Security Quick
Reference Guide

Point(s) of Contact

Pamela Hamilton / FSO
843.327.3273
pamela@appliedsecurityknowledge.com

Richard Carmichael / ITPSO
678.221.7834
rcarmichael@laochservices.com

 

Industrial Security Standards Practice & Procedures (SPP)

This provides a quick reference guide to Industrial Security Standards.

 

 

Table of Contents

DoD Hotline
dodig.mil/hotline / 800.424.9098

Security Quick Reference Guide

DCSA Mission Statement

As a defense contract company, Laoch Services works under the semblance of the newly formed Defense Counterintelligence and Security Agency (DCSA). By working closely with industry, DCSA is poised to build defenses against active and persistent attacks by our nation's adversaries against our federal workforce, technology, and information. Our goal as your security department is to provide you with the answers and tools for these situations and enable uncompromised capabilities by leveraging advanced technologies and innovation.

 

Responsible Point of Contact (POC)

As your appointed FSO, Pamela Hamilton will maintain cognizance and overall responsibility across all areas of security relevant activity. When necessary, the FSO may appoint a Security Point of Contact (SPOC) at remote locations.

 

Facility Clearance Level (FCL)

We are a non-possessing facility. We are not authorized to store classified packages or accept hand-carried information.

 

Personnel Security Clearance (PCL)

The number of employees processed for a clearance will be limited to the minimum necessary for operation efficiency. Do not communicate via e-mail Personal Identifiable Information (PII) without encryption or use of passwords.

Our nation's most critical asset is its people. By partnering with industry personnel, DCSA is able to use local knowledge to develop and refine a tailored security program for our company.

 

 

SEAD 3 Reporting Requirements Cleared Personnel

Secret and Top Secret Obligations - If any of the following should occur, you are obligated to notify the FSO/ASFO immediately.

  1. Living Status / Arrangements
  2. Criminal Activity
  3. Personal Finance & Business Interests
  4. Behavior & Conduct
  5. Foreign Travel – Official & Unofficial
  6. Foreign Contacts – Official & Unofficial
  7. Foreign Affiliation
  8. Treatment & Counseling
  9. Psychological & Emotional Health
  10. Media Contact

Go to SEAD 3 Reporting
Details for the above list

SEAD 3 Obligation
Reporting Form

 

SEAD 4 Adjudicative Guidelines Cleared Personnel

There are 13 National Security Adjudicative Guidelines* for determining eligibility for access to classified information, to perform national security duties, and determine the reporting requirements for personnel who have been cleared for access.

  1. Allegiance to the United States
  2. Foreign Influence
  3. Foreign Preference
  4. Sexual Behavior
  5. Personal Conduct
  6. Financial Considerations
  7. Alcohol Consumption
  8. Drug Involvement and Substance Misuse
  9. Psychological Conditions
  10. Criminal Conduct
  11. Handling Protected Information
  12. Outside Activities
  13. Use of Information Technology

Go to SEAD 4 Adjudicative Guideline
Details for the above list

 

Classification Levels of Security Relevant Activity

Confidential

Information that could be expected to cause damage to the national security.

Secret

Information that could be expected to cause serious damage to the national security.

Top Secret

Information that could be expected to cause exceptionally grave damage to the national security.

Visit Request

If the need arises for a cleared employee to access classified information at a government installation or other cleared defense contractors facility, a Visit Authorization Request (VAR) is required to be submitted so the location to be visited can verify the personnel security clearance level, reason for visit, point of contact to be notified, and duration of visit. Complete the Visit Request Form and submit it to your FSO, Pamela Hamilton at pamela@appliedsecurityknowledge.com.

Visit Request Form

 

Security Violation

It is the responsibility of each individual to report to the security officer any knowledge of violation of approved security policies.

A security infraction is a minor administrative deviation of security procedures.

A security violation shall exist when, on the basis of all available information, a breach of security has occurred due to an intentional act, a negligent act, or the omission of an act, thereby permitting the possible or actual compromise of classified information.

Offense First Second Third
Security Infraction Counseling by FSO Formal written reprimand up to termination Termination
Security Violation Formal written reprimand up to termination Termination  
Each violation which includes the compromise of unauthorized disclosure of classified information has a negative effect on the company viability in the classified market place.

