DCSA CI MCMO Countermeasures Matrix

• Policies are in place to conduct due diligence/vetting on entities entering into business relationship with the company/facility.

• FSOs are aware of which offices or individuals in their facility commonly receive email request for information or technology (including sales, marketing, public relations, scientists/engineers, academics etc.) and tailor CI and security briefings to those employees.
• Employees are aware what information is protected and what information is authorized for public release and report all instances of requests for proprietary, export controlled or sensitive information by unauthorized persons or entities.
• Employees are aware of the common indicators of an illicit procurement attempt (i.e. lack of end user or end use information, multiple same/similar requests from various entities within a short time, poor use of grammar, etc.).
• Policies are in place to conduct due diligence/vetting on entities entering into business relationship with the company/facility.

• FSOs are aware of which offices or individuals in their facility commonly receive email request for information or technology (including sales, marketing, public relations, scientists/engineers, academics etc.) and tailor CI and security briefings to those employees.
• Employees are aware what information is protected and what information is authorized for public release and report all instances of requests for proprietary, export controlled or sensitive information by unauthorized persons or entities.
• Employees are aware of the common indicators of an illicit procurement attempt (i.e. lack of end user or end use information, multiple same/similar requests from various entities within a short time, poor use of grammar, etc.). CM4. Policies are in place to conduct due diligence/vetting on entities entering into business relationship with the company/facility.

N/A

N/A

• Human Resources personnel and/professors are aware of indicators of foreign efforts to exploit access and placement
• Personnel are aware of which positions require U.S. citizenship and security clearances and do not engage about positions with non-qualified candidates.
• Personnel report unsolicited resume submissions, from foreign persons, to the FSO and Human Resources.

• FSOs are aware of which offices or individuals in their facility commonly receive email request for information or technology (including sales, marketing, public relations, scientists/engineers, academics etc.) and tailor CI and security briefings to those employees.
• Employees are aware what information is protected and what information is authorized for public release and report all instances of requests for proprietary, export controlled or sensitive information by unauthorized persons or entities.
• Employees are aware of the common indicators of an illicit procurement attempt (i.e. lack of end user or end use information, multiple same/similar requests from various entities within a short time, poor use of grammar, etc.).

• FSOs are aware of which offices or individuals in their facility commonly receive email request for information or technology (including sales, marketing, public relations, scientists/engineers, academics etc.) and tailor CI and security briefings to those employees.
• Employees are aware what information is protected and what information is authorized for public release and report all instances of requests for proprietary, export controlled or sensitive information by unauthorized persons or entities.
• Employees are aware of the common indicators of an illicit procurement attempt (i.e. lack of end user or end use information, multiple same/similar requests from various entities within a short time, poor use of grammar, etc.).

• FSOs are aware of which offices or individuals in their facility commonly receive email request for information or technology (including sales, marketing, public relations, scientists/engineers, academics etc.) and tailor CI and security briefings to those employees.
• Employees are aware what information is protected and what information is authorized for public release and report all instances of requests for proprietary, export controlled or sensitive information by unauthorized persons or entities.
• Employees are aware of the common indicators of an illicit procurement attempt (i.e. lack of end user or end use information, multiple same/similar requests from various entities within a short time, poor use of grammar, etc.).
• Policies are in place to conduct due diligence/vetting on entities entering into business relationship with the company/facility.

N/A

• Policies are in place to conduct due diligence/vetting on entities entering into business relationship with the company/facility.

N/A

N/A

• Policies are in place to conduct due diligence/vetting on PRE-DECISIONAL; not vetted or coordinated entities prior to entering into business relationship with the company/facility.

• FSOs are aware of which offices or individuals in their facility commonly receive/review web form submissions requesting information or technology (including sales, marketing, public relations, etc.) and tailor CI and security briefings to those employees.
• Employees are aware what information is protected and what information is authorized for public release and report all instances of requests for proprietary, export controlled or sensitive information by unauthorized persons or entities.
• Employees are aware of the common indicators of an illicit procurement attempt (i.e. lack of end user or end use information, multiple same/similar requests from various entities within a short time, poor use of grammar, etc.).
• Policies are in place to conduct due diligence/vetting on PRE-DECISIONAL; not vetted or coordinated entities prior to entering into business relationship with the company/facility.

• FSOs are aware of which offices or individuals in their facility commonly receive email request for information or technology (including sales, marketing, public relations, scientists/engineers, academics etc.) and tailor CI and security briefings to those employees.
• Employees are aware what information is protected and what information is authorized for public release and report all instances of requests for proprietary, export controlled or sensitive information by unauthorized persons or entities.
• Employees are aware of the common indicators of an illicit procurement attempt (i.e. lack of end user or end use information, multiple same/similar requests from various entities within a short time, poor use of grammar, etc.).
• Policies are in place to conduct due diligence/vetting on entities entering into business relationship with the company/facility.

• Do not allow attachments to the webform submissions.

N/A

• Human Resources personnel and/professors are aware of indicators of foreign efforts to exploit access and placement.
• Personnel are aware of which positions require U.S. citizenship and security clearances and do not engage about positions with non-qualified candidates.
• Personnel report unsolicited resume submissions, from foreign persons, to the FSO and Human Resources.

