Thinking about getting your FSO certification? Obtaining this credential, enabling you to become a Facility Security Officer, is a great career move and more importantly will help your organization stay in compliance with the security requirements of defense or federal government contracting. Facility Security Officers play a critical role in ensuring the safety and integrity of information and resources. What is a Facility Security Officer and what is it like to become one? Two employees of Sentient Digital’s subsidiary RDA, Inc., who recently obtained their FSO certifications, as well as a Sentient Digital FSO who mentored them, contributed insights from their experiences to this guide. 

WHAT IS A FACILITY SECURITY OFFICER?

A Facility Security Officer (FSO) is a designated, trained, and certified employee of an organization that serves as a contractor to the U.S. military. The FSO’s responsibilities may include ensuring that the organization complies with its security obligations under the National Industrial Security Program Operating Manual “NISPOM Rule” for government contractors, as well as other applicable security regulations. In reality, the day-to-day work of an FSO involves a variety of complex operations and for this reason it takes training and eventually FSO certification to obtain this role. Now that you have an answer to “What is a Facility Security Officer?” the next step is understanding who can become one. If you are considering becoming an FSO or trying to determine who in your organization should become your FSO, you will need to be aware of the eligibility requirements.

Recently Proposed DoD Amendments to the NISPOM Rule

The Department of Defense in December 2023 proposed amendments to the NISPOM Rule that will be in the comment period until February 2024. Rather than changing the requirements under NISPOM, these proposed amendments seek to make the rule easier to correctly apply. For example, the proposed changes explain that Controlled Unclassified Information (CUI) is governed by separate rules, rather than being encompassed by the NISP, which deals with the protection of classified information. FSOs are responsible for familiarizing themselves with changes to the NISPOM Rule to carry out their responsibilities.

WHAT ARE THE ELIGIBILITY REQUIREMENTS FOR SEEKING FSO CERTIFICATION? 

In order to seek FSO certification, there are several eligibility requirements to meet. Firstly, a person must be an employee of the contracting organization, rather than a contractor themselves. Additionally, the prospective FSO must be a U.S. Citizen and have the appropriate level of clearance for the cleared facility (meaning a facility that has obtained Facility Clearance). The Cognizant Security Authority (CSA), meaning the department or agency in charge of security for the particular contract may impose additional requirements for the FSO. 

HOW TO OBTAIN YOUR FSO CERTIFICATION

To begin the FSO Certification process, your organization must choose you as a candidate. Upon accepting this appointment, you will begin an approximately 50-hour training process administered by the Defense Counterintelligence and Security Agency (DCSA). There is some flexibility in the pacing of the training, in terms of how far you can spread this training out, but the training must be completed within six months of appointment as FSO. There may be additional requirements from the CSA as well, such as to take a program management course.

What to Expect from the DCSA’s 50-Hour FSO Training

Those who wish to become Facility Security Officers must undergo 50 hours of training from the DCSA. Its goal is to make sure FSOs are able to successfully meet the requirements of the job, both in ensuring the security of classified information and maintaining compliance with all government security regulations. Given the versatile demands and comprehensive nature of the job, the DCSA’s curriculum for this training covers many different topics. It establishes theoretical knowledge as well as practical application tasks to give a well-rounded look into the actual challenges faced by FSOs today.

Major Topics in the FSO Training

An overview of the major topics in the DCSA’s FSO training includes:

• The National Industrial Security Program (NISP): Anyone who wants to become an FSO must understand the National Industrial Security Program. Candidates study NISP’s intended purpose, scope, history, application, and latest developments. This establishes the foundation necessary to delve deeper into security theory and practice.
• The National Industrial Security Program Operating Manual (NISPOM): In addition to understanding NISP, FSO hopefuls must learn about NISPOM, a central feature of the job. Candidates study NISPOM in depth, including the security requirements it demands of organizations and how FSOs specifically enforce the proper security protocols to ensure compliance.
• Counterintelligence and Insider Threats: As an FSO, it is critical to have an understanding of the threats posed by both outsiders and insiders. FSOs are trained how to monitor for these threats, successfully identify them, properly report them, and, importantly, respond to them.
• Physical Security: An important responsibility for any FSO is to maintain adequate physical security. Therefore, FSO training includes information about how to establish physical barriers, access control, and other security measures to protect a facility’s security and its assets from unauthorized access on the physical premises.
• Document Security: Both physically and within computer systems, FSOs must ensure the security of all classified documents. During FSO training, candidates learn how they are expected to mark, share, use, store, and, eventually, destroy classified documents. This part of an FSO’s training includes practical exercises
• Information Systems Security (INFOSEC): With Information Systems Security training, FSO hopefuls learn how to protect classified information and documents digitally. This includes cyber security measures, IT security procedures, and incident response.
• Emergency Preparedness and Response: Whether it’s natural disasters or attacks from adversaries in the forms of cyber attacks, espionage, or terrorism, FSOs are responsible for making sure an organization is prepared for such attacks and can quickly and effectively respond to them.
• Security Clearances: Candidates gain an understanding of the various security clearances available for different kinds of classified information, as well as the process to get these security clearances. This includes the requirements for different security clearance levels, especially background checks. FSOs are responsible for guiding an organization’s staff through the security clearance processes to support their government contracting work.
• Auditing and Compliance: Another significant part of an FSO’s training is in auditing and government compliance. Candidates learn how to implement effective security audits, properly handle these records, and keep their organization in compliance with NISPOM and any other government regulations as needed.

Theoretical Knowledge and Practical Applications in FSO Training

To produce a well-rounded learning experience, FSO candidates encounter both theoretical knowledge and practical applications in their training. This gives them critical understanding of security principles, as well as practical experience in how to apply them. Candidates review real-world case studies, participate in simulations, and engage in other interactive exercises as part of their training and certification. This creates a controlled environment in which FSO candidates can practice their skills without risk, gaining important experience in leadership, problem solving, decision making, policy implementation, and more.

FSO Training Outcomes

Candidates who successfully complete FSO training and certification should be ready to work as FSOs. This means being able to understand and maintain compliance with complex regulations, as well as introducing and managing the security measures required for compliance across an organization. Certified FSOs can successfully identify gaps in an organization’s security, lead any necessary course correction, and, ultimately, create the security necessary for an organization to operate effectively and within compliance for government contracts.

WHAT IS IT LIKE UNDERGOING THE FSO CERTIFICATION PROCESS?

If you meet the eligibility requirements to seek FSO certification, you may wonder what the experience will entail. How intense is the work involved? Will it fit in well with your other responsibilities? As an employer, you may wonder how it will impact your employee’s capacity to take on work during the training period. The best way to understand the experience is from people who have been through it themselves.

In order to give a better sense of the experience, three of Sentient Digital and RDA’s FSOs gave their perspective on FSO certification. RDA has two newly minted FSOs, Tina Greaves and Lisa Dionne. Together, they have been working with Terri Mrock, an FSO for Sentient Digital, who has served in a sort of mentorship role, answering questions about the facilities they have had throughout the process and showing them how to find the information they need. 

Greaves notes that the certification process for herself and Dionne involved approximately 50 hours of training and testing within a six-month window.  However, they both completed the process early, indicating the flexibility of timing of the courses within the six-month timeframe and how well they can fit in with your other job responsibilities.

Regarding the subjective experience of going through the process, Dionne notes that, “In my recent FSO certification training over this past summer, I have come to appreciate more fully the extent of the honesty and goodwill of government contract workers, who act with the utmost integrity in their daily undertakings to minimize bad actors, and protect and safeguard information that directly affects the efforts of the warfighter in protecting the lives and interests of the American people.” Even though the training may seem daunting when you contemplate beginning it, you may enjoy the process and find that it furthers your appreciation of your organization and fellow employees. 

