Strategic Security Intelligence


NSTSSI Security Education Standards

Standards

Top - Help

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved 

                   
                                           ANNEX B

                                 CONCOMITANT CAPABILITIES
                                    FOR SYSTEM CERTIFIERS

These requirements do not imply that the System Certifiers need be an expert in these
global and specific concomitant capabilities, but he or she must be qualified to discuss,
explain, and employ them. The concomitant System Certifiers capabilities include but are
not limited to the following:
             
                 
GLOBAL CAPABILITIES:                           SPECIFIC CAPABILITIES:
                   
administrative security                        acquisition and C&A processes
personnel security                             assessment and testing methodology
physical security                              addressing client server security to evaluate
communications security                             that portion of the system
network security                               client/server security
server security                                vulnerability self-audit capabilities
client/workstation security                         (analyzing the capabilities of the system
database security                                   system to detect changes and
application security                                vulnerabilities)
cryptographic key management                   ability to appraise the client/server security
understanding how a system will be used, in         posture in light of the CONOPS
  what environment, and by whom                     and the abilities of the expected users and
documentation                                       system administrators
business background                            configuration management processes
computer science background                    developing data flow diagrams.
creativity in achieving solutions              documenting security violations
creativity in functional solutions             functional job requirements for INFOSEC
decision-making and management skills               personnel (SA, ISSO, ISSM, DAA, etc.)
engineering background                         best practices in information assurance
flexibility                                    hardware, software, firmware
interpersonal skills                           updating operating procedures
quick learner                                  maintaining currency of the CONOPS
ability to see the "big picture"               knowledge of certification tools
self-starter/motivated                         legal aspects of testing (limitations to
ability to work well in a team                      monitoring, etc.)
ability to think outside the box/system        knowledge of operating systems
ability to accept challenges                   risk management methodologies
TEMPEST                                        roles and responsibilities of C&A personnel
INFOSEC                                        technical knowledge of networks, servers,
OPSEC                                               workstations, operating systems, etc.
communication/writing skills                   understanding of current threats and
political skills                                    incidents)