 

Self Inspection

Self-inspection - per requirement listed in 32 CFR part 117.7(h)(2), the security department will conduct a self-inspection of our security program on an annual basis and at intervals consistent with risk management principles. As an employee, your cooperation is appreciated.

 

Security Briefings - Cleared

If you are a cleared employee, your career with Laoch Services will include training commensurate to your job and applicable safeguarding requirements according to the DoD Federal Regulation 32 CFR part 117. The curriculum required includes:

 

Insider Threat

From a Counterintelligence perspective, the Insider Threat is an employee with access to a classified or controlled environment who has the opportunity, capability, and intent to purposefully compromise sensitive information and/or materials for distribution to entities who pose a risk to the security interests of the U.S.

 

Threat Awareness / Defensive Security

The United States is now facing the most significant foreign intelligence threat it has ever encountered. Adversaries are successfully attacking cleared industry at an unprecedented rate. DCSA is partnering with U.S. industry to design, develop, and pilot an intelligence-led, asset-focused, and threat-driven approach to industrial security oversight. 

You need to REPORT RAPID & EARLY as this is essential to ensure quick mitigation of the risks.

 

Foreign Travel

Report all foreign travel: for business or pleasure. Information is most vulnerable when on the move. Overseas travel increases the risk of being targeted by foreign intelligence activities.

Do not publicize travel plans and limit sharing of this information to people who need to know. Limit sensitive discussions and maintain control of sensitive information by carrying it with you at all time. Conduct pre-travel security briefings.

Foreign Travel Form

 

Debriefing

Per 32 CFR part 117.12l, when it has been determined that you no longer require access, you are required to sign a debriefing statement acknowledging your understanding that protecting known information is a lifelong obligation.

 

Security Briefings – All Laoch Services Employees

 

Controlled Unclassified Information (CUI)

You are obligated to adhere to guidance specific to identified unclassified information that requires physical control, secure storage and approved destruction.

 

Working from Home

Working from home has brought unique challenges to the safeguarding of controlled information. The act of working from home does not alleviate employees of the need to follow all applicable policies and regulations. Avoid having printed copies of CUI and ITAR information and controlled hardware at home. If this is not possible, send a request to your project manager to receive approval for storing controlled information or hardware at home. We will then ensure that you have the ability to safely store any CUI or ITAR controlled items at your home.

 

Operational Security (OPSEC)

Protecting critical and sensitive information is essential to protecting the success of your organization and your missions, and to protecting the lives of U.S. service members, DoD employees, contractors, and family members. OPSEC is a countermeasure process to deny critical information to an adversary.

  1. Identify critical information
  2. Analyze threats
  3. Analyze vulnerabilities
  4. Assess the risk
  5. Apply countermeasures
32 CFR part 117.8c requires cleared contractors to remain vigilant and report any suspicious contacts to your FSO.

 

Personally Identifiable Information (PII)

As DoD contractors, we are responsible for protecting PII from unauthorized use or disclose as required by Federal laws and DoD regulations. NIST Special Publication 800-122 defines PII as "any information about an individual maintained by an agency, including any information that can be used to distinguish or trace an individual's identity, such as name, social security number, date and place of birth, mother's maiden name, or biometric records". These identifiers may not be classed as PII on their own, but present vulnerability when linked with other information.

Use encryption or password protect when transmitting this information.

 

Reporting-The-Threat

To report suspicious activity, contact your FSO, Pamela Hamilton at 843.327.3273 or at email pamela@appliedsecurityknowledge.com.

32 CFR part 117.8b requires that cleared contractors report actual, probable or possible espionage, sabotage, terrorism, or subversion promptly to the FBI and DCSA."

The nature and extent of suspicious contacts suggests a concerted effort to exploit contacts for competitive, economic, and military advantage.

 

Emergency Procedure

In an emergency situation, it is important to safeguard all information deemed valuable as best as possible. However, the overriding consideration in any emergency situation is your safety. Seek out your FSO once in a safe environment.

Data Spill Response

Security Quick Reference Guide Acknowledgement

SQRG Acknowledgement Form

 

Security Insights Newsletters

News, articles and knowledge released quarterly with insightful information

Security Insights

2025

2024

Newsletter Archives