New manual on security training could be a model for the rest of government
The job requirements for 80,000 Defense Department information assurance personnel just got tougher.
DOD’s newly issued information assurance manual requires services and Defense agencies for the first time to formally identify all employees with responsibility for any aspect of IA, assign them positions within a new organizational structure and ensure that each worker has the certifications required for that position.
The IT business community is affected as well. The manual requires that contractors who work in IA meet the same certification requirements and that people in jobs with significant responsibility be U.S. citizens.
The Pentagon acquisition community is expected to make the requirements part of all new contracts.
DOD finalized the manual, Information Assurance Workforce Improvement Program, DOD 8570.1-M, in December. It was issued by John Grimes, Defense CIO and assistant Defense secretary for networks and information integration.
“In my personal opinion, it’s the number one accomplishment we’ve had” in 2005, said Robert Lentz, who works for Grimes as IA director and was a primary contributor to the manual.
Lentz said this is the first time Defense has laid out a comprehensive IA architecture.
“The joint staff back in 2003 had a computer network defense manual that specified the need for training and certification, but it didn’t apply to all of DOD, and it was very decentralized regarding what constitutes certification,” he said.
Training prescription
While the manual establishes a centralized structure for IA personnel and has extensive reporting requirements, Lentz said his team opted to specify a mix of commercial certifications, online learning, continuing education and hands-on experience for IA professionals.
The certifications identified in the manual are provided by the Computing Technology Industry Association, the International Information Systems Security Certifications Consortium, the Information Systems Audit and Control Association, SecurityCertified.Net and the SANS Institute of Bethesda, Md.
The new IA workforce structure could be the basis of a governmentwide approach to security, Lentz said. Grimes chairs the Committee for National Security Systems, an interagency group governed by the White House.
“We have quarterly meetings, [and] I’ve asked that that question be raised.” Lentz said. “Let’s see what other agencies can do with our manual. We’ve done a lot of spadework.”
Lentz’s team also has been talking with the Office of Management and Budget about its Lines of Business initiative and whether this approach to IA could be applicable across the board, he said.
Digg
De.licio.us
Slashdot
Technorati