Mrock, who had previously completed the process of becoming an FSO for Sentient Digital, recalled her experience of becoming an FSO, stating, “The transition to an Industry FSO was based on my experiences as a Security Officer while I was active duty in the Navy. I was able to provide the continuity for SDi when the company was really first starting and didn’t have a qualified person for the position. I did complete the required FSO training well in advance of the 6 month due date.” Mrocks experience again indicates that it is possible to complete the FSO training for certification prior to the six-month deadline, which may help with fitting it around your other work requirements.  

WHAT CAN YOU EXPECT ONCE YOU BECOME AN FSO?

If you become an FSO, you will continue to have support in performing your tasks from DCSA. DCSA provides resources including a Facility Security Officer Toolkit via its Center for Development of Security Excellence. Recognizing the many complex situations FSOs need to be able to handle, the Toolkit is organized by situation, and among the included tools are links to eLearning courses, Job Aids, and links to relevant entities and helpful items such as a sample Technology Control Plan (TCP). Just as the work of an FSO involves continually keeping the organization’s facility security measures up to date, an FSO must always stay up to date on security risks and prevention and remediation plans, so continuing education and support is provided. As noted above, NISPOM can also change over time, so FSOs need continuing education to stay up to date on the applicable standards, too. 

With regard to what having FSO certification brings to her work, Greaves says that since she and Dionne completed the certification, RDA now has 2 home-grown FSOs who RDA’s people, its customers, and its facilities, and have the credentials for an in-house FSO position. She notes that RDA Doylestown and RDA Warrenton are both Possessing Facilities and are held to a higher standard of security requirements. 

FSOs should bear in mind the importance of having a strong understanding of the areas Greaves mentions (fellow employees, customers, and the facilities themselves). With regard to the people element in particular, enforcement of security policies is much easier when employees buy into the need for them, and this can be much more easily achieved through the “home-grown” relationship that Greaves describes.

Greaves notes that she and Dionne continue to learn as FSOs as new items and issues arise.  However, they will work closely together to ensure RDA’s Security Compliance as Possessing Facilities in accordance with the NISPOM requirements. This clearly illustrates the need for collaboration among qualified security professionals in order to achieve their objectives. It is also apparent that a desire for continual growth and personal development to become a better FSO must be present for an employee to serve effectively in this role.

Dionne also stresses the continual growth and support that take place both during certification and as she begins working as an FSO, stating, “I feel very privileged to be part of this great cause and feel fully supported by my colleagues at RDA, Inc. and Sentient Digital.” She particularly thanks Greaves “for her patience and guidance in this process” and noted that she looks forward to working with her “in providing outstanding service to our fellow employees and in ensuring we are in absolute compliance with all NISPOM requirements for RDA, Inc.”

As reflected in these comments, in evaluating whether the role of FSO is for you, it is important to consider whether you feel this kind of passion about the cause of security and have a team around you that will put in the work to support you in this mission. Similarly, organizations endeavoring to determine the best employee to serve as an FSO should consider whether that employee possesses these traits of mission-focus and an attitude of collaboration in service to that mission. 

When it comes to the practical elements of working as an FSO, Mrock notes that maintaining a clearance is currently easier than ever, due to the use of Continuous Evaluation. Continuous Evaluation essentially means that less is required from personnel who apply and makes the program easier to manage. However, in spite of this ongoing monitoring of an employee’s eligibility for security clearance, there is still a requirement to do another SF-86 at five-year intervals.

Mrock also discussed the supportive environment as an important aspect of her work as an FSO. “We have a ‘network’ of FSOs for Sentient Digital and RDA, and all four FSOs are comfortable reaching out with questions or when assistance is needed. I think that gives us an even stronger program.” Once again, these comments indicate the importance of being willing to reach out for help and being able to receive it when working as an FSO.

Top Challenges Faced by FSOs

FSOs have significant responsibilities and face a number of challenges in their work. Today, three major challenges emerge: crisis response, insider threats, and compliance for distributed teams.

Crisis Response

Every FSO hopes to avoid a crisis, but it is critically important to be prepared to act when one occurs. Even if your security keeps out bad actors, natural disasters such as hurricanes, tornadoes, or earthquakes pose a threat to the physical security of a facility, which can compromise any classified documents or information held there. While the security of the facility and its classified information is paramount, so too is maintaining the safety of staff during an emergency.

Insider Threats

Threats from foreign entities are to be expected, but successful FSOs must likewise acknowledge the threats posed by insiders in an organization. Insiders who have authorized access to classified documents or information have already achieved what outside threats can expend significant resources to accomplish. All it takes is for such an insider to risk the security of that information, whether it is intentional or not. The fact that staff may mean well but still accidentally compromise information is an especially complicated issue for FSOs to tackle. An FSO must ensure that staff are adequately knowledgeable about security and follow proper procedures to avoid accidental security leaks or breaches, while still maintaining employees’ trust and morale.

Compliance for Distributed Teams

Today, more than ever before, it is important that FSOs can maintain compliance across a distributed workforce. Remote work has become the norm, and indeed the preference, for many organizations and their staff. This creates new and complex challenges when it comes to maintaining physical and digital security for all employees. Staff must be made to adhere to all security measures with fewer opportunities for oversight. An FSO must create and implement security procedures that account for all staff’s work environments, as well as monitor these processes remotely, in order to adequately maintain security standards, protect classified information, and ensure compliance.

How Becoming an FSO Can Also Benefit Your Career

While your primary motivations for seeking FSO certification may be to enhance security in your organization and allow it to comply with security regulations for government contractors, becoming an FSO will also provide you with a useful skill to grow your career.

If you’re looking for professional development and leadership opportunities in your career, gaining your Facility Security Officer certification can put you on a path for growth. An organization’s FSO is in charge of understanding every security measure and need of that facility. This gives you a widespread knowledge of security issues and your organization’s operations, including physical security, cyber security, staff, communications, contingency planning, and more. To successfully create, introduce, and maintain comprehensive facility security means you will need to develop strong abilities in threat monitoring and analysis, policy creation, program management, staff training, and other highly sought-after skills.

Additional skills critical to the FSO role that can further your career include:

• Strong analytical abilities and attention to detail, both in understanding compliance requirements and ensuring they are adequately fulfilled across the organization.
• Understanding how to apply specific standings, such as the National Industrial Security Program Operating Manual (NISPOM), to different industries.
• Managing government compliance and secure procedures for contractors, such as handling classified contracts, data, and other information.
• Leading staff across departments in successfully following security processes.
• Communicating effectively with various stakeholders to keep them apprised of security and compliance needs.
• Providing robust crisis response and management as a leader in the organization’s security.

The unique challenges and responsibilities of an FSO translate easily into other roles. An FSO’s skills in security, compliance, leadership, and management are highly valued in both the public and private sector. In general, FSOs have problem-solving, relationship building, and organizational abilities that can serve them well in a variety of roles across different industries. This wide-ranging skill set creates significant career mobility for FSOs.

INTERESTED IN LEARNING MORE ABOUT FEDERAL GOVERNMENT OR DEFENSE CONTRACTING?

SDi and its subsidiary RDA have many years of experience in government and military contracting. Our custom technology solutions help our government and military clients to receive the benefits of technologies such as AI for increased efficiency and security. You can read more about some of the services we provide here. 

If you are interested in more resources about government contracting topics, check out our blog posts on topics such as the IPV6 Mandate and OTAs. We also share our industry-specific career-building expertise by publishing blog posts on topics ranging from the experience of being a woman working in the defense industry to the importance of lifelong learning in tech careers. Additionally, we are happy to share our advice for job seekers in our industry, such as issues surrounding security clearance, and if you have the qualifications to be an asset to our work, we encourage you to apply for our open positions.