DoD 8570.01-M (with Change-3), Information Assurance Workforce Improvement Program
What must be used as the Position Specialty Code (PSC) in the Defense Civilian Personnel Data System for all DoD civilian positions and personnel with IA functions regardless of OPM series or job title?
INFOSEC
Personnel who are not appropriately qualified within how many months of assignment to a position or who fail to maintain their certification status shall not be permitted privileged access?
6 months
Waivers issued by DAAs to waive certification requirements when there are severe operational or personnel constraints cannot exceed how many months?
6 months
What is the maximum time that Designated Accrediting Authorities (DAAs) can issue certification requirement waivers for severe operational or personnel constraints?
6 months
Within how many months of IA duty assignments must all military and government civilian IAT personnel achieve the appropriate IA certification unless a waiver is granted?
6 months
Within how many months of assignment of IA duties must IASAE specialty military and Government civilian personnel achieve the appropriate IA baseline certification for their level?
6 months
Within how many months of assignment to an accredited CND-SP position must all CND-SP specialty military and Government civilian personnel achieve the appropriate CND certification?
6 months
What includes all individuals working for the DoD in a foreign country who are nationals or non U.S. residents of that country?
LN
Which personnel are responsible for the design, development, implementation, and/or integration of a DoD IA architecture, system, or system component for use within their CE?
IASAE Level I
Which personnel are responsible for the design, development, implementation, and/or integration of a DoD IA architecture, system, or system component for use within the NE?
IASAE Level II
Which positions may not be held by LNs or FNs?
IASAE Level III
Which positions are responsible for the design, development, implementation, and/or integration of a DoD IA architecture, system, or system component for use within CE, NE, and enclave environments?
IASE Level III
What is the minimum certification level that is required prior to IAMs authorizing unsupervised privileged access for personnel performing IAT Levels I through III functions?
IAT Level I
Which personnel provide Network Environment (NE) and advanced level CE support?
IAT Level II
Which personnel focus on the enclave environment and support, monitor, test, and troubleshoot hardware and software IA problems pertaining to the CE, NE, and enclave environments?
IAT Level III
Which positions are not authorized to be held by LNs or Foreign Nationals?
IAT Level III
How many years of experience do IAT Level II personnel typically have in an IA technology or a related area?
3 years
How often must personnel take IA awareness refresher training to retain access?
Annually
Which personnel are responsible for ensuring all enclave IS are functional and secure?
IAM Level III
How many years of management experience do IAM Level IIIs usually have?
10
How many years of experience do IASAE Level III personnel usually have?
10 years
What is the normal sustainment training/continuing education required over 3 years to maintain certification status for planning purposes?
120 hours
How many years of minimum experience in CND technology or a related field is recommended for CND-A personnel?
2 years
How many years after the effective date of DoD 8570.01-M do DoD employees and contractors performing IA functions have to comply with the certification requirements?
4 years
How many years from the effective date of DoD 8570.01-M do DoD employees and contractors who perform IA functions have to comply with certification requirements?
4 years
How many years of minimum experience in supporting CND and/or network systems and technology is recommended for CND-IS personnel?
4 years
How many years of management experience do IAM Level II's usually have?
5
How many years of experience do IASAE Level II personnel usually have?
5 years
How many years of minimum experience in CND technology or a related field is recommended for CND-IR personnel?
5 years
Each assigned DAA must complete the DoD DAA CBT or WBT product within how many days of assignment to the position?
60 days
How many years of experience do IAT Level III personnel typically have in IA technology or related area?
7 years
Who is responsible for developing, coordinating, and publishing baseline certification requirements for personnel who perform specialized IA functions?
AD(NII)/DoD CIO
DoD Components must use certifications approved by which office to meet the minimum IA baseline certification requirement?
ASD(NII)/DoD CIO
Who coordinates IA Training and Certification Program requirements?
ASD(NII)/DoD CIO
How often at a minimum must the IA WIPAC meet?
Annually
What must be completed by personnel who hold privileged access?