• FSOs are aware of which offices or individuals in their facility commonly receive/review web form submissions requesting information or technology (including sales, marketing, public relations, etc.) and tailor CI and security briefings to those employees.
• Employees are aware what information is protected and what information is authorized for public release and report all instances of requests for proprietary, export controlled or sensitive information by unauthorized persons or entities.
• Employees are aware of the common indicators of an illicit procurement attempt (i.e. lack of end user or end use information, multiple same/similar requests from various entities within a short time, poor use of grammar, etc.).

• FSOs are aware of which offices or individuals in their facility commonly receive/review web form submissions requesting information or technology (including sales, marketing, public relations, etc.) and tailor CI and security briefings to those employees.
• Employees are aware what information is protected and what information is authorized for public release and report all instances of requests for proprietary, export controlled or sensitive information by unauthorized persons or entities.
• Employees are aware of the common indicators of an illicit procurement attempt (i.e. lack of end user or end use information, multiple same/similar requests from various entities within a short time, poor use of grammar, etc.).

• FSOs are aware of which offices or individuals in their facility commonly receive/review web form submissions requesting information or technology (including sales, marketing, public relations, etc.) and tailor CI and security briefings to those employees.
• Employees are aware what information is protected and what information is authorized for public release and report all instances of requests for proprietary, export controlled or sensitive information by unauthorized persons or entities.
• Employees are aware of the common indicators of an illicit procurement attempt (i.e. lack of end user or end use information, multiple same/similar requests from various entities within a short time, poor use of grammar, etc.).
• Policies are in place to conduct due diligence/vetting on PRE-DECISIONAL; not vetted or coordinated entities prior to entering into business relationship with the company/facility.

N/A

• FSOs are aware of which offices or individuals in their facility commonly receive/review web form submissions requesting information or technology (including sales, marketing, public relations, etc.) and tailor CI and security briefings to those employees.
• Employees are aware what information is protected and what information is authorized for public release and report all instances of requests for proprietary, export controlled or sensitive information by unauthorized persons or entities.
• Employees are aware of the common indicators of an illicit procurement attempt (i.e. lack of end user or end use information, multiple same/similar requests from various entities within a short time, poor use of grammar, etc.).

N/A

N/A

N/A

N/A

N/A

• Use an email filter.
• Block executable and zip attachments and hyperlinks.
• Block suspect email addresses and IPs PRE-DECISIONAL; not vetted or coordinated.
• Ensure your network is current on patches/ updating software. (Phishing.org)
• Strengthen the security controls of the websites, applications and email systems of the organization e.g. using technological solutions such as SSL, two-factor authentication, digital certificates, firewalls, anti-virus solutions, enhancing fraud monitoring or reporting mechanisms and so on. (INFOSEC)
• Monitor the Internet for fraudulent variations of your organization’s name, trademark, seal or website address. (INFOSEC)
• Use Antivirus software (Phishing.org)
• Take advantage of any anti-phishing features offered by your email client and web browser. (US-CERT)
• Provide regular and updated training on identifying suspicious emails.
• Provide a secure method for employees to report.
• Inform users directly (e.g. disseminate information through monthly statements, leaflets, publications or websites) about the preventive measures that your organization has implemented (eg, We will never ask you for your password in an email, etc.). (INFOSEC)
• Report to applicable government entities.
• Report to applicable government entities. (INFOSEC)
• Issue alerts to staff, administrators or service providers of the website of the organization to strengthen security measures and to watch out for any suspicious activities. (INFOSEC)CM3. Employees affected should immediately change any passwords e revealed. If the employee used the same password for multiple resources, ensure they know to change it for each account, and do not use that password in the future. (US-CERT)

• Use an email filter.
• Block executable and zip attachments and hyperlinks.
• Block suspect email addresses and IPs PRE-DECISIONAL; not vetted or coordinated.
• Ensure your network is current on patches/ updating software. (Phishing.org)
• Strengthen the security controls of the websites, applications and email systems of the organization e.g. using technological solutions such as SSL, two-factor authentication, digital certificates, firewalls, anti-virus solutions, enhancing fraud monitoring or reporting mechanisms and so on. (INFOSEC)
• Monitor the Internet for fraudulent variations of your organization’s name, trademark, seal or website address. (INFOSEC)
• Use Antivirus software (Phishing.org)
• Take advantage of any anti-phishing features offered by your email client and web browser. (US-CERT)
• Provide regular and updated training on identifying suspicious emails.
• Provide a secure method for employees to report.
• Inform users directly (e.g. disseminate information through monthly statements, leaflets, publications or websites) about the preventive measures that your organization has implemented (eg, We will never ask you for your password in an email, etc.). (INFOSEC)
• Report to applicable government entities.
• Report to applicable government entities. (INFOSEC)
• Issue alerts to staff, administrators or service providers of the website of the organization to strengthen security measures and to watch out for any suspicious activities. (INFOSEC)CM3. Employees affected should immediately change any passwords e revealed. If the employee used the same password for multiple resources, ensure they know to change it for each account, and do not use that password in the future. (US-CERT)

• Use an email filter.
• Block executable and zip attachments and hyperlinks.
• Block suspect email addresses and IPs PRE-DECISIONAL; not vetted or coordinated.
• Ensure your network is current on patches/ updating software. (Phishing.org)
• Strengthen the security controls of the websites, applications and email systems of the organization e.g. using technological solutions such as SSL, two-factor authentication, digital certificates, firewalls, anti-virus solutions, enhancing fraud monitoring or reporting mechanisms and so on. (INFOSEC)
• Monitor the Internet for fraudulent variations of your organization’s name, trademark, seal or website address. (INFOSEC)
• Use Antivirus software (Phishing.org)
• Take advantage of any anti-phishing features offered by your email client and web browser. (US-CERT)
• Provide regular and updated training on identifying suspicious emails.
• Provide a secure method for employees to report.
• Inform users directly (e.g. disseminate information through monthly statements, leaflets, publications or websites) about the preventive measures that your organization has implemented (eg, We will never ask you for your password in an email, etc.). (INFOSEC)
• Report to applicable government entities.
• Report to applicable government entities. (INFOSEC)
• Issue alerts to staff, administrators or service providers of the website of the organization to strengthen security measures and to watch out for any suspicious activities. (INFOSEC)CM3. Employees affected should immediately change any passwords e revealed. If the employee used the same password for multiple resources, ensure they know to change it for each account, and do not use that password in the future. (US-CERT)

• Use an email filter.
• Block executable and zip attachments and hyperlinks.
• Block suspect email addresses and IPs PRE-DECISIONAL; not vetted or coordinated.
• Ensure your network is current on patches/ updating software. (Phishing.org)
• Strengthen the security controls of the websites, applications and email systems of the organization e.g. using technological solutions such as SSL, two-factor authentication, digital certificates, firewalls, anti-virus solutions, enhancing fraud monitoring or reporting mechanisms and so on. (INFOSEC)
• Monitor the Internet for fraudulent variations of your organization’s name, trademark, seal or website address. (INFOSEC)
• Use Antivirus software (Phishing.org)
• Take advantage of any anti-phishing features offered by your email client and web browser. (US-CERT)
• Provide regular and updated training on identifying suspicious emails.
• Provide a secure method for employees to report.
• Inform users directly (e.g. disseminate information through monthly statements, leaflets, publications or websites) about the preventive measures that your organization has implemented (eg, We will never ask you for your password in an email, etc.). (INFOSEC)
• Report to applicable government entities.
• Report to applicable government entities. (INFOSEC)
• Issue alerts to staff, administrators or service providers of the website of the organization to strengthen security measures and to watch out for any suspicious activities. (INFOSEC)CM3. Employees affected should immediately change any passwords e revealed. If the employee used the same password for multiple resources, ensure they know to change it for each account, and do not use that password in the future. (US-CERT)

• Use an email filter.
• Block executable and zip attachments and hyperlinks.
• Block suspect email addresses and IPs PRE-DECISIONAL; not vetted or coordinated.
• Ensure your network is current on patches/ updating software. (Phishing.org)
• Strengthen the security controls of the websites, applications and email systems of the organization e.g. using technological solutions such as SSL, two-factor authentication, digital certificates, firewalls, anti-virus solutions, enhancing fraud monitoring or reporting mechanisms and so on. (INFOSEC)
• Monitor the Internet for fraudulent variations of your organization’s name, trademark, seal or website address. (INFOSEC)
• Use Antivirus software (Phishing.org)
• Take advantage of any anti-phishing features offered by your email client and web browser. (US-CERT)
• Provide regular and updated training on identifying suspicious emails.
• Provide a secure method for employees to report.
• Inform users directly (e.g. disseminate information through monthly statements, leaflets, publications or websites) about the preventive measures that your organization has implemented (eg, We will never ask you for your password in an email, etc.). (INFOSEC)
• Report to applicable government entities.
• Report to applicable government entities. (INFOSEC)
• Issue alerts to staff, administrators or service providers of the website of the organization to strengthen security measures and to watch out for any suspicious activities. (INFOSEC)CM3. Employees affected should immediately change any passwords e revealed. If the employee used the same password for multiple resources, ensure they know to change it for each account, and do not use that password in the future. (US-CERT)

