Strategic Security Intelligence

NSTSSI Security Education Standards


Top - Help

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved

1.     GENERAL

       a.    Security Policy

             (1)    define local accountability policies;
             (2)    explain accreditation;
             (3)    discuss three agency specific security policies;
             (4)    define assurance;
             (5)    explain certification policies as related to local requirements;  
             (6)    define local e-mail privacy policies;
             (7)    describe local security policies relative to electronic records management;
             (8)    explain security policies relating to ethics;
             (9)    describe relevant FAX security policies;
             (10) discuss the concept of information confidentiality;
             (11) identify information ownership of data held under his/her cognizance;
             (12) identify information resource owner/custodian;
             (13) define local information security policy;
             (14) describe information sensitivity in relation to local policies;
             (15) discuss integrity concepts;
             (16) describe local policies relevant to Internet security;
             (17) explain local area network (LAN) security as related to local policies;
             (18) define policies relating to marking of sensitive information;
             (19) understands fundamental concepts of multilevel security;
             (20) describe policies relevant to network security;
      (21) define the functional requirements for operating system integrity;
      (22) perform operations security (OPSEC) in conformance with local policies;
      (23) explain physical security policies;
      (24) discuss local policies relating to secure systems operations;
      (25) identify appropriate security architecture for use in assigned IS(s);
      (26) describe security domains as applicable to local policies;
      (27) define local policies relating to separation of duties;
      (28) identify systems security standards policies;
      (29) identify DoD 5200.28-STD, Trusted Computer System Evaluation Criteria
             (TCSEC), or Orange Book policies;
      (30) identify TEMPEST policies;
      (31) define TEMPEST policies;
      (32) define validation and testing policies;
      (33) identify verification and validation process policies;
      (34) define verification and validation process policies;
      (35) describe wide area network (WAN) security policies;
      (36) use/implement WAN security policies;
      (37) describe workstation security policies;
      (38) use/implement workstation security policies; and
      (39) describe zoning and zone of control policies.
b.    Procedures

      (1)    practice/use facility management procedures;
      (2)    describe FAX security procedures;
      (3)    practice/use FAX security procedures;  
      (4)    describe housekeeping procedures;
      (5)    perform housekeeping procedures;
      (6)    describe information states procedures;
      (7)    distinguish among information states procedures;
      (8)    explain Internet security procedures;
      (9)    use Internet security procedures;
      (10) explain marking of sensitive information procedures (defined in C.F.R. 32
             Section 2003, National Security Information - Standard Forms, March 30,
      (11) perform marking of sensitive information procedures (defined in C.F.R. 32
             Section 2003, National Security Information - Standard Forms, March 30,
      (12) apply multilevel security;
      (13) explain the principles of network security procedures;
      (14) use network security procedures;
      (15) describe operating system integrity procedures;
      (16) perform operating systems security procedures;
      (17) assist in local security procedures;
      (18) describe purpose and contents of National Computer Security Center TG-005,
             Trusted Network Interpretation (TNI), or Red Book;
      (19) describes secure systems operations procedures;
      (20) define TEMPEST procedures;
      (21) identify TEMPEST procedures;
      (22) identify certified TEMPEST technical authority (CTTA);
      (23) describe WAN security procedures;
      (24) practice WAN security procedures; and
      (25) explain zoning and zone of control procedures.

      c.    Education, Training, and Awareness

            (1)    discuss the principle elements of security training;
            (2)    explain security training procedures;
            (3)    explain threat in its application to education, training, and awareness;
            (4)    use awareness materials as part of job;
            (5)    distinguish between education, training, and awareness;
            (6)    give examples of security awareness;
            (7)    give examples of security education;
            (8)    discuss the objectives of security inspections/reviews; and
            (9)    identify different types of vulnerabilities.

      d.    Countermeasures/Safeguards
            (1)    discuss the different levels of countermeasures/safeguards assurance;
            (2)    describe e-mail privacy countermeasures/safeguards;
            (3)    define Internet security;
            (4)    describe what is meant by countermeasures/safeguards;
            (5)    describe separation of duties;
            (6)    define countermeasures/safeguards used to prevent software piracy;
            (7)    define TEMPEST countermeasures/safeguards; and
            (8)    explain what is meant by zoning and zone of control.
      e.    Risk Management

            (1)    explain ways to provide protection for Internet connections;
            (2)    describe operating system integrity;
            (3)    define TEMPEST as it relates to the risk management process;
            (4)    identify different types of threat;
            (5)    explain WAN security; and
            (6)    explain what zoning and zone of control ratings are based on.