Strategic Security Intelligence

NSTSSI Security Education Standards


Top - Help

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved

9.     Report the security status of an IS, as required by the DAA
       a.    Administrative Security Policies and Procedures
             E      - explain the necessity of following administrative security policies and practices;
             E      - comply with administrative policies and procedures;
             I      - monitor compliance with administrative security policies and procedures;
             I      - prepare report of non-compliance to the DAA;
             I      - propose modifications to current policies and procedures;
             A      - recommend corrective/remedial action for non-compliance;
             A      - devise policies and procedures; and
             A      - revise current policy and procedures.

       b.    Agency Specific Security Policies
             E      - describe how agency specific policies enhance the overall security posture of an
                     IS by defining the operational environment;
             I      - comply with agency specific security policies when reporting the security status
                     to the DAA.
             (Note:  see paragraph 9a; the functions are the same in this area.)
       c.    Computer Emergency Response Team (CERT), Automated Systems Security Incident
Support Team (ASSIST), Trade Journals, Bulletin Board System (BBS) Notices

             E      - explain how other sources of information can assist the ISSO in determining the
                     security status of an IS;
             I      - compile information from various sources for application to local program;
             A      - develop information dissemination plan; and
             A      - interpret IS security information for implications on local systems.