| |
IA Management (IAM) Level II Position
The 8570.01-M Manual defines the following for the IA Management (IAM) Level II Position.
IAM Level II personnel are responsible for the IA program of an Information System (IS) within the Network Environment (NE). Incumbents in these positions perform a variety of security related tasks, including the development and implementation of system information security standards and procedures. They ensure that IS are functional and secure within the NE.
IAM Level II Position Requirements
|
IAM Level II
|
|
Attribute
|
Level
|
|
Experience
|
Usually has at least five years of management experience.
|
|
System Environment
|
NE IAM.
|
|
Knowledge
|
Applies knowledge of IA policy, procedures, and workforce structure to develop, implement, and maintain a secure NE.
|
|
Supervision
|
• For IA issues, typically reports to an IAM Level III (Enclave) Manager or DAA.
• May report to other senior management for network operational requirements.
|
|
Other
|
• Relies on experience and judgment to plan and accomplish goals.
• Manages IA operations for an NE(s).
|
|
IA Certification
|
Within six months of assignment to position.
|
IAM Level II Functional Requirements Functions
|
M-II.1. Develop, implement, and enforce policies and procedures reflecting the legislative intent of applicable laws and regulations for the NE.
|
|
M-II.2. Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
|
|
M-II.3. Develop NE security requirements specific to an IT acquisition for inclusion in procurement documents.
|
|
M-II.4. Recommend resource allocations required to securely operate and maintain an organization's NE IA requirements.
|
|
M-II.5. Participate in an IS risk assessment during the C&A process.
|
|
M-II.6. Develop security requirements for hardware, software, and services acquisitions specific to NE IA security programs.
|
|
M-II.7. Ensure that IA and IA enabled software, hardware, and firmware comply with appropriate NE security configuration guidelines, policies, and procedures.
|
|
M-II.8. Assist in the gathering and preservation of evidence used in the prosecution of computer crimes.
|
|
M-II.9. Ensure that NE IS recovery processes are monitored and that IA features and procedures are properly restored.
|
|
M-II.10. Review IA security plans for the NE.
|
|
M-II.11. Ensure that all IAM review items are tracked and reported.
|
|
M-II.12. Identify alternative functional IA security strategies to address organizational NE security concerns.
|
|
M-II.13. Ensure that IA inspections, tests, and reviews are coordinated for the NE.
|
|
M-II.14. Review the selected security safeguards to determine that security concerns identified in the approved plan have been fully addressed.
|
|
M-II.15. Evaluate the presence and adequacy of security measures proposed or provided in response to requirements contained in acquisition documents.
|
|
M-II.16. Monitor contract performance and periodically review deliverables for conformance with contract requirements related to NE IA , security, and privacy.
|
|
M-II.17. Provide leadership and direction to NE personnel by ensuring that IA security awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.
|
|
M-II.18. Develop and implement programs to ensure that systems, network, and data users are aware of, understand, and follow NE and IA policies and procedures.
|
|
M-II.19. Advise the DAA of any changes affecting the NE IA posture.
|
| M-II.20. Conduct an NE physical security assessment and correct physical security weaknesses. |
| M-II.21. Help prepare IA certification and accreditation documentation. |
| M-II.22. Ensure that compliance monitoring occurs, and review results of such monitoring across the NE. |
| M-II.23. Obtain and maintain IA certification appropriate to position. |
IA Management (IAM) Level II Position
The 8570.01-M Manual defines the following for the IA Management (IAM) Level II Position.
IAM Level II personnel are responsible for the IA program of an Information System (IS) within the Network Environment (NE). Incumbents in these positions perform a variety of security related tasks, including the development and implementation of system information security standards and procedures. They ensure that IS are functional and secure within the NE.
IAM Level II Position Requirements
|
IAM Level II
|
|
Attribute
|
Level
|
|
Experience
|
Usually has at least five years of management experience.
|
|
System Environment
|
NE IAM.
|
|
Knowledge
|
Applies knowledge of IA policy, procedures, and workforce structure to develop, implement, and maintain a secure NE.
|
|
Supervision
|
• For IA issues, typically reports to an IAM Level III (Enclave) Manager or DAA.
• May report to other senior management for network operational requirements.
|
|
Other
|
• Relies on experience and judgment to plan and accomplish goals.
• Manages IA operations for an NE(s).
|
|
IA Certification
|
Within six months of assignment to position.
|
IAM Level II Functional Requirements Functions
|
M-II.1. Develop, implement, and enforce policies and procedures reflecting the legislative intent of applicable laws and regulations for the NE.
|
|
M-II.2. Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.
|
|
M-II.3. Develop NE security requirements specific to an IT acquisition for inclusion in procurement documents.
|
|
M-II.4. Recommend resource allocations required to securely operate and maintain an organization's NE IA requirements.
|
|
M-II.5. Participate in an IS risk assessment during the C&A process.
|
|
M-II.6. Develop security requirements for hardware, software, and services acquisitions specific to NE IA security programs.
|
|
M-II.7. Ensure that IA and IA enabled software, hardware, and firmware comply with appropriate NE security configuration guidelines, policies, and procedures.
|
|
M-II.8. Assist in the gathering and preservation of evidence used in the prosecution of computer crimes.
|
|
M-II.9. Ensure that NE IS recovery processes are monitored and that IA features and procedures are properly restored.
|
|
M-II.10. Review IA security plans for the NE.
|
|
M-II.11. Ensure that all IAM review items are tracked and reported.
|
|
M-II.12. Identify alternative functional IA security strategies to address organizational NE security concerns.
|
|
M-II.13. Ensure that IA inspections, tests, and reviews are coordinated for the NE.
|
|
M-II.14. Review the selected security safeguards to determine that security concerns identified in the approved plan have been fully addressed.
|
|
M-II.15. Evaluate the presence and adequacy of security measures proposed or provided in response to requirements contained in acquisition documents.
|
|
M-II.16. Monitor contract performance and periodically review deliverables for conformance with contract requirements related to NE IA , security, and privacy.
|
|
M-II.17. Provide leadership and direction to NE personnel by ensuring that IA security awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.
|
|
M-II.18. Develop and implement programs to ensure that systems, network, and data users are aware of, understand, and follow NE and IA policies and procedures.
|
|
M-II.19. Advise the DAA of any changes affecting the NE IA posture.
|
| M-II.20. Conduct an NE physical security assessment and correct physical security weaknesses. |
| M-II.21. Help prepare IA certification and accreditation documentation. |
| M-II.22. Ensure that compliance monitoring occurs, and review results of such monitoring across the NE. |
| M-II.23. Obtain and maintain IA certification appropriate to position. |
|
|