Information Assurance - System Training and Certification/ IA Personnel
An XCCDF Rule
Description
<VulnDiscussion>Improperly trained personnel can cause serious system-wide/network-wide problems that render a system/network unstable. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), Encl A, para 11. DODI 8500.01, SUBJECT: Cybersecurity, March 14, 2014 , Encl 2, para 9.g., 13.k.(2); Encl 3, para 10. a-e NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: AT-2, AT-3, CP-3, IR-2 DOD 8570.01-M, Information Assurance Workforce Improvement Program, Appendix 3 DODD 8140.01, Cyberspace Workforce Management, 11 Aug 15, paragraphs 3.c. and 9.j. DODI 8140.02 Identifying-Tracking and Reporting of Cyberspace Workforce Requirements DODM 8140.03 Cyberspace Workforce Qualification and Management System DOD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016, Chapter 8, paragraphs 8-103.a.(6) & 8-302.a.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-245776r917333_rule
- Severity
- Medium
- Updated
Remediation - Manual Procedure
1. A program must be in place to establish and document required training/certification of (IA) IAM/IAT personnel.
2. In addition to the initial and recurring (annual) training requirements every system user must undergo, the IA staff such as ISSM, ISSO, SA, NSO must be part of an organizational certification program IAW DOD 8570.01-M, IA Workplace Improvement Program.
3. Training/certification requirements must be documented for each IA staff member to include their current certification level: IAM (I-III) or IAT (I-III).