 NSTSSI Security Education Standards |
| NSTSSI Security Education Standards |
9. Report the security status of an IS, as required by the DAA
a. Administrative Security Policies and Procedures
E - explain the necessity of following administrative security policies and practices;
E - comply with administrative policies and procedures;
I - monitor compliance with administrative security policies and procedures;
I - prepare report of non-compliance to the DAA;
I - propose modifications to current policies and procedures;
A - recommend corrective/remedial action for non-compliance;
A - devise policies and procedures; and
A - revise current policy and procedures.
b. Agency Specific Security Policies
E - describe how agency specific policies enhance the overall security posture of an
IS by defining the operational environment;
I - comply with agency specific security policies when reporting the security status
to the DAA.
(Note: see paragraph 9a; the functions are the same in this area.)
c. Computer Emergency Response Team (CERT), Automated Systems Security Incident
Support Team (ASSIST), Trade Journals, Bulletin Board System (BBS) Notices
E - explain how other sources of information can assist the ISSO in determining the
security status of an IS;
I - compile information from various sources for application to local program;
A - develop information dissemination plan; and
A - interpret IS security information for implications on local systems.