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

• Do not allow zone transfers from non-authorized systems.
• Review and analyze DNS for suspicious activity or anomalies.
• Incorporate threat information into security protocols.
• Review and control posted information.
• Periodically review activities originating with foreign IPs Periodically review company information discoverable on publically available search engines (i.e. Google).
• Use a generic SSID.
• Use WPA-2 encryption.
• Use a wireless intrusion detection system and remove PRE-DECISIONAL; not vetted or coordinated unauthorized WAPs.
• Disable incoming ICMP echo requests except where necessary.
• Disable outgoing ICMP Time Exceeded messages.
• Block source IPs with frequent ping seeps.
• Close unused ports and review logs to identify IPs still attempting to access.
• Ensure your network is current on patches/ updating software (Phishing.org)
• Create firewall rules to reassemble IP packets.
• Use a host-based and network IDS.
• Update rules/signatures/patches.
• Remove all default web material.
• Apply all system and server patches.
• Run the web server with minimal privileges.
• Use an IDS on the web server.
• Strengthen the security controls of the websites, applications and email systems of the organization e.g. using technological solutions such as SSL, two-factor authentication, digital certificates, firewalls, anti-virus solutions, enhancing fraud monitoring or reporting mechanisms and so on. (INFOSEC)
• Enforce account lock out for incorrect passwords.
• Review logs for frequent login attempts without activity.
• Consider using two-factor authentication (INFOSEC)
• Report to applicable government entities. (INFOSEC)
• Issue alerts to staff, administrators or service providers of the website of the organization to strengthen security measures and to watch out for any suspicious activities. (INFOSEC)
• Employees affected should immediately change any passwords revealed. If the employee used the same password for multiple resources, ensure they know to change it for each account, and do not use that password in the future. (US-CERT)
• Provide regular and updated training on identifying suspicious network activity.
• Provide a secure method for employees to report.
• Inform users directly (e.g. disseminate information through monthly statements, leaflets, publications or websites) about the preventive measures that your organization has implemented. (INFOSEC)
• Educate users about the best practices that they should follow and observe when using your Internet services. (INFOSEC)
• Have Employees Password-protect computer/ mobile device. (US-CERT)
• Particularly during travel, instruct employees to keep their valuables and mobile devices secure at all times (Narrative: When traveling, keep your device with you. Meal times are optimum times for thieves to check hotel rooms for unattended laptops. If you are attending a conference or trade show, be especially wary—these venues offer thieves a wider selection of devices that are likely to contain sensitive information, and the conference sessions offer more opportunities for thieves to access guest rooms.) (US-CERT)
• Particularly during travel, instruct employees to downplay laptops or mobile devices – (Narrative: There is no need to advertise to thieves that you have a laptop or mobile device. Avoid using your device in public areas, and consider non-traditional bags for carrying your laptop.) (US-CERT)
• a public area, pay attention to people around you. Take precautions to shield yourself from "shoulder surfers"—make sure that no one can see you type your passwords or see any sensitive information on your screen). (US-CERT)
• Consider an alarm or lock on mobile devices or laptops. (US-CERT)
• Instruct employees to be careful about posting cell phone numbers and email addresses – (Narrative: Attackers often use software that browses web sites for email addresses. These addresses then become targets for attacks and spam. Cell phone numbers can be collected automatically, too. By limiting the number of people who have access to your information, you limit your risk of becoming a victim.) (US-CERT)
• Instruct employees to be wary of downloadable software (Narrative: There are many sites that offer games and other software you can download onto your cell phone or PDA. This software could include malicious code. Avoid downloading files from sites that you do not trust. If you are getting the files from a supposedly secure site, look for a web site certificate. If you do download a file from a web site, consider saving it to your computer and manually scanning it for viruses before opening it.) (US-CERT)
• Implement a policy for password suitability and rotation. (US-CERT)

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

• Train personnel on sensitivity of corporate and personnel information.
• Limit amount of potentially sensitive corporate data posted to social media.
• Scrutinize contact and communications across social media.

• On mobile applications, turn off location services.
• For personal use associated with the facility, do not post recognizable landmarks or date time stamps.
• Do not post personally identifiable information on social networks.
• Train personnel on sensitivity of corporate and personnel information.
• Limit amount of potentially sensitive corporate data posted to social media.
• Scrutinize contact and communications across social media.
• Employees use secure browser settings when possible and monitor browsing history.

• Train personnel on sensitivity of corporate and personnel information.
• Limit amount of potentially sensitive corporate data posted to social media.
• Scrutinize contact and communications across social media.
• Minimize social network profiles to limit access to employee information.
• Instruct employees to establish connections only with people they know and trust.
• Instruct employees to avoid posting or tagging images of themselves or their families that clearly show their face.
• Employees use secure browser settings when possible and monitor browsing history.

• On mobile applications, turn off location services.

• On mobile applications, turn off location services.
• For personal use associated with the facility, do not post recognizable landmarks or date time stamps.
• Do not post personally identifiable information on social networks.
• Employees use secure browser settings when possible and monitor browsing history.

• Human Resources personnel and/professors are aware of indicators of foreign efforts to exploit access and placement.
• Personnel are aware of which positions require U.S. citizenship and security clearances and do not engage about positions with non-qualified candidates.
• Personnel report unsolicited resume submissions, from foreign persons, to the FSO and Human Resources.

• Instruct employees to establish connections only with people they know and trust.
• Employees use secure browser settings when possible and monitor browsing history.

• Train personnel on sensitivity of corporate and personnel information.
• Limit amount of potentially sensitive corporate data posted to social media.
• Scrutinize contact and communications across social media.
• Minimize social network profiles to limit access to employee information.
• Instruct employees to establish connections only with people they know and trust.
• Instruct employees to avoid posting or tagging images of themselves or their families that clearly show their face.
• Employees use secure browser settings when possible and monitor browsing history.

• Instruct employees to establish connections only with people they know and trust.
• Employees use secure browser settings when possible and monitor browsing history.

N/A

• Minimize social network profiles to limit access to employee information.
• Instruct employees to establish connections only with people they know and trust.
• Instruct employees to avoid posting or tagging images of themselves or their families that clearly show their face.
• Employees use secure browser settings when possible and monitor browsing history.

N/A

Under development.

• Brief employees on common indicators of solicitation/elicitation.
• Brief employees on how to deflect solicitation/elicitation attempts.
• Brief employees on what information is protected and what information is authorized for public release.
• Instruct employees to report requests for proprietary, export controlled, or sensitive information.
• Instruct employees to direct questions to the facility’s Frequently Asked Questions (FAQs) web page.

• Brief employees on common indicators of solicitation/elicitation.
• Brief employees on how to deflect solicitation/elicitation attempts.
• Brief employees on what information is protected and what information is authorized for public release.
• Instruct employees to report requests for proprietary, export controlled, or sensitive information.
• Instruct employees to direct questions to the facility’s Frequently Asked Questions (FAQs) web page.

• Brief employees on potential espionage indicators and how to report questionable activities by co-workers.

Under development.

