Strategic Security Intelligence

NSTSSI Security Education Standards


Top - Help

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved

                                                ANNEX A
                           (ENTRY, INTERMEDIATE & ADVANCED LEVELS)

Job functions using competencies identified in:

DoD 5200.28-M, Automated Data Processing Security Manual
NCSC-TG-027, Version 1, A Guide To Understanding Information System Security Officer 
   Responsibilities for Automated Information Systems
DCID 1-16, Security Policy for Uniform Protection of Intelligence Processed in Automated
   Information Systems and Networks

The INFOSEC functions of an ISSO are:
            (1)     maintaining a plan for site security improvements and progress towards meeting
                    the accreditation;
            (2)     ensuring the IS is operated, used, maintained, and disposed of in accordance
                    with security policies and practices;
            (3)     ensuring the IS is accredited and certified if it processes sensitive information;
            (4)     ensuring users and system support personnel have the required security
                    clearances, authorization and need-to-know; are indoctrinated; and are familiar
                    with internal security practices before access to the IS is granted;
            (5)     enforcing security policies and safeguards on all personnel having access to the
                    IS for which the ISSO is responsible;
            (6)      ensuring audit trails are reviewed periodically (e.g., weekly, daily), and audit
                    records are archived for future reference, if required;
            (7)     initiating protective or corrective measures;
            (8)     reporting security incidents in accordance with agency-specific policy, such as
                    DOD 5200.1-R , to the designated approving authority (DAA) when an IS is
            (9)     reporting the security status of an IS, as required by the DAA; and
            (10) evaluating known vulnerabilities to ascertain if additional safeguards are

Terminal Objective:

ENTRY LEVEL:  Given a series of hypothetical system security breaches, the ISSO will identify
system vulnerabilities and recommend security solutions required to return the systems to
operational level of trust.

INTERMEDIATE LEVEL:  Given a proposed new system architecture requirement, the ISSO will
investigate and document system security technology, policy and training requirements to assure
system operation at a specified level of trust.

ADVANCED LEVEL:  Given a proposed IS accreditation action, the ISSO will analyze and
evaluate the system security technology, policy, and training requirements in support of DAA
approval to operate the system at a specified level of trust.  This analysis will include a description
of the management/technology team required to successfully complete the accreditation process.

List of performance items under job functions

    E       =      entry level
      I          =       intermediate level
      A          =       advanced level

In each of the competency areas listed below by job function, the ISSO shall perform the following
functions at the levels indicated: