IASAE Level III

Attribute

Level

Experience

Usually has at least 10 years of IASAE experience.

System Environment

Enclave Environment IASAE.

Knowledge

Applies knowledge of IA policy, procedures, and workforce structure to design, develop, and implement a secure enclave environment.

Supervision

• Typically reports to a DAA for IA issues.

• May report to other senior managers for enclave operational requirements.

Other

• Must be a U.S. Citizen.

• Relies on extensive experience and judgment to plan and accomplish enclave security related goals.

• May also serve in a management/oversight capacity for an enclave(s).

IA Certification

Within 6 months of assignment to position.

IASAE-III.1. Identify information protection needs for the enclave environment.

IASAE-III.2. Define enclave security requirements in accordance with applicable IA policies (e.g., DoD Directive 8500.1, “Information Assurance (IA),” October 24, 2002 and Director of Central Intelligence Directive 6/3, “Protecting Sensitive Compartmented Information within Information Systems”, June 5, 1999 and organizational security policies).

IASAE-III.3. Provide input on IA security requirements to be included in statements of work and other appropriate procurement documents.

IASAE-III.4. Support Program Managers responsible for the acquisition of DoD IS to ensure IA architecture and systems engineering requirements are properly addressed throughout the acquisition life-cycle.

IASAE-III.5. Design security architectures for use within the enclave environment.

IASAE-III.6. Design and develop IA or IA-enabled products for use within the enclave.

IASAE-III.7. Design and develop CDS for use within CE, NE, or enclave environments.

IASAE-III.8. Develop and implement security designs for new or existing enclave system(s). Ensure that the design of hardware, operating systems, and software applications adequately address IA security requirements for the enclave.

IASAE-III.9. Design, develop, and implement security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation for the enclave environment.

IASAE-III.10. Design, develop, and implement specific IA countermeasures for the enclave.

IASAE-III.11. Develop interface specifications for use within the enclave environment.

IASAE-III.12. Develop approaches to mitigate enclave vulnerabilities and recommend changes to system or system components as needed.

IASAE-III.14. Develop IA architectures and designs for DoD IS with high integrity and availability requirements, to include MAC I systems as defined in DoD Instruction 8500.2, “Information Assurance (IA) Implementation,” February 6, 2003 and DoD Directive 8500.1, “Information Assurance (IA),” October 24, 2002, systems with a high Level-of-Concern for availability or integrity in accordance with Director of Central Intelligence Directive 6/3, “Protecting Sensitive Compartmented Information within Information Systems”, June 5, 1999, and other DAA designated systems.

IASAE-III.15. Develop IA architectures and designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data (e.g., UNCLASSIFIED, SECRET, and TOP SECRET).

IASAE-III.16. Develop IA architectures and designs for systems processing SCI that will operate at Protection Level 3, 4, or 5 as defined in Director of Central Intelligence Directive 6/3, “Protecting Sensitive Compartmented Information within Information Systems”, June 5, 1999.

IASAE-III.17. Develop IA architectures and designs for DoD IS to include automated IS applications, enclaves (which include networks), and special purpose environments with platform IT interconnectivity, e.g., weapons systems, sensors, medical technologies, or distribution systems.

IASAE-III.18. Ensure that acquired or developed system(s) and network(s) employ Information Systems Security Engineering and are consistent with DoD Component level IA architecture.

IASAE-III.19. Assess threats to and vulnerabilities of the enclave.

IASAE-III.20. Identify, assess, and recommend IA or IA-enabled products for use within an enclave and ensure recommended products are in compliance with the DoD evaluation and validation requirements of DoD Instruction 8500.2, “Information Assurance (IA) Implementation,” February 6, 2003 and DoD Directive 8500.1, “Information Assurance (IA),” October 24, 2002.

IASAE-III.21. Ensure that the implementation of security designs properly mitigate identified threats.

IASAE-III.22. Assess the effectiveness of information protection measures utilized by the enclave.

IASAE-III.23. Evaluate security architectures and designs and provide input as to the adequacy of security designs and architectures proposed or provided in response to requirements contained in acquisition documents.

IASAE-III.24. Ensure security deficiencies identified during security/certification testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate DAA or authorized representative.

IASAE-III.25. Provide input to IA C&A process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).

IASAE-III.26. Participate in an IS risk assessment during the C&A process and design security countermeasures to mitigate identified risks.

IASAE-III.27. Provide engineering support to security/certification test and evaluation activities.

IASAE-III.28. Document system security design features and provide input to implementation plans and standard operating procedures.

IASAE-III.29. Recognize a possible security violation and take appropriate action to report the incident.

IASAE-III.30. Implement and/or integrate security measures for use in the enclave and ensure that enclave designs incorporate security configuration guidelines.

IASAE-III.31. Ensure the implementation of enclave IA policies into system architectures.

IASAE-III.32. Ensure the implementation of subordinate CE and NE IA policies are integrated into the enclave system architecture.

IASAE-III.33. Oversee and provide technical guidance to IASAE Level I and II personnel.

IASAE-III.34. Obtain and maintain IA certification appropriate to position.

IASAE Level III

Attribute

Level

Experience

Usually has at least 10 years of IASAE experience.

System Environment

Enclave Environment IASAE.

Knowledge

Applies knowledge of IA policy, procedures, and workforce structure to design, develop, and implement a secure enclave environment.

Supervision

• Typically reports to a DAA for IA issues.

• May report to other senior managers for enclave operational requirements.

Other

• Must be a U.S. Citizen.

• Relies on extensive experience and judgment to plan and accomplish enclave security related goals.

• May also serve in a management/oversight capacity for an enclave(s).

IA Certification

Within 6 months of assignment to position.

IASAE-III.1. Identify information protection needs for the enclave environment.

IASAE-III.2. Define enclave security requirements in accordance with applicable IA policies (e.g., DoD Directive 8500.1, “Information Assurance (IA),” October 24, 2002 and Director of Central Intelligence Directive 6/3, “Protecting Sensitive Compartmented Information within Information Systems”, June 5, 1999 and organizational security policies).

IASAE-III.3. Provide input on IA security requirements to be included in statements of work and other appropriate procurement documents.

IASAE-III.4. Support Program Managers responsible for the acquