NSTSSI Security Education Standards |
ANNEX B CONCOMITANT CAPABILITIES FOR SYSTEM CERTIFIERS These requirements do not imply that the System Certifiers need be an expert in these global and specific concomitant capabilities, but he or she must be qualified to discuss, explain, and employ them. The concomitant System Certifiers capabilities include but are not limited to the following: GLOBAL CAPABILITIES: SPECIFIC CAPABILITIES: administrative security acquisition and C&A processes personnel security assessment and testing methodology physical security addressing client server security to evaluate communications security that portion of the system network security client/server security server security vulnerability self-audit capabilities client/workstation security (analyzing the capabilities of the system database security system to detect changes and application security vulnerabilities) cryptographic key management ability to appraise the client/server security understanding how a system will be used, in posture in light of the CONOPS what environment, and by whom and the abilities of the expected users and documentation system administrators business background configuration management processes computer science background developing data flow diagrams. creativity in achieving solutions documenting security violations creativity in functional solutions functional job requirements for INFOSEC decision-making and management skills personnel (SA, ISSO, ISSM, DAA, etc.) engineering background best practices in information assurance flexibility hardware, software, firmware interpersonal skills updating operating procedures quick learner maintaining currency of the CONOPS ability to see the "big picture" knowledge of certification tools self-starter/motivated legal aspects of testing (limitations to ability to work well in a team monitoring, etc.) ability to think outside the box/system knowledge of operating systems ability to accept challenges risk management methodologies TEMPEST roles and responsibilities of C&A personnel INFOSEC technical knowledge of networks, servers, OPSEC workstations, operating systems, etc. communication/writing skills understanding of current threats and political skills incidents)