 NSTSSI Security Education Standards |
| NSTSSI Security Education Standards |
SECTION II - SCOPE APPLICABILITY
2. National Security Telecommunications and Information Systems Security Directive
No. 501 establishes the requirement for federal departments and agencies to implement training
programs for information systems security (INFOSEC) professionals. As defined in NSTISSD
501, an INFOSEC professional is an individual responsible for the security oversight or
management of national security systems during phases of the life cycle. That directive is being
implemented in a synergistic environment among departments and agencies which are
committed to satisfying these INFOSEC education and training requirements in the most
effective and efficient manner possible. This instruction is the continuation of a series of
minimum training and education standards being developed to assist departments and agencies
in meeting their responsibilities in these areas (NSTISSI Nos. 4011, 4012, 4013, and 4014). The
definitions for words used in this instruction are derived from the National INFOSEC Glossary,
NSTISSI No. 4009. The references pertinent to this instuction are listed in ANNEX B. Other
documents which can be used in conjunction with this document are listed in ANNEX C.
3. The body of knowledge listed in this instruction may be obtained from a variety of
sources, i.e., the National Cryptologic School, the General Services Administration (Office of
Information Security), and Government contractors, as well as from adaptations of existing
department/agency training programs, or from a combination of experience and formal training.
ANNEX A lists the minimal INFOSEC performance standard for an ISSO.
4. This instruction is applicable to all departments and agencies of the U.S.
Government and their contractors responsible for the the development and implementation of
training for ISSOs in the disciplines of telecommunications and IS security.