Security Violations?


#1

I was wondering if anyone out there has examples of security violations? I read about people getting their clearance revoked or suspended for DUI's and things of that nature which makes since. Can someone provide other examples of what might constitute an Incident Report in JPAS?

Are the rules different for DoD vs Contracting? I work in an S2 shop for 750 personnel and I've never encountered any of the issues I read about.


#2

In many cases, a person can be written up for an 'infraction' which may not need to be reported outside the company. Where I work, if you get more than a certain number of infractions in a given period of time, then it must be reported.

Things like leaving a classified container unsecured, leaving classified material out unsecured, leaving a classified workstation unattended. violating some security policy related to a secure system, these things could be written up as an infraction, or possibly have to be reported to the customer.

Many years ago I heard of a guy in the military who intentionally left a safe open so somebody else could access their security file or something stupid like that. It was reported, the individual lost his clearance. That's the only incident that comes to mind where something absolutely had to be reported up the chain.


#3

Bringing a cell phone or blue tooth enabled anything into a TS vault is prohibited. Accidental? Infraction and reportable. Intentional? That is a violation. It must be reported to the cognizant security office and the individual should be written up. If you are a contract company you do this to maintain faith with the client that you take these situations seriously. Now, if you give the combinations to an uncleared member or allow them access to the vault or log on for your TS account...it is more severe. I had an employee fax a classified document to an unclass machine in a vault. Since nobody really knows where the electrons go with a fax it was viewed as a violation and an incident report was submitted by my client against the individual. If they have zero incidents following up it is meaningless. If they have stumble after stumble, their risk to the government is much higher than a person who has zero infractions. In that case their clearance is at risk. You can't really say it will or won't get pulled. But the risk is there. As it is for non reporting.