best response. Then check your answer in the Answer Key at the end of this. SRC I SRC II SRC III SRC IV September 2017 Center for Development of Security Excellence Page 2-7

Lesson 3: Pre-Award Security Surveys (PASS) Introduction Objectives The Pre-award Security Survey, or PASS, of prospective AA&E contractor facilities is one of DSS s key AA&E responsibilities. This lesson will review IS Rep responsibilities, including PASS request validation and the information to include in the PASS report. Here are the lesson objectives. Take a moment to review them. Describe the PASS validation process Identify the IS Rep s responsibilities before and during the PASS Identify the basic information to include in the PASS report PASS Overview What is PASS? Before prospective AA&E contractors receive a contract, they are evaluated to determine whether they will be able to satisfy the contract s security conditions and requirements. This evaluation takes the form of a Pre-Award Security Survey, or PASS. DSS conducts the PASS during the pre-award period, and gathers information to help the Government Contracting Activity, or GCA, determine whether or not to award the contract. The Defense Contract Management Agency, or DCMA, acts as a go-between, collecting information during the pre-award period, to help the GCA determine whether to make the contract award. All IS Reps, whether or not they are currently assigned to AA&E facilities, need to know how to conduct a PASS. PASS Steps There are three main PASS steps: Validate, Complete, and Report. Companies bid on AA&E contracts. The procuring command provides potential awardees to DCMA who, in turn, requests DSS to conduct the PASS. Before these PASS requests can be forwarded to DSS field personnel they must be checked twice -- once by the owner of the centralized mailbox that receives the requests, and subsequently by the Regional AA&E September 2017 Center for Development of Security Excellence Page 3-1

coordinator or point of contact. Next, after receiving the PASS request, DSS field personnel check the request information once more, and then complete the survey within 20 business days, unless a different timeline is specified. Finally, once the survey is complete, DSS field personnel draft the report, obtain the Field Office Chief signature, and forward the report to DCMA. Let s look at each of these steps in a little more detail. Validate PASS Validation Process During the validation step, DSS personnel check PASS requests twice. Requests arrive at a centralized mailbox and the mailbox owner conducts an initial verification to ensure that the request contains all of the necessary information. If the centralized mailbox owner verifies that the PASS request is valid, he or she forwards it to the Regional AA&E point of contact, who performs a second verification. If the request is verified a second time, the Regional AA&E coordinator then assigns it to DSS field personnel. When requests are rejected, they are sent back to DCMA with an attached rejection email. This email provides an explanation for the rejection. Although requests are verified twice, it is still good practice for IS Reps to re-verify the information in the request form when they receive it. Reviewing requests at this stage can identify missing information or issues that were inadvertently missed, and identifying issues before a survey and TDY is scheduled can save time and money. First Request Verification So, what specific information is checked during PASS validation? The owner of the centralized mailbox carries out the first check. The first check ensures that PASS requests contain contact information for DCMA, the GCA, and the contractor. Contact information includes the actual name of the procurement office, military branch location, and point of contact. Note that the GCA will be referenced on the form as the customer. Pass requests must also provide: Nomenclature, National Stock Number, or NSN, and Security Risk Category, or SRC. Note that an item s SRC determines the required structural needs, storage, doors, IDS, and guard patrols, so surveys cannot be conducted without an SRC. Finally, the request needs to reference DFARS Clause 252.223-7007. If any of these elements are missing or incorrect the PASS request will be rejected, although exceptions may be made if the request is for a Research and Development, or R&D, project or an Indefinite Delivery, Indefinite Quantity, or IDIQ, contract. Second Request Verification: WebFLIS During the second validation, the regional AA&E coordinator also checks to ensure Nomenclature, NSN, SRC, and DFARS Clause 252.223-7007 are included. He or she also September 2017 Center for Development of Security Excellence Page 3-2

uses the WebFLIS website to verify categorized items Security Risk Categories. WebFLIS is a portal of the Defense Logistics Agency, or DLA, website. It contains a database of currently categorized items. WebFLIS users can look up items by their NSN to see the Controlled Inventory Item Code, or CIIC. CIICs one through four correspond to Security Risk Categories one through four, and only those categories are subject to DSS AA&E oversight. If the WebFLIS search does not show that an item is CIIC or SRC category one through four, then it is not identified as AA&E, and the PASS request will be rejected. Finally, the regional AA&E coordinator verifies the facility s CAGE Code. If the CAGE Code is unverifiable then the request will be rejected. Note that all companies must have valid CAGE codes. The DSS Facility Clearance Branch will add an A to the front of the CAGE code to identify it as an AA&E facility, but this is NOT part of the company s official CAGE code and this notation should not be used externally. Complete and Report PASS Before PASS Once the PASS request has been verified it is assigned to an IS Rep. Remember that it is still good practice for IS Reps to re-verify the information in the request before proceeding. Before conducting the survey, IS Reps must also check the DSS System of Record, or DSSSR, record to see if the requesting company is already participating in the AA&E program. This review may fulfill the pre-award survey requirement if the contractor is already under DSS cognizance, possesses AA&E materials in the same or higher risk category, and has completed a security inspection in the previous 12 months with satisfactory results and no unresolved deficiencies. If the contractor meets all of these conditions, a desk audit may be conducted in lieu of an on-site survey. In the case of a desk audit, the IS Rep must advise the requesting GCA, and should also contact the contractor to ensure that the same area and items are being used and that the buildings, rooms, containers, and processes have not changed. If the information in DSSSR is insufficient or outdated, an on-site PASS will be required. Complete the PASS Once IS Reps receive a verified PASS request, they should complete the survey within 20 business days, unless a different timeline is specified. The IS Rep will conduct the inspection using the AA&E Inspection Form. This form walks users through 23 detailed questions regarding AA&E documentation, storage, and other procedures. The form will be reviewed in greater detail later in this course, and the specific AA&E implementation details are found in DoDM 5100.76. PASS Results Once the PASS is complete, IS Reps report the results to DCMA. Results are reported as either in compliance or not in compliance, depending on whether the contractor meets the physical requirements of DoDM 5100.76, and the storage requirements specified in the September 2017 Center for Development of Security Excellence Page 3-3

contract. DCMA supplies this report information to the GCA, along with the results of their own safety survey, for the contract award or non-award decision. Remember, the GCA is the approval authority and they are the ones responsible for ensuring that contractors take recommended actions. A new survey may be requested if the contractor corrects deficiencies noted during the initial survey. PASS Report Basic information to include in report letters includes: the requestor s name for example, the Pre-award Survey Manager, or PASM; the subject of the report, including a reference to the request identification number, the contractor s name, address, and CAGE code; references used as a basis for conducting the survey in most cases this will be DoDM 5100.76 and the solicitation identification number; an overview of the request, including a description of the request, the date the request was received, and an overview of the AA&E that the contractor will store; and finally, the results of the survey, reported as either In Compliance or Not in Compliance with the storage requirements for the SRC under reference. IS Reps should obtain the Field Office Chief s signature before forwarding the report to DCMA. September 2017 Center for Development of Security Excellence Page 3-4

Review Activities Review Activity 1 You have just been tasked to complete a PASS of a prospective contractor facility. What is the first thing you should do? Select the best response. Then check your answer in the Answer Key at the end of this. Review DSSSR to see if a Desk Audit may be performed Call the facility to schedule the PASS Re-verify the PASS request Draft the PASS Report letter Review Activity 2 Which of the following elements should be included in the PASS Report letter? Select all that apply. Then check your answers in the Answer Key at the end of this Student Guide. Requestor s name Subject of the report References Overview of the request Field Office Chief s signature September 2017 Center for Development of Security Excellence Page 3-5

