Security person has to know what contracts require security clearance and whether you company has to have possessing or non processing controls
What should drive requirements?
1. DD254
2. NISPOM
What should drive requirements?
1. DD254
2. NISPOM
The responsibility is ever changing with the event of cyber attacks happening within the military community. More emphasis on training and internal inspections. The latest training is insider threat. I had to go to STEPP and take the required training. Companies notified through contracts of new DFARS and changes to NISP must have resources experienced in documenting these changes or face future business loses. The time to read all the security requirements and training is very costly and is usually not part of contract costing (it's part of doing business with the government)