FORT LEE, Va. –
Entering the last week of Operations Security Awareness month, knowing the role each employee plays in the process and the shared responsibilities all have in ensuring security is vital to a successful program.
“Whether a new hire or a seasoned employee, all Defense Contract Management Agency personnel — military, government and contractor employees alike — are equally responsible to protect our nation’s information,” said Jeffrey Wilson, DCMA Eastern Region OPSEC specialist. “We accomplish this by identifying Critical Information and Indicators and safeguarding them from our adversaries’ collection operations.”
To accomplish this, each agency asset maintains an organizational or site-specific Security Plan, which includes OPSEC requirements. DCMA Manual 3301-06 “Operations Security” is the agency-level policy that implements and executes national and Department of Defense OPSEC policy.
Recent changes established in National Security Presidential Memorandum-28, elevates OPSEC from DOD-level to the National-level, under the National Intelligence director. This change requires all executive branch departments and agencies to establish, implement and execute OPSEC.
DCMA commanders and directors are required to implement the agency director’s OPSEC program by designating a person to coordinate, facilitate and work organizational OPSEC matters with the DCMA Security OPSEC team.
“Using the OPSEC Cycle, each organization is to identify and develop Critical Information and Indicator Lists specific or unique to their organization,” said Wilson. “The appropriate safeguards are to be devised to protect the CII, and the effectiveness of the applied safeguards to be reviewed and evaluated in a continual cycle. It is also important for all personnel to utilize OPSEC measures for the protection of personal and private information as well as that of family and friends.”
A critical step in implementing the agency’s OPSEC program is to ensure personnel stay current on OPSEC training requirements. Additionally, employees should become familiar with the organizational specific or unique CIIL.
“These steps help individual awareness of CII and how to protect the identified information,” said Wilson. “Personnel responsible for DCMA-issued contracts or other procurement actions must be aware of CII and identify the information and safeguarding requirements in contractual or other documentation provided to contract service providers and other vendors. This action ensures industry fulfilling procurement requirements are aware of CII and know how to protect the information.”
DCMA personnel working with contracts delegated to the agency must ascertain related OPSEC requirements. CIILs unique or specifically related to the contracts must be obtained from the Government Contract Authority responsible for the contract. This ensures DCMA personnel and the contractors working with contracts protect the CII as identified by the responsible GCA.
All CII contained in work products must be identified, safeguarded and disposed of in accordance with DoD Instruction 5200.48, Controlled Unclassified Information.
“By maintaining awareness of our agency and organizational CIIL, safeguarding CII properly, we ensure the DCMA OPSEC posture is resilient to threats posed by our adversaries and competitors,” said Wilson. “This keeps our information, other assets and our people safe.”
For additional information, contact the DCMA OPSEC team; dcma.lee.hq.list.information-security@mail.mil.
Previous OPSEC articles:
OPSEC history: from ancient origins to modern challenges
The OPSEC cycle explained
OPSEC: Do you know what CILL indicates?