Lesson 4: AA&E Physical Security Inspections Introduction Objectives Once contracts have been awarded, DSS is responsible for AA&E Physical Security inspections. This lesson will review the DSS role and responsibilities during AA&E Physical Security inspections, as well as what goes into AA&E Physical Security Inspection Reports. Here are the lesson objectives. Take a moment to review them. Identify DSS roles and responsibilities in Physical Security Inspections Recognize what content is covered as part of an AA&E Physical Security Inspection Describe requirements for AA&E Physical Security Inspection Reports DSS Role and Authority DSS Role Physical security inspections of AA&E contractor facilities are a responsibility of DSS and are only conducted by IS Reps who have received training as an AA&E Inspector. If you discover suspected AA&E materials during a visit to a non-aa&e facility, you should contact the GCA and local DCMA. If possible, identify the associated contract number and NSN for the suspected AA&E item and review the NSN in Webflis or contact an AA&E Cadre member to validate if the item is categorized AA&E. AA&E inspections are conducted on a 12-month inspection cycle, although contracts issued prior to 2012 may have an 18-month inspection cycle grandfathered in. Inspections are only required for the duration of the contract, and are conducted in accordance with the AA&E Manual DoDM 5100.76 NOT the NISPOM. Remember, during these AA&E inspections DSS only identifies deficiencies; it does NOT specify corrective actions for the contractor to take. IS Reps may provide recommendations for corrective actions to the GCA. DSS Authority You should be aware that DSS only has authority to conduct AA&E activities at Contractor- Owned, Contractor-Operated, or COCO, facilities. At Government-Owned, Government Operated, or GOGO, and Government-Owned, Contractor-Operated, or GOCO, facilities, the owning Government Command conducts AA&E actions, unless there is a Memorandum of Understanding in place between DSS and that Government Command. September 2017 Center for Development of Security Excellence Page 4-1

Complete and Report AA&E Physical Security Inspections Inspection Content AA&E Physical Security Inspections verify that the contractor facility is meeting the requirements laid out in DoDM 5100.76, enclosure 9 and the AA&E contract. Inspections should review: Physical security measures; Policy compliance, including any existing deviations from policy; Facility design and construction; And inventory and accountability procedures. The AA&E Inspection Form, used during the PASS, may be used for AA&E physical security inspections, as well. Note, however, that inspections may include more contracts and more areas to review than the PASS. The AA&E Inspection Form will be reviewed in greater detail in the following lesson. Inspection Reports Once the inspection is complete, IS Reps document the results in an inspection report. Reports contain sections that correspond with the applicable DoDM 5100.76, Enclosure 9 requirements. For each section, reports should give a descriptive narrative and identify if that section is compliant or non-compliant. If a section is non-compliant, the report should describe measures that might allow the GCA to mitigate and submit a waiver or an exception. Sample Inspection Report template may be found on the course resources page. Report Follow-up Following the inspection, the IS Rep sends a report letter signed by the Field Office Chief to each GCA with the Regional POC courtesy copied. Note that one inspection often generates several results letters one for each contract. All actions are annotated in the DSS System of Record, or DSSSR. If the inspection results are noncompliant, the GCAs are responsible for ensuring they are corrected, to include closeouts. Note that inspection results are submitted to the GCA only, and not to DCMA. Only the PASS is submitted to DCMA. September 2017 Center for Development of Security Excellence Page 4-2

Review Activities Review Activity 1 All inspections are conducted on an 18-month review cycle. Determine whether the statement is True or False. Then check your answers in the Answer Key at the end of this. True False Review Activity 2 Inspections are conducted in accordance with DoDM 5100.76, NOT the NISPOM. Determine whether the statement is True or False. Then check your answers in the Answer Key at the end of this. True False Review Activity 3 DSS proves contractors with corrective actions. Determine whether the statement is True or False. Then check your answers in the Answer Key at the end of this. True False Review Activity 4 Which of the following elements should be reviewed during an AA&E physical security inspection? Select all that apply. Then check your answers in the Answer Key at the end of this Student Guide. Physical security measures Policy compliance Existing deviations from policy Inventory and accountability procedures Facility design and construction September 2017 Center for Development of Security Excellence Page 4-3

Lesson 5: The AA&E Inspection Form Introduction Objectives IS Reps use the AA&E Inspection Form for both the Pre-Award Security Survey, or PASS, and for AA&E Physical Security Inspections. Remember that the PASS identifies a facility s ability to perform within the AA&E requirements should they win the contract, while the inspection validates that the facility is currently meeting AA&E requirements. This lesson will review the contents of the form. Here is the lesson objective. Take a moment to review it. Apply the AA&E Inspections Form to complete the PASS or a Physical Security Inspection Inspection Form Overview Use of AA&E Inspection Form The AA&E inspection form contains 23 questions to ask or investigate during a PASS or AA&E inspection. The top of the form contains fields for the Facility/CAGE code, inspection date and inspector, field office, region, and the overall rating of compliant or noncompliant. For each of the 23 questions, the form contains the question, including applicable references to DoDM 5100.76, a box to check yes, no, or not applicable, and a field for comments. In some cases, notes about the question are included in this field. As they conduct their inspections, inspectors make notes in the comments, and may indicate additional actions or recommendations, even when the contractor is compliant. At the end of the form is a field to list AA&E contract numbers, the specific AA&E items and security risk categories, or SRC, and the procuring command or activity in other words, the Government Contracting Activity, or GCA and its contact information. You may discuss the areas found compliant or non-compliant. However, remember that you cannot mandate corrective actions; that is the GCA s responsibility. Let the contractor know the results of the PASS and/or inspection. The results will also be sent to the GCA. Sample Inspection Report template may be found on the course resources page. Inspection Form Contents Inspection Form Item 1: Facility Suitability The first item on the inspection form asks whether the GCA issued a favorable facility suitability determination in writing. Note that this requirement is different from the September 2017 Center for Development of Security Excellence Page 5-1

requirements for classified programs. More detail on this item may be found in DoDM 5100.76, Enclosure 9.4b. Inspection Form Item 2-5: Locks and Keys Inspection form items two through five all deal with locks and keys. Note that lock requirements for AA&E materials are different from lock requirements for classified programs. Question two asks whether AA&E storage and production structures are secured with high security locks and hasps, and notes that the S&G 951 is the high security lock currently being produced. The use of the S&G 833C is grandfathered. Question three asks whether the contractor has implemented a key and lock control system. Inspectors should consider whether the key and lock control system is described in the Standing Practice Procedures, or SPP. Question four asks whether the contractor appointed a key and lock custodian to implement and supervise the key and lock control system. Inspectors should consider whether the appointment was made in writing. Question five asks whether operational keys for SRC I and II storage areas are stored in a GSA approved Class 5 container. Contractors should not use Class 6 containers to store SRC I and II keys. Question five also asks whether keys for SRC III-IV are stored in a 12- gauge steel container with a GSA built in combo lock? Note that replacement locks, cores, and keys need to be secured in the same manner as operational keys. Inspection Form Item 6-11: General Physical Security Inspection form items six through 11 deal with general physical security, such as entry and exit procedures, lighting, fencing, and intrusion detection. Question six asks whether vehicle and pedestrian entry into and exit from production and storage areas is controlled. Question seven asks whether the contractor restricts privately owned vehicles from parking within 100 ft. of AA&E storage and production buildings. Question eight is specific to SRC one and two, and asks whether exterior building and door lighting is sufficient to allow for detection of unauthorized entry. Question nine is only relevant if security lighting is required. It asks whether the contractor installed any exterior lighting switches so that only authorized individuals can access them. Inspectors should consider how the lighting is secured. Is it secured via automation or a locked switch? Is the circuit breaker also secured? Question ten is only relevant if perimeter fencing is required by contract. Any AA&E fencing specifics will be identified in the contract. If fencing is required, question ten asks whether structures containing SRC one and two AA&E is protected by a fence, securable by a padlock. September 2017 Center for Development of Security Excellence Page 5-2

Finally, question 11 asks whether structures are protected by an intrusion detection system, or IDS, unless they are under constant surveillance. Note that the IDS must be UL 2050, Extent 2 for all arms, rockets, and missiles, and for all SRC one and two ammunition and explosives. The IDS should include a monitoring station, 15 minute guard response, and monthly alarm tests, in a log that is maintained for a year. Inspection Form Item 12-14: Security and Transportation Inspection form items 12 through 14 deal with production line security and transportation. Question 12 asks whether the contractor s written production line security countermeasures have been provided to DSS, and whether they are sufficient to prevent theft or pilferage? Question 13 asks whether the GCA advised the contractor of transportation security requirements for shipments of AA&E. AA&E Transportation Security is reviewed in DoDM 5100.76 Enclosure 10. Note that AA&E shipments need to comply with DTR 4500.9-R, Part II, Chapter 205. Question 14 addresses movement of SRC I and II AA&E on the contractor s facility. It asks about the contractor s to communicate with security and safety personnel when moving AA&E. Inspectors should consider whether movement on the facility is addressed in the SPP. Inspectors should also consider how facility employees communicate. For example, what type of phone or radio do they use? Inspection Form Item 15-17: Requirements and Procedures Inspection form items 15 through 17 deal with requirements and procedures. Question 15 asks whether classified AA&E is stored in accordance with the security requirements outlined in DoDM 5100.76, rather than those in the NISPOM. Remember that storage requirements for AA&E even classified AA&E may be different from NISPOM requirements. For example, classified AA&E storage must use a high security lock and hasp. The XO Series or Kaba-Mas-type GSA locking devices are not sufficient. Question 16 asks whether the contractor provided written accountability procedures to the GCA, and whether the GCA provided written approval of those preocedures. DSS should receive a copy of the approved accountability procedures, as well. Finally, question 17 asks whether the GCA provided instructions for the disposal and demilitarization, or DEMIL, of residual AA&E. Inspectors should review DEMIL procedures and ensure they are compliant with storage requirements. Note that SRC I and II AA&E items awaiting disposal and/or DEMIL are not to be stored in an open manner. Inspection Form Item 18 and 19: Arms Parts and Frames Inspection form items 18 and 19 deal with arms parts and frames. Question 18 asks whether major arms parts, such as barrels and major assemblies, are afforded at least the same protection as SRC IV arms. Note that SRC IV ams require a high security lock and hasp September 2017 Center for Development of Security Excellence Page 5-3

unless they are stored in a GSA Class 5 container or vault and have the UL 2050 IDS. Question 19 asks whether the frame or receiver of an arm is stored in accordance with the applicable category for the arm itself. Roll over items 18 and19 to review and to see the DoDM 5100.76 references for each. Inspection Form Item 20-23: Procedural Details Inspection form items 20 through 23 deal with procedural details such as reports, waivers, procedures, and subcontracts. Question 20 asks whether the contractor submitted incident reports to DSS and the GCA within 72 hours after discovering the incident. Incidents that require reporting are described in Enclosure 9.12.a: items one through six. The contractor must also immediately notify local law enforcement and the FBI of any incidents. Question 21 asks whether there are any waivers or exceptions approved by the GCA, and notes that waivers may be granted for up to a year. Exceptions may be permanent, but must be reviewed every 3 years. Question 22 asks whether the contractor has prepared and maintained an SPP to implememt AA&E requirements, and whether DSS has determined that the documented procedures are adequate. Contractors must train personnel annually on the SPP, and must maintain training records. Finally, for AA&E contracts that contain DFARS Clause 252.223-2007, question 23 asks whether the contractor notified DSS any subcontracts involving AA&E. Notification is required within 10 days of subcontract issue. Inspectors should consider who the subcontractors are, whether they are in the DSSSR as AA&E facilities, and whether the contractor notified the GCA and DCMA to submit a PASS for those locations. September 2017 Center for Development of Security Excellence Page 5-4

