V-245871
Traditional Security Checklist
Title
Security and Cybersecurity Staff Appointment, Training/Certification and Suitability
Description
<VulnDiscussion>Failure to formally appoint security personnel and detail responsibilities, training and other requirements in the appointment notices could result in a weaken security program due to critical security and information assurance personnel not being fully aware of the scope of their duties and responsibilities or not being properly trained or meeting standards for appointment to assigned positions. REFERENCES: DOD 8570.01-M, Information Assurance Workforce Improvement Program, 19...
Fix Text (Documentation Requirement)
1. Ensure there are appointment letters for all Traditional Security staff and Cybersecurity staff members including the SM, DAA, IAM, IAOs, System Administrators (SA), and Network Security Officers (NSO). 2. Ensure the appointments are current and appropriate authorities have made the appointments. 3. Ensure that pertinent duties, responsibilities, training/certification and other suitability requirements for the appointed positions are contained in the appointment order. 4. Ensure that security staff have been properly trained and certified for the positions to which they are appointed (e.g., IAM I, II or III for ISSM/ISSO) and that they meet all applicable requirements for the positions. For instance the AO and ISSM must be US citizens. NOTE: DODM 8570 requirements will be met unt...