Why was the timing for CMPC refresher training removed from the Information Security Manual?
The timing element was removed to provide CMPC POCs with sufficient latitude to manage and implement their program. The Manual requires each site/facility to establish its own CMPC Program with a CMPC Point-of-Contact (POC). There is a national requirement for individuals to have an initial security briefing and/or training when they receive a clearance or access authorization. There is also a national requirement for an annual security refresher briefing based on that initial security briefing/training. In addition, individuals who work with classified information on a routine basis are required to receive detailed CMPC briefing/training as it applies to their job duties prior to their taking on those tasks. Since the CMPC POC is knowledgeable about the activities and missions at their site/facility, they are responsible for determining when CMPC briefing/training should be provided based on their knowledge of the national requirements, the information provided at the initial security