Review Activities Review Activity 1 Now that you have reviewed the AA&E inspection form in detail, see if you can apply it to the following scenarios. Imagine you are conducting an initial inspection of an AA&E contractor facility. Which of these questions should you consider during your review of locks and keys? Select all that apply. Then check your answers in the Answer Key at the end of this Student Guide. Are AA&E storage and production structures secured with high security locks and hasps? Has the contractor implemented a key and lock control system? Did contractor appoint a key and lock custodian? Do locks and keys meet NISPOM requirements? Review Activity 2 During your inspection, you note that operational keys for SRC II are stored in a 12-gauge steel container with GSA combo lock. Is this compliant, noncompliant, or not applicable? Determine how you complete the form. Then check your answers in the Answer Key at the end of this. Compliant Noncompliant N/A Review Activity 3 Now imagine you are conducting a PASS. Which of these questions should you consider during your review of the facility s physical security measures? Select all that apply. Then check your answers in the Answer Key at the end of this Student Guide. Will entry into and exist from production and storage areas be controlled? If SRC I-II will be stored, is exterior building and door lighting sufficient? If lighting is required, are exterior switches accessible only to authorized individuals? September 2017 Center for Development of Security Excellence Page 5-5

Review Activity 4 You note that the contractor restricts private vehicles from parking within 100 feet of AA&E storage and production buildings. Is this compliant, noncompliant, or not applicable? Determine how you complete the form. Then check your answers in the Answer Key at the end of this. Compliant Noncompliant N/A Review Activity 5 Next, imagine you are conducting an annual inspection of an AA&E contractor facility. Which of these questions should you consider during your review of reports and documentation? Select all that apply. Then check your answers in the Answer Key at the end of this Student Guide. Has DSS approved the facility s SPP? Are there records of annual training on the facility s SPP? Does the facility have a valid FCL? Have any waivers or exceptions been approved by the GCA? Review Activity 6 The contractor informs you that there was an attempted break-in last year, but no AA&E materials were lost. They reported the incident 4 days after it was discovered. Is this compliant, noncompliant, or not applicable? Determine how you complete the form. Then check your answers in the Answer Key at the end of this. Compliant Noncompliant N/A September 2017 Center for Development of Security Excellence Page 5-6

Lesson 6: AA&E Conduct and Safety Introduction Objectives While conducting surveys and inspections, IS Reps need to be aware of appropriate conduct and safety. Here are the lesson objectives. Take a moment to review them. Describe DSS AA&E authority and its limits Recognize safety concerns for inspectors at AA&E facilities Identify appropriate dress for AA&E surveys/inspections Survey/Inspection Conduct Conduct Notes While conducting AA&E surveys and inspections, all IS Reps should know how to respond to questions from the contractor. You should remember to provide only information that is directly related to the survey or inspection, or to the collection of survey or inspection responses. You should also explain that you are there solely for AA&E, and that the survey or inspection is not for the NISP. Remember, the AA&E program and the NISP are separate programs with different requirements and different approval processes. DSS has different authorities in the different programs. Remember also that you should provide guidance concerning DoDM 5100.76 requirements directly to the Defense Contract Management Agency, or DCMA, and to the Government Contracting Activities, or GCAs, as relevant. You should not advise contractors about correcting or resolving issues that are found during inspections, nor should you advise contractors about necessary upgrades or purchases. Only the GCA can instruct facilities on corrective actions. General Safety Precautions Situational Awareness When completing AA&E inspections, there are some safety rules and precautions that you must observe. You should ensure you receive a safety briefing, you must be mindful of the operational environment, and you must NOT touch any of the equipment. You should be aware of explosive material and avoid exposure. Note that if you are travelling by airplane after conducting an inspection you will need a letter to provide a written explanation about your exposure to explosive material. It is also best to change your clothes and shoes when September 2017 Center for Development of Security Excellence Page 6-1

traveling by airplane, so that you are not wearing the same garments as you wore during the inspection. Dress While conducting an AA&E inspection you must dress accordingly. Appropriate attire includes khakis with a cotton polo style short- or long-sleeved shirt, and a weather appropriate jacket that is either leather or cotton. Metal-free composite-toe conductive work boots are recommended, and may be required at some locations. Note that wool, polyester, and silk clothes should not be worn, as they may present a static hazard. Suits and ties should not be worn at an AA&E assessment. This dress is authorized within the DSS dress code. Additional Concerns Note that if you identify any safety concerns during a PASS you should notify DCMA. If you identify safety concerns during an inspection, you should contact the GCA directly. The Industrial Security Operating Manual, or ISOM, Section13.6, Safety Considerations for AA&E Visits and Surveys, contains a complete list of safety concerns that you should be aware of. September 2017 Center for Development of Security Excellence Page 6-2