• Brief employees on potential espionage indicators and how to report questionable activities by co-workers.
• Brief employees on what information should not be posted on job or networking sites (i.e. not advertising clearance/access information; not directly associating with specific military programs/technologies, etc.).

• Human Resources personnel are aware of indicators of foreign efforts to exploit access and placement.
• Personnel are aware of which positions require U.S. citizenship and security clearances and do not engage with non-qualified candidates.
• Personnel are instructed to report unsolicited resume submissions, from foreign persons, to the FSO and Human Resources.

• Brief employees on common indicators of solicitation/elicitation.
• Brief employees on how to deflect solicitation/elicitation attempts.
• Brief employees on what information is protected and what information is authorized for public release.
• Instruct employees to report requests for proprietary, export controlled, or sensitive information.
• Instruct employees to direct questions to the facility’s Frequently Asked Questions (FAQs) web page.

• Brief employees on common indicators of solicitation/elicitation.
• Brief employees on how to deflect solicitation/elicitation attempts.
• Brief employees on what information is protected and what information is authorized for public release.
• Instruct employees to report requests for proprietary, export controlled, or sensitive information.
• Instruct employees to direct questions to the facility’s Frequently Asked Questions (FAQs) web page.

• Brief employees on common indicators of solicitation/elicitation.
• Brief employees on how to deflect solicitation/elicitation attempts.
• Brief employees on what information is protected and what information is authorized for public release.
• Instruct employees to report requests for proprietary, export controlled, or sensitive information.

• Facility has effective entry control procedures.
• Facility has effective surveillance, guards, and physical security.

• Brief employees on common indicators of solicitation/elicitation.
• Brief employees on how to deflect solicitation/elicitation attempts.
• Brief employees on what information is protected and what information is authorized for public release.
• Instruct employees to report requests for proprietary, export controlled, or sensitive information.
• Instruct employees to direct questions to the facility’s Frequently Asked Questions (FAQs) web page.
• Brief employees on potential espionage indicators and how to report questionable activities by co-workers.
• Brief employees on what information should not be posted on job or networking sites (i.e. not advertising clearance/access.
• information; not directly associating with specific military programs/technologies, etc.).

• Travel with sanitized laptop / electronic devices.
• Conduct pre and post scans of electronic devices.
• If possible, avoid using foreign provided lockboxes for electronic devices.

• Recommend traveling and staying developed urban locations close to major thoroughfares.
• When feasible travel in pairs.
• Travel via major thoroughfares.
• Avoid taking pictures of police or government personnel and/or buildings.

• Prior to hosting foreign visitors, brief all escorts and personnel on what can and cannot be discussed with delegation members.
• Develop standard responses to questions that are sensitive, classified, proprietary, or outside the scope of the visit.
• Submit the names (and other identifying information) of the PRE-DECISIONAL; not vetted or coordinated visitors to DCSA Prior to hosting foreign visitors.
• Review the paths visitors will take during the visit to ensure visitors will not be able to see or overhear sensitive or classified information.
• Train escorts on identifying suspicious behavior and questions and appropriate responses.
• Debrief all escorts and personnel and report questionable activities.
• Limit cell phone and other recording device use in the facility.

• Prior to hosting foreign visitors, brief all escorts and personnel on what can and cannot be discussed with delegation members.
• Develop standard responses to questions that are sensitive, classified, proprietary, or outside the scope of the visit.
• Submit the names (and other identifying information) of the PRE-DECISIONAL; not vetted or coordinated visitors to DCSA Prior to hosting foreign visitors.
• Review the paths visitors will take during the visit to ensure visitors will not be able to see or overhear sensitive or classified information.
• Train escorts on identifying suspicious behavior and questions and appropriate responses.
• Debrief all escorts and personnel and report questionable activities.
• Limit cell phone and other recording device use in the facility.

• Prior to hosting foreign visitors, brief all escorts and personnel on what can and cannot be discussed with delegation members.
• Develop standard responses to questions that are sensitive, classified, proprietary, or outside the scope of the visit.
• Submit the names (and other identifying information) of the PRE-DECISIONAL; not vetted or coordinated visitors to DCSA Prior to hosting foreign visitors.
• Review the paths visitors will take during the visit to ensure visitors will not be able to see or overhear sensitive or classified information.
• Train escorts on identifying suspicious behavior and questions and appropriate responses.
• Debrief all escorts and personnel and report questionable activities.
• Limit cell phone and other recording device use in the facility.

• Do not allow foreign visitors unsupervised access to information systems.
• Do not allow foreign visitors to introduce removable media or upload software to information systems.

• Submit the names (and other identifying information) of the PRE-DECISIONAL; not vetted or coordinated visitors to DCSA Prior to hosting foreign visitors.
• Review the paths visitors will take during the visit to ensure visitors will not be able to see or overhear sensitive or classified information.
• Train escorts on identifying suspicious behavior and questions and appropriate responses.
• Debrief all escorts and personnel and report questionable activities.
• Limit cell phone and other recording device use in the facility.

Under development.

• Prior to hosting foreign visitors, brief all escorts and personnel on what can and cannot be discussed with delegation members.
• Develop standard responses to questions that are sensitive, classified, proprietary, or outside the scope of the visit.
• Debrief all escorts and personnel and report questionable activities.

• Prior to hosting foreign visitors, brief all escorts and personnel on what can and cannot be discussed with delegation members.
• Develop standard responses to questions that are sensitive, classified, proprietary, or outside the scope of the visit.

