 NSTSSI Security Education Standards |
| NSTSSI Security Education Standards |
SECTION II - APPLICABILITY
2. National Security Telecommunications and Information Systems Security Directive (NSTISSD) No.
501 establishes the requirement for federal departments and agencies to implement training programs for information
systems security (INFOSEC) professionals. As defined in NSTISSD 501, an INFOSEC professional is an individual
responsible for the security oversight or management of national security systems during phases of the life cycle.
That directive is being implemented in a synergistic environment among departments and agencies which are
committed to satisfying these INFOSEC education and training requirements in the most effective and efficient
manner possible. This instruction is the continuation of a series of minimum training and education standards being
developed to assist departments and agencies in meeting their responsibilities in these areas (NSTISSI Nos. 4011,
4012, 4013, and 4014). The definitions for words used in this instruction are derived from the National INFOSEC
Glossary, NSTISSI No. 4009. The references pertinent to this instruction are listed in ANNEX B.
3. The body of knowledge listed in this instruction may be
obtained from a variety of sources, i.e., the National Cryptologic
School, the General Services Administration (Office of Information
Security), and Government contractors, as well as from adaptations of
existing department/agency training programs, or from a combination of
experience and formal training. ANNEX A lists the minimal INFOSEC
performance standard for a DAA.
4. This instruction is applicable to all departments and
agencies of the U.S. Government and their contractors responsible for
the development and implementation of training for DAAs in the
disciplines of telecommunications and IS security.