Review Activities Review Activity 1 While conducting an AA&E Inspection, the contractor asks if they will be required to upgrade their IDS. How should you respond? Select the best response. Then check your answers in the Answer Key at the end of this. They should always have the latest model and should upgrade their equipment Any IDS Is sufficient and they do not need to upgrade The GCA will inform them if any upgrades are required Review Activity 2 Which of the following precautions should you take while performing an AA&E survey or inspection? Select all that apply. Then check your answers in the Answer Key at the end of this Student Guide. Receive a safety briefing Be mindful of the operational environment Do not touch any equipment Do not wear wool, polyester, or silk September 2017 Center for Development of Security Excellence Page 6-3

Lesson 7: Course Conclusion Conclusion Course Summary As an Industrial Security Representative, you should now be aware of your role and responsibilities regarding the AA&E program, including both the pre-award security survey, or PASS, and the AA&E inspections that take place after contract award. You should understand how to use the AA&E Inspection Form, and you should be aware of key conduct and safety requirements for surveys and inspections. Lesson Review Congratulations! You have completed the DSS Oversight of AA&E Facilities course. You should now be able to perform all of the listed activities. Identify the policies that authorize and support DSS oversight of AA&E Describe the IS Rep s roles and responsibilities related to AA&E Recognize the steps required to carry out a Pre-award Security Survey (PASS) Identify the content to be covered in an AA&E Physical Security Inspection Apply appropriate safety requirements for AA&E facility surveys and inspections To receive course credit, you must take the DSS Oversight of AA&E Facilities examination. If you accessed the course through the Security Training, Education, and Professionalization Portal (STEPP), please use that system to register for the online exam. Otherwise, select the Take Exam button on the last screen of the course to take the online exam and receive your certificate. September 2017 Center for Development of Security Excellence Page 7-1

Appendix A: Answer Key Lesson 2 Review Activities Review Activity 1 Which of the following policies authorize DSS to conduct AA&E activities? Select all that apply. Then check your answers in the Answer Key at the end of this Student Guide. NISPOM DFARS Clause 252.223-7007 (correct answer) DoDM 5100.76 (correct answer) ISOM, Section 13 Feedback: DFARS Clause 252.223-7007 and DoDM 5100.76 authorize DSS to conduct AA&E. Although it does not authorize DSS actions, ISOM, Section 13 does contain directions and guidance for DSS responsibilities related to AA&E. Review Activity 2 DSS is authorized to. Select all that apply. Then check your answers in the Answer Key at the end of this Student Guide. Conduct Pre-award Security Surveys (PASS) (correct answer) Conduct initial, recurring, and closeout AA&E inspections (correct answer) Mandate corrective actions Feedback: DSS is authorized to conduct Pre-award Security Surveys (PASS) and initial, recurring, and closeout AA&E inspections. Only the GCA may mandate corrective actions. Review Activity 3 Which risk category includes handguns? Select the best response. Then check your answer in the Answer Key at the end of this. SRC I SRC II SRC III September 2017 Center for Development of Security Excellence Page A-1

