IA Management (IAM) Level III Position
The 8570.01-M Manual defines the following for the IA Management (IAM) Level III Position.
IAM Level III personnel are responsible for ensuring that all enclave Information Systems (IS) are functional and secure. They determine the enclaves' long term IA systems needs and acquisition requirements to accomplish operational objectives. They also develop and implement information security standards and procedures through the DoD certification and accreditation process.
IAM Level III Position Requirements
|
IAM Level II
|
|
Attribute
|
Level
|
|
Experience
|
Usually has at least five years of management experience.
|
|
System Environment
|
NE IAM.
|
|
Knowledge
|
Applies knowledge of IA policy, procedures, and workforce structure to develop, implement, and maintain a secure NE.
|
|
Supervision
|
• For IA issues, typically reports to an IAM Level III (Enclave) Manager or DAA.
• May report to other senior management for network operational requirements.
|
|
Other
|
• Relies on experience and judgment to plan and accomplish goals.
• Manages IA operations for an NE(s).
|
|
IA Certification
|
Within six months of assignment to position.
|
IAM Level III Functional Requirements Functions
|
M-III.1. Securely integrate and apply Department/Agency missions, organization, function, policies, and procedures within the enclave.
|
|
M-III.2. Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with DoD Component level IA architecture.
|
|
M-III.3. Ensure IAT Levels I – III, IAM Levels I and II, and anyone with privileged access performing IA functions receive the necessary initial and sustaining IA training and certification(s) to carry out their IA duties.
|
|
M-III.4. Prepare or oversee the preparation of IA certification and accreditation documentation.
|
|
M-III.5. Participate in an IS risk assessment during the C&A process.
|
|
M-III.6. Ensure information ownership responsibilities are established for each DoD IS and implement a role based access scheme.
|
|
M-III.7. Analyze, develop, approve, and issue enclave IA policies.
|
|
M-III.8. Evaluate proposals to determine if proposed security solutions effectively address enclave requirements, as detailed in solicitation documents.
|
|
M-III.9. Identify IT security program implications of new technologies or technology upgrades.
|
|
M-III.10. Evaluate cost benefit, economic and risk analysis in decision making process.
|
|
M-III.11. Interpret and/or approve security requirements relative to the capabilities of new information technologies.
|
|
M-III.12. Interpret patterns of non compliance to determine their impact on levels of risk and/or overall effectiveness of the enclave's IA program.
|
|
M-III.13. Analyze identified security strategies and select the best approach or practice for the enclave.
|
|
M-III.14. Ensure that security related provisions of the system acquisition documents meet all identified security needs.
|
|
M-III.15. Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
|
|
M-III.16. Evaluate the presence and adequacy of security measures proposed or provided in response to requirements contained in acquisition documents.
|
| M-III.17. Take action as needed to ensure that accepted products meet Common Criteria requirements as stated in Reference (b). |
| M-III.18. Monitor and evaluate the effectiveness of the enclaves' IA security procedures and safeguards to ensure they provide the intended level of protection. |
| M-III.19. Provide enclave IA guidance for development of the COOP. |
| M-III.20. Ensure all IAM review items are tracked and reported. |
| M-III.21. Advise the DAA of changes affecting the enclave's IA posture. |
| M-III.22. Obtain and maintain IA certification appropriate to position. |
IA Management (IAM) Level III Position
The 8570.01-M Manual defines the following for the IA Management (IAM) Level III Position.
IAM Level III personnel are responsible for ensuring that all enclave Information Systems (IS) are functional and secure. They determine the enclaves' long term IA systems needs and acquisition requirements to accomplish operational objectives. They also develop and implement information security standards and procedures through the DoD certification and accreditation process.
IAM Level III Position Requirements
|
IAM Level II
|
|
Attribute
|
Level
|
|
Experience
|
Usually has at least five years of management experience.
|
|
System Environment
|
NE IAM.
|
|
Knowledge
|
Applies knowledge of IA policy, procedures, and workforce structure to develop, implement, and maintain a secure NE.
|
|
Supervision
|
• For IA issues, typically reports to an IAM Level III (Enclave) Manager or DAA.
• May report to other senior management for network operational requirements.
|
|
Other
|
• Relies on experience and judgment to plan and accomplish goals.
• Manages IA operations for an NE(s).
|
|
IA Certification
|
Within six months of assignment to position.
|
IAM Level III Functional Requirements Functions
|
M-III.1. Securely integrate and apply Department/Agency missions, organization, function, policies, and procedures within the enclave.
|
|
M-III.2. Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with DoD Component level IA architecture.
|
|
M-III.3. Ensure IAT Levels I – III, IAM Levels I and II, and anyone with privileged access performing IA functions receive the necessary initial and sustaining IA training and certification(s) to carry out their IA duties.
|
|
M-III.4. Prepare or oversee the preparation of IA certification and accreditation documentation.
|
|
M-III.5. Participate in an IS risk assessment during the C&A process.
|
|
M-III.6. Ensure information ownership responsibilities are established for each DoD IS and implement a role based access scheme.
|
|
M-III.7. Analyze, develop, approve, and issue enclave IA policies.
|
|
M-III.8. Evaluate proposals to determine if proposed security solutions effectively address enclave requirements, as detailed in solicitation documents.
|
|
M-III.9. Identify IT security program implications of new technologies or technology upgrades.
|
|
M-III.10. Evaluate cost benefit, economic and risk analysis in decision making process.
|
|
M-III.11. Interpret and/or approve security requirements relative to the capabilities of new information technologies.
|
|
M-III.12. Interpret patterns of non compliance to determine their impact on levels of risk and/or overall effectiveness of the enclave's IA program.
|
|
M-III.13. Analyze identified security strategies and select the best approach or practice for the enclave.
|
|
M-III.14. Ensure that security related provisions of the system acquisition documents meet all identified security needs.
|
|
M-III.15. Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed.
|
|
M-III.16. Evaluate the presence and adequacy of security measures proposed or provided in response to requirements contained in acquisition documents.
|
| M-III.17. Take action as needed to ensure that accepted products meet Common Criteria requirements as stated in Reference (b). |
| M-III.18. Monitor and evaluate the effectiveness of the enclaves' IA security procedures and safeguards to ensure they provide the intended level of protection. |
| M-III.19. Provide enclave IA guidance for development of the COOP. |
| M-III.20. Ensure all IAM review items are tracked and reported. |
| M-III.21. Advise the DAA of changes affecting the enclave's IA posture. |
| M-III.22. Obtain and maintain IA certification appropriate to position. |