Privileged Access Agreement
Which personnel use collected data from a variety of CND tools to analyze events that occur within their environment?
CND-A
Which personnel perform assessments of systems and networks within the NE or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy?
CND-AU
Which personnel investigate and analyze all response activities related to cyber incidents within the NE or Enclave?
CND-IR
Which personnel test, implement, deploy, maintain, and administer infrastructure systems?
CND-IS
Which personnel are responsible for producing guidance for their NE or enclave, assisting with risk assessments and risk management for organizations within their NE or enclave, and are responsible for managing the technical classifications within their organization?
CND-SPM
Who do CND-IS personnel work under and typically report to?
CND-SPM
Which training requirements must the heads of the DoD components ensure are met for personnel who perform IA functions on national security systems?
Committee on National Security Systems
Who is the official that has the authority to formally assume responsibility for operating a system at an acceptable level of risk?
DAA
What manages the certification testing process requirement for the department?
DANTES
Which office provides oversight to the IA WIPAC and IA baseline certification approval process?
Defense-wide Information Assurance Program (DIAP)
Who is required to serve as the DoD Shared Service Center (SSC) for the Office of Management and Budget (OMB)-directed Information System Security Line of Business (ISS LoB) for Tier I Awareness Training?
Director of the Defense Information Systems Agency (DISA)
Which reference directs that a DAA be appointed for each DoD Information System operating within, or on behalf of, the DoD?
DoD Directive 8500.1
The heads of the DoD Components must provide for the initial IA orientation and annual awareness training to all authorized users to ensure they know, understand, and can apply the IA requirements of their system(s) IAW which reference?
DoD Directive 8570.1
Which CBT presented by DISA meets all DoD level requirements for end user awareness training?
DoD IA Awareness
What provides DoD IA policy, training requirements, and DoD sponsored training to support IA professionals?
DoD IA Portal
IA workforce data elements must comply with requirements established in which reference?
DoD Instruction 8500.2
Personnel IA certification status and renewal rates are management review items according to which reference?
DoD Instruction 8500.2
Personnel in IASAE specialty positions will retain an appointing letter assigning them IA responsibilities for their system(s) IAW which reference?
DoD Instruction 8500.2
Personnel in management category positions will retain an appointing letter assigning them IA responsibilities for their systems per which reference?
DoD Instruction 8500.2
The heads of the DoD Components must obtain the appropriate background investigation per which reference prior to granting unsupervised privileged access or management responsibilities to any DoD system?
DoD Instruction 8500.2
What are the DoD Components required to use as their IA Awareness Provider?
DoD SSC
How often must each assigned DAA recertify in the DISA DAA Certification course?
Every 3 years
What is used to consolidate IA qualification and workforce management reporting requirements?
IA WIP Annual Report
What are intended to produce IA personnel with a baseline understanding of the fundamental IA principles and practices related to the functions of their assigned position?
IA certification programs
Which personnel are responsible for the implementation and operation of a DoD IS Component within their CE?
IAM Level I
Which personnel are responsible for the implementation and operation of a DoD IS or system DoD Component within their CE?
IAM Level I
Which personnel are responsible for the IA program of an IS within their NE?
IAM Level II
Which IAM positions may not be assigned to LNs or FNs?
IAM Level III
Which functions focus on the development, operation, management, and enforcement of security capabilities for systems and networks?
Information Assurance (IA)
Personnel performing IA duties assess and implement identified corrections associated with technical vulnerabilities as part of which program?
Information Assurance Vulnerability Management (IAVM)
IA measures protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, along with what else?
Non-repudiation
All positions in the 2210 or other civilian IA job series must comply with what guidance on standardized titling?
Office of Personnel Management (OPM)
What allows identification of a DoD civilian position with IA functions regardless of OPM series or job title?
Position Specialty Code (PSC)
What has the authority to waive certification requirements under severe operational or personnel constraints?
USSTRATCOM
Who is the first and most vital line of defense for securing DoD information and systems?
User