NSTSSI Security Education Standards |
9. Report the security status of an IS, as required by the DAA a. Administrative Security Policies and Procedures E - explain the necessity of following administrative security policies and practices; E - comply with administrative policies and procedures; I - monitor compliance with administrative security policies and procedures; I - prepare report of non-compliance to the DAA; I - propose modifications to current policies and procedures; A - recommend corrective/remedial action for non-compliance; A - devise policies and procedures; and A - revise current policy and procedures. b. Agency Specific Security Policies E - describe how agency specific policies enhance the overall security posture of an IS by defining the operational environment; I - comply with agency specific security policies when reporting the security status to the DAA. (Note: see paragraph 9a; the functions are the same in this area.) c. Computer Emergency Response Team (CERT), Automated Systems Security Incident Support Team (ASSIST), Trade Journals, Bulletin Board System (BBS) Notices E - explain how other sources of information can assist the ISSO in determining the security status of an IS; I - compile information from various sources for application to local program; A - develop information dissemination plan; and A - interpret IS security information for implications on local systems.