- Field Operations
- Overview
- Field Office Locations
- Facility Clearance Branch (FCB)
- Office of Designated Approving Authority (ODAA)
- Industry Tools
- NISPOM/ISLs (Security Library)
- Foreign Ownership, Control or Influence
- Overview
- Contact Us
- FOCI Policy
- FOCI Conferences
- FOCI Mitigation Instruments
- National Interest Determinations
- Outside Director/Proxy Holder Information
- Sample Technology Control Plan
- FOCI Collocation
- FOCI FAQs
- International Division
- Overview
- Limited Access Authorizations (LAAs) for Non-U.S. Citizens
- Policy
- Overview
- Contact Us
- Policy FAQs
- NISPOM/ISLs (Security Library)
- Policy News/Archives
- Agency Agreements
Common Vulnerabilities
The following are the most common vulnerabilities found during DSS assessments.
- Not auditing and reviewing audit results for classified systems
- Persons without proper eligibility accessing classified
- Processing on an unaccredited system
- Unreported FCL change conditions (foreign buyout, etc)
- Uncleared Key Management Personnel
- Personnel clearance re-investigations out-of-scope
- Lack of process to detect and deter viruses / malicious code
- Not reporting classified compromises
- Classified IS configuration and connectivity management
- Poor safe combination security