• Prior to hosting foreign visitors, brief all escorts and personnel on what can and cannot be discussed with delegation members.
• Develop standard responses to questions that are sensitive, classified, proprietary, or outside the scope of the visit.
• Submit the names (and other identifying information) of the PRE-DECISIONAL; not vetted or coordinated visitors to DCSA Prior to hosting foreign visitors.

• Train escorts on identifying suspicious behavior and questions and appropriate responses.
• Debrief all escorts and personnel and report questionable activities.

• Prior to hosting foreign visitors, brief all escorts and personnel on what can and cannot be discussed with delegation members.
• Develop standard responses to questions that are sensitive, classified, proprietary, or outside the scope of the visit.

N/A

• Limit cell phone and other recording device use in the facility.

• Pre-brief employees who will attend CC&T on what information is protected and what information is authorized for public release.
• Brief employees to report all instances of requests for proprietary, export controlled or sensitive information.
• Brief employees on solicitation and elicitation techniques used by foreign entities.
• Brief employees on who to contact during the event, if unusual activities occur.
• Contact DCSA prior to CC&T to obtain threat information specific to the event and brief employees who will attend. (i.e. AUSA, Paris Air Show, etc.).
• Brief employees on techniques used by foreign intelligence, especially at airports and hotels.
• Instruct employees to not make their travel known via social media by posting pictures or tweeting.
• Instruct employees report suspicious contacts during the event.
• Instruct employees to report post-event contacts.
• Instruct employees to report offers of all-expense paid trips to attend/present at multi-national conferences.

• Pre-brief employees who will attend CC&T on what information is protected and what information is authorized for public release.
• Brief employees to report all instances of requests for proprietary, export controlled or sensitive information.
• Brief employees on solicitation and elicitation techniques used by foreign entities.
• Instruct employees to not connect electronic devices to unsecured networks.
• Brief employees on who to contact during the event, if unusual activities occur.
• Contact DCSA prior to CC&T to obtain threat information specific to the event and brief employees who will attend. (i.e. AUSA, Paris Air Show, etc.).
• Instruct employees to take mock up displays instead of operational technology.
• Brief employees on techniques used by foreign intelligence, especially at airports and hotels.
• Instruct employees to not make their travel known via social media by posting pictures or tweeting.
• Instruct employees report suspicious contacts during the event.
• Instruct employees to report post-event contacts.
• Review all presentation material for sensitive or protected information.
• Instruct employees to report offers of all-expense paid trips to attend/present at multi-national conferences.

• Instruct employees report suspicious contacts during the event.
• Instruct employees to report post-event contacts.
• Instruct employees to report offers of all-expense paid trips to attend/present at multi-national conferences.

• Instruct employees to not connect electronic devices to unsecured networks.
• Instruct employees to report post-event contacts.
• Review all presentation material for sensitive or protected information.
• Instruct employees to report offers of all-expense paid trips to attend/present at multi-national conferences.

• Brief employees on who to contact during the event, if unusual activities occur.
• Instruct employees to take mock up displays instead of operational technology.
• Review all presentation material for sensitive or protected information.

N/A

• Pre-brief employees who will attend CC&T on what information is protected and what information is authorized for public release.
• Brief employees to report all instances of requests for proprietary, export controlled or sensitive information.
• Brief employees on solicitation and elicitation techniques used by foreign entities.
• Instruct employees to not connect electronic devices to unsecured networks.
• Brief employees on who to contact during the event, if unusual activities occur.
• Contact DCSA prior to CC&T to obtain threat information specific to the event and brief employees who will attend. (i.e. AUSA, Paris Air Show, etc.).
• Brief employees on techniques used by foreign intelligence, especially at airports and hotels.
• Instruct employees report suspicious contacts during the event.
• Instruct employees to report post-event contacts.
• Instruct employees to report offers of all-expense paid trips to attend/present at multi-national conferences.

• Pre-brief employees who will attend CC&T on what information is protected and what information is authorized for public release.
• Brief employees to report all instances of requests for proprietary, export controlled or sensitive information.
• Brief employees on solicitation and elicitation techniques used by foreign entities.
• Brief employees on who to contact during the event, if unusual activities occur.
• Contact DCSA prior to CC&T to obtain threat information specific to the event and brief employees who will attend. (i.e. AUSA, Paris Air Show, etc.).
• Brief employees on techniques used by foreign intelligence, especially at airports and hotels.
• Instruct employees to not make their travel known via social media by posting pictures or tweeting.
• Instruct employees report suspicious contacts during the event.
• Instruct employees to report post-event contacts.
• Review all presentation material for sensitive or protected information.
• Instruct employees to report offers of all-expense paid trips to attend/present at multi-national conferences.

• Pre-brief employees who will attend CC&T on what information is protected and what information is authorized for public release.
• Brief employees to report all instances of requests for proprietary, export controlled or sensitive information.
• Brief employees on solicitation and elicitation techniques used by foreign entities.
• Brief employees on who to contact during the event, if unusual activities occur.
• Contact DCSA prior to CC&T to obtain threat information specific to the event and brief employees who will attend. (i.e. AUSA, Paris Air Show, etc.).
• Instruct employees to take mock up displays instead of operational technology.
• Brief employees on techniques used by foreign intelligence, especially at airports and hotels.
• Instruct employees to not make their travel known via social media by posting pictures or tweeting.
• Instruct employees report suspicious contacts during the event.
• Instruct employees to report post-event contacts.

