13 FAM 300
Agency Mandated training
13 FAM 301
Mandatory Training
13 FAM 301.1
Mandatory security training for all department employees
(CT:TPD-1; 09-18-2019)
(Office of Origin: FSI)
13 FAM 301.1-1 CYBER SECURITY
AWARENESS TRAINING (PS800)
(CT:TPD-1; 09-18-2019)
(State Only)
(Civil Service and Foreign Service Employees)
a. In order to meet the requirements of the Federal
Information Security Modernization Act of 2014 (44 U.S.C. 3551), all Department
computer users are required to complete and pass the annual online Cyber
Security Awareness course (PS800) before the 1-year anniversary of their last
cyber security awareness test. Any user that fails to meet this requirement
may have their OpenNet Plus access revoked, pending completion of the course
and exam.
b. It is primarily each employees responsibility to
ensure he or she completes any mandatory cyber security awareness training
requirement identified in this subchapter.
c. Individuals can enroll for cyber security awareness
training online through the Foreign Service Institute (FSI) OpenNet Web site.
13 FAM 301.1-2 COUNTERINTELLIGENCE
AND INSIDER THREAT TRAINING (EX250/EX251)
(CT:TPD-1; 09-18-2019)
a. In order to meet the requirements of Executive Order
13587, Structural Reforms to Improve the Security of Classified Networks and
the Responsible Sharing and Safeguarding of Classified Information, dated
October 7, 2011, executive branch departments and agencies must establish an
Insider Threat Program for deterring, detecting, and mitigating insider
threats, including the safeguarding of classified information from
exploitation, compromise, or other unauthorized disclosure. The Bureau of
Diplomatic Security (DS) is responsible for the Departments Insider Threat
Program. A key tenet, and a minimum standard, of a successful insider
threat program is robust employee training and awareness. The
Departments policy can be found in 12 FAM 513.
b. Annual online training, as described in 12 FAM 513.5,
is required for all Department employees, contractors, and persons who fall
under chief-of-mission (COM) authority, regardless of agency, who have an
OpenNet account. It is each employees responsibility to ensure he or she
completes the mandatory counterintelligence and insider threat awareness
training annually.
c. To deliver this mandatory training, DS developed
two online 1-hour courses, Annual Counterintelligence and Insider Threat
Awareness Training for Cleared Americans (EX250) and Annual Counterintelligence
Awareness Training for Uncleared Americans and LE Staff (EX251) through the
Foreign Service Institute (FSI). DS also offers in-person oral briefings
for employees without computer access or for those who may have language
barriers. Domestically, these briefings are conducted by the Counterintelligence
Division (DS/ICI/CI), and overseas, by the regional security office.
d. DS/ICI/CI is responsible for administering and
monitoring compliance via data from FSIs Student Training Management System
(STMS) for direct-hire employees (FS, GS, and locally employed staff), the
iPost database for contractors, and sign-in sheets from in-person briefings.
13 FAM 301.1-3 MANDATORY TRAINING
FOR CLASSIFIERS and users OF NATIONAL SECURITY INFORMATION (PK400)
(CT:TPD-1; 09-18-2019)
(State Only)
(All State Employees)
a. To meet the requirements of the Reducing
Over-Classification Act of 2010 (Public Law 111-258) and Executive Order
13526, Classified National Security Information, all Department of State
employees and contractors with a security clearance must complete training in
proper classification, declassification, marking, and handling of classified
national security information (see 5 FAM 480).
The prescribed Foreign Service Institute (FSI) course is PK400, Mandatory
Training for Classifiers and Users of National Security Information. This
course is an augmented replacement of PK323, Classified and Sensitive But
Unclassified Information: Identifying and Marking.
b. This training is mandatory on an annual basis for
employees and contractors with a security clearance. Those employees and
contractors with a security clearance who fail to complete the training on an
annual basis will lose access to OpenNet.
c. Bureaus and posts are responsible for:
(1) Ensuring covered employees and contractors
complete the prescribed training prior to classifying information; and
(2) Suspending classification authority for covered
employees or contractors who fail to complete the training, and reporting those
names to A/GIS/IPS annually with a description of how the classification
authority was suspended.
d. Department employees and contractors are responsible
for reviewing and updating their security clearance information (see link
below), monitoring their training to ensure timely completion on an annual
basis and should provide a certificate of completion upon request.
e. Users may access an online training dashboard to
manage and track this and other training required for OpenNet access.
13 FAM 301.1-4 RECORDS MANAGEMENT
(PK217)
(CT:TPD-1; 09-18-2019)
Statutory requirements of the Federal Records Act and
mandates by the U.S. National Archives and Records Administration (NARA)
Bulletin 2017-01 require all State Department employees (Civil Service, Foreign
Service, Locally Employed Staff), contractors (PSC and Third Party), and other
agency personnel with OpenNet access to complete Records Management for
Everyone (PK217) once each calendar year.
(1) This training is mandatory on an annual basis for
all Department personnel with OpenNet access. Those employees who fail to
complete the training on an annual basis will lose access to OpenNet.
(2) Bureaus and posts are responsible for ensuring
covered personnel complete the prescribed training.
(3) All Department personnel are responsible for
monitoring their training to ensure timely completion on an annual basis and
should provide a certificate of completion upon request.
(4) Users may access an online training dashboard to
manage and track this and other training required for OpenNet access.