SRC IV (correct answer) Feedback: Handguns are categorized as SRC IV. Review Activity 4 Which risk category includes light automatic weapons up to.50 caliber? Select the best response. Then check your answer in the Answer Key at the end of this. SRC I SRC II (correct answer) SRC III SRC IV Feedback: Light automatic weapons up to.50 caliber are categorized as SRC II. Review Activity 5 Which risk category includes grenade launchers? Select the best response. Then check your answer in the Answer Key at the end of this. SRC I SRC II SRC III (correct answer) SRC IV Feedback: Grenade launchers are categorized as SRC III. Review Activity 6 Which risk category does not include any arms? Select the best response. Then check your answer in the Answer Key at the end of this. SRC I (correct answer) SRC II SRC III SRC IV Feedback: SRC I does not include any arms. September 2017 Center for Development of Security Excellence Page A-2

Lesson 3 Review Activities Review Activity 1 You have just been tasked to complete a PASS of a prospective contractor facility. What is the first thing you should do? Select the best response. Then check your answer in the Answer Key at the end of this. Review DSSSR to see if a Desk Audit may be performed Call the facility to schedule the PASS Re-verify the PASS request (correct answer) Draft the PASS Report letter Feedback: Requests are verified twice. Although it is not required, it is still good practice for IS Reps to re-verify the information in the request form when they receive it. Review Activity 2 Which of the following elements should be included in the PASS Report letter? Select all that apply. Then check your answers in the Answer Key at the end of this Student Guide. Requestor s name (correct answer) Subject of the report (correct answer) References (correct answer) Overview of the request (correct answer) Field Office Chief s signature (correct answer) Feedback: All of these elements should be included in the PASS Report letter. September 2017 Center for Development of Security Excellence Page A-3

Lesson 4 Review Activities Review Activity 1 All inspections are conducted on an 18-month review cycle. Determine whether the statement is True or False. Then check your answers in the Answer Key at the end of this. True False (correct answer) Feedback: Most inspections are conducted on a 12-month review cycle. Some grandfathered contracts are conducted every 18 months. Review Activity 2 Inspections are conducted in accordance with DoDM 5100.76, NOT the NISPOM. Determine whether the statement is True or False. Then check your answers in the Answer Key at the end of this. True (correct answer) False Feedback: AA&E inspections are conducted in accordance with DoDM 5100.76, NOT the NISPOM. Review Activity 3 DSS proves contractors with corrective actions. Determine whether the statement is True or False. Then check your answers in the Answer Key at the end of this. True False (correct answer) Feedback: DSS only identified deficiencies, not corrective actions. (Corrective actions are provided to the GCA only.) September 2017 Center for Development of Security Excellence Page A-4

Review Activity 4 Which of the following elements should be reviewed during an AA&E physical security inspection? Select all that apply. Then check your answers in the Answer Key at the end of this Student Guide. Physical security measures (correct answer) Policy compliance (correct answer) Existing deviations from policy (correct answer) Inventory and accountability procedures (correct answer) Facility design and construction (correct answer) Feedback: All of these elements should be reviewed during an AA&E physical security inspection. September 2017 Center for Development of Security Excellence Page A-5

Lesson 5 Review Activity Review Activity 1 Which of these questions should you consider during your review? Select all that apply. Then check your answers in the Answer Key at the end of this Student Guide. Are AA&E storage and production structures secured with high security locks and hasps? (correct answer) Has the contractor implemented a key and lock control system? (correct answer) Did contractor appoint a key and lock custodian? (correct answer) Do locks and keys meet NISPOM requirements? Feedback: High security locks and hasps, key and lock control systems, and key and lock custodians are all required, however AA&E requirements are different from those specified in the NISPOM. Review Activity 2 Operational keys for SRC II are stored in a 12-gauge steel container with GSA combo lock. Determine how you complete the form. Then check your answers in the Answer Key at the end of this. Compliant Noncompliant (correct answer) N/A Feedback: This is not compliant. Operational keys for SRC I and II must be stored in a GSA-approved Class 5 container. The facility is not compliant. Review Activity 3 Which of these questions should you consider during your review? Select all that apply. Then check your answers in the Answer Key at the end of this Student Guide. Will entry into and exist from production and storage areas be controlled? (correct answer) If SRC I-II will be stored, is exterior building and door lighting sufficient? (correct answer) September 2017 Center for Development of Security Excellence Page A-6

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback