Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Traditional Security Checklist
SM-01.03.01
Security and Cybersecurity Staff Appointment, Training/Certification and Suitability
Security and Cybersecurity Staff Appointment, Training/Certification and Suitability
An XCCDF Rule
Details
Profiles
Prose
Security and Cybersecurity Staff Appointment, Training/Certification and Suitability
Medium Severity
<VulnDiscussion>Failure to formally appoint security personnel and detail responsibilities, training and other requirements in the appointment notices could result in a weaken security program due to critical security and information assurance personnel not being fully aware of the scope of their duties and responsibilities or not being properly trained or meeting standards for appointment to assigned positions. REFERENCES: DOD 8570.01-M, Information Assurance Workforce Improvement Program, 19 December 2005, Incorporating Change 4, 11/10/2015 Chap 3, para C3.2.4.4., Chap 4 para C4.2.3.6., Chap 5 para C5.1.1. and Chap 10 para C10.2.3.6. DODD 8140.01 Cyberspace Workforce Management DODI 8140.02 Identifying-Tracking and Reporting of Cyberspace Workforce Requirements DODM 8140.03 Cyberspace Workforce Qualification and Management Program DOD Manual 5200.02, PROCEDURES FOR THE DOD PERSONNEL SECURITY PROGRAM (PSP), Effective: April 3, 2017 Section 2, paragraph 2.10.a., h. & i. and Appendix 7A: Determination Authorities NIST Special Publication 800-53 (SP 800-53) Controls: PM-2, PS-2, PS-3, AC-5, AC-6(5), PM-10, CA-6 and AT-3 DOD Manual 5200.01, Volume 1, 24 February 2012, SUBJECT: DOD Information Security Program: Overview, Classification, and Declassification Encl 2, para 6.b., 7., 7.c., 8.b., 8.c., 8.d., 9. & 12.; Encl 3 para 6.a., 6.b. & 6.b.(5); and Definitions, pg 76 activity SM CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), 9 February 2011 Encl C, paragraphs 3.a.(1) (2)(a)(b), 4.a. through 4.e., 26.(c), & 27. and Encl A para 11.b. DOD 5220.22-M (NISPOM), February 2006, Incorporating Change 2, May 18, 2016 Paragraphs: 1-201., 2-103.c., 2-306.d., 3-102., & 8-103 DODI 8500.01, March 14, 2014, SUBJECT: Cybersecurity Enclosure 2, paragraph 1.c., 13.c. and Enclosure 3, paragraph 13.b., 16.a.(2), 18.d. Satisfies: Security and Cybersecurity Staff Appointment, Training/Certification and Suitability</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>