NSTSSI Security Education Standards |
3. ADMINISTRATIVE a. Policies/Procedures (1) identify basic/generic management issues; (2) define change control policies; (3) discuss documentation; (4) explain electronic records management; (5) describe object reuse; (6) define operational procedure review; (7) discuss policy enforcement; (8) identify procedures; (9) discuss security inspections; and (10) describe local password management policy. b. Countermeasures/Safeguards (1) give examples of alarms, signals and reports; (2) define application development control; (3) assist in preparing assessments; (4) identify countermeasures; (5) describe disaster recovery procedures; (6) discuss disposition of classified information; (7) practice disposition of media and data; (8) practice document labeling; (9) discuss proper use of security safeguards; (10) define separation of duties; (11) identify storage media protection and control; and (12) define system software controls.