• Pre-brief employees who will attend CC&T on what information is protected and what information is authorized for public release.
• Brief employees to report all instances of requests for proprietary, export controlled or sensitive information.
• Contact DCSA prior to CC&T to obtain threat information specific to the event and brief employees who will attend. (i.e. AUSA, Paris Air Show, etc.).
• Instruct employees to take mock up displays instead of operational technology.
• Instruct employees report suspicious contacts during the event.
• Instruct employees to report post-event contacts.

• Pre-brief employees who will attend CC&T on what information is protected and what information is authorized for public release.
• Brief employees to report all instances of requests for proprietary, export controlled or sensitive information.
• Brief employees on solicitation and elicitation techniques used by foreign entities.
• Brief employees on who to contact during the event, if unusual activities occur.
• Contact DCSA prior to CC&T to obtain threat information specific to the event and brief employees who will attend. (i.e. AUSA, Paris Air Show, etc.).
• Brief employees on techniques used by foreign intelligence, especially at airports and hotels.
• Instruct employees to not make their travel known via social media by posting pictures or tweeting.
• Instruct employees report suspicious contacts during the event.
• Instruct employees to report post-event contacts.
• Review all presentation material for sensitive or protected information.
• Instruct employees to report offers of all-expense paid trips to attend/present at multi-national conferences.

• Brief employees on techniques used by foreign intelligence, especially at airports and hotels.
• Instruct employees to not make their travel known via social media by posting pictures or tweeting.
• Instruct employees report suspicious contacts during the event.
• Instruct employees to report post-event contacts.

• Brief employees on solicitation and elicitation techniques used by foreign entities.
• Brief employees on who to contact during the event, if unusual activities occur.
• Contact DCSA prior to CC&T to obtain threat information specific to the event and brief employees who will attend. (i.e. AUSA, Paris Air Show, etc.).
• Brief employees on techniques used by foreign intelligence, especially at airports and hotels.
• Instruct employees report suspicious contacts during the event.
• Instruct employees to report post-event contacts.

• Report all suspicious or new solicitations.
• Cross reference solicitors with OFAC denied entries list, State Department entity list.
• Be suspicious of residential addresses and addresses for P.O. boxes (Anti-Terrorism Best Practice).
• Do not accept packages that are wet, oily, or have protruding wires (Anti-Terrorism Best Practice).
• Ensure classified information is properly packaged and mailed in accordance with NISPOM or the contract.

• Report all suspicious or new solicitations.
• Cross reference solicitors with OFAC denied entries list, State Department entity list.
• Be suspicious of residential addresses and addresses for P.O. boxes (Anti-Terrorism Best Practice).
• Do not accept packages that are wet, oily, or have protruding wires (Anti-Terrorism Best Practice).
• Ensure classified information is properly packaged and mailed in accordance with NISPOM or the contract.

N/A

N/A

• Ensure classified information is properly packaged and mailed in accordance with NISPOM or the contract.

• Report all suspicious or new solicitations.

• Report all suspicious or new solicitations.

• Report all suspicious or new solicitations.

• Report all suspicious or new solicitations.
• Cross reference solicitors with OFAC denied entries list, State Department entity list.
• Be suspicious of residential addresses and addresses for P.O. boxes (Anti-Terrorism Best Practice).
• Do not accept packages that are wet, oily, or have protruding wires (Anti-Terrorism Best Practice).

N/A

• Report all suspicious or new solicitations.

N/A

N/A

• FSOs should be aware of which offices or individuals in their facility commonly receive telephone calls with purchase requests, requests for business ventures, or for information about the facility or technologies and tailor CI and security briefings to those employees.
• Ensure employees are aware how to deal with unsolicited calls and know the correct office to direct inquires related to purchase requests, requests for business ventures, or for information about the facility or technologies.
• Ensure employees are aware of the common indicators of an illicit procurement attempt (i.e. lack of end user or end use information, multiple same/similar requests from various entities within a short time, poor use of grammar, etc.).
• Verify the identity of the caller by cross checking with company and/or business directories.
• Do not discuss or reference classified information on an unsecured telephone line.

• FSOs should be aware of which offices or individuals in their facility commonly receive telephone calls with purchase requests, requests for business ventures, or for information about the facility or technologies and tailor CI and security briefings to those employees.
• Ensure employees are aware how to deal with unsolicited calls and know the correct office to direct inquires related to purchase requests, requests for business ventures, or for information about the facility or technologies.
• Ensure employees are aware of the common indicators of an illicit procurement attempt (i.e. lack of end user or end use information, multiple same/similar requests from various entities within a short time, poor use of grammar, etc.).
• Verify the identity of the caller by cross checking with company and/or business directories.
• Do not discuss or reference classified information on an unsecured telephone line.

N/A

N/A

• Do not discuss or reference classified information on an unsecured telephone line.

• FSOs should be aware of which offices or individuals in their facility commonly receive telephone calls with purchase requests, requests for business ventures, or for information about the facility or technologies and tailor CI and security briefings to those employees.
• Ensure employees are aware how to deal with unsolicited calls and know the correct office to direct inquires related to purchase requests, requests for business ventures, or for information about the facility or technologies.
• Ensure employees are aware of the common indicators of an illicit procurement attempt (i.e. lack of end user or end use information, multiple same/similar requests from various entities within a short time, poor use of grammar, etc.).
• Verify the identity of the caller by cross checking with company and/or business directories.
• Do not discuss or reference classified information on an unsecured telephone line.

• FSOs should be aware of which offices or individuals in their facility commonly receive telephone calls with purchase requests, requests for business ventures, or for information about the facility or technologies and tailor CI and security briefings to those employees.
• Ensure employees are aware how to deal with unsolicited calls and know the correct office to direct inquires related to purchase requests, requests for business ventures, or for information about the facility or technologies.
• Ensure employees are aware of the common indicators of an illicit procurement attempt (i.e. lack of end user or end use information, multiple same/similar requests from various entities within a short time, poor use of grammar, etc.).
• Verify the identity of the caller by cross checking with company and/or business directories.
• Do not discuss or reference classified information on an unsecured telephone line.

• FSOs should be aware of which offices or individuals in their facility commonly receive telephone calls with purchase requests, requests for business ventures, or for information about the facility or technologies and tailor CI and security briefings to those employees.
• Ensure employees are aware how to deal with unsolicited calls and know the correct office to direct inquires related to purchase requests, requests for business ventures, or for information about the facility or technologies.
• Ensure employees are aware of the common indicators of an illicit procurement attempt (i.e. lack of end user or end use information, multiple same/similar requests from various entities within a short time, poor use of grammar, etc.).
• Verify the identity of the caller by cross checking with company and/or business directories.
• Do not discuss or reference classified information on an unsecured telephone line.

• FSOs should be aware of which offices or individuals in their facility commonly receive telephone calls with purchase requests, requests for business ventures, or for information about the facility or technologies and tailor CI and security briefings to those employees.
• Ensure employees are aware how to deal with unsolicited calls and know the correct office to direct inquires related to purchase requests, requests for business ventures, or for information about the facility or technologies.
• Ensure employees are aware of the common indicators of an illicit procurement attempt (i.e. lack of end user or end use information, multiple same/similar requests from various entities within a short time, poor use of grammar, etc.).
• Verify the identity of the caller by cross checking with company and/or business directories.
• Do not discuss or reference classified information on an unsecured telephone line.

N/A

• FSOs should be aware of which offices or individuals in their facility commonly receive telephone calls with purchase requests, requests for business ventures, or for information about the facility or technologies and tailor CI and security briefings to those employees.
• Ensure employees are aware how to deal with unsolicited calls and know the correct office to direct inquires related to purchase requests, requests for business ventures, or for information about the facility or technologies.
• Ensure employees are aware of the common indicators of an illicit procurement attempt (i.e. lack of end user or end use information, multiple same/similar requests from various entities within a short time, poor use of grammar, etc.).
• Verify the identity of the caller by cross checking with company and/or business directories.
• Do not discuss or reference classified information on an unsecured telephone line.

N/A

N/A

N/A

N/A

• Human Resources personnel and/or professors are aware of indicators of foreign efforts to exploit access and placement.
• Personnel are aware of which positions require U.S. citizenship and security clearances and do not engage with non-qualified candidates.
• Personnel are instructed to report unsolicited resume submissions, from foreign persons, to the FSO and Human Resources.

N/A

N/A

• Human Resources personnel and/or professors are aware of indicators of foreign efforts to exploit access and placement.
• Personnel are aware of which positions require U.S. citizenship and security clearances and do not engage with non-qualified candidates.
• Personnel are instructed to report unsolicited resume submissions, from foreign persons, to the FSO and Human Resources.

N/A

• Human Resources personnel and/or professors are aware of indicators of foreign efforts to exploit access and placement.
• Personnel are aware of which positions require U.S. citizenship and security clearances and do not engage with non-qualified candidates.
• Personnel are instructed to report unsolicited resume submissions, from foreign persons, to the FSO and Human Resources.

N/A

N/A

• Human Resources personnel and/or professors are aware of indicators of foreign efforts to exploit access and placement
• Personnel are aware of which positions require U.S. citizenship and security clearances and do not engage with non-qualified candidates.
• Personnel are instructed to report unsolicited resume submissions, from foreign persons, to the FSO and Human Resources.

N/A

N/A

N/A

N/A

• Human Resources personnel are aware of indicators of foreign efforts to exploit access and placement.
• Personnel are aware of which positions require U.S. citizenship and security clearances and do not engage with non-qualified candidates.
• Personnel are instructed to report unsolicited resume submissions, from foreign persons, to the FSO and Human Resources.

N/A

N/A

• Human Resources personnel are aware of indicators of foreign efforts to exploit access and placement.
• Personnel are aware of which positions require U.S. citizenship and security clearances and do not engage with non-qualified candidates.
• Personnel are instructed to report unsolicited resume submissions, from foreign persons, to the FSO and Human Resources.

Under development.

• Human Resources personnel are aware of indicators of foreign efforts to exploit access and placement.
• Personnel are aware of which positions require U.S. citizenship and security clearances and do not engage with non-qualified candidates.
• Personnel are instructed to report unsolicited resume submissions, from foreign persons, to the FSO and Human Resources.

N/A

N/A

• Human Resources personnel are aware of indicators of foreign efforts to exploit access and placement.
• Personnel are aware of which positions require U.S. citizenship and security clearances and do not engage with non-qualified candidates.
• Personnel are instructed to report unsolicited resume submissions, from foreign persons, to the FSO and Human Resources.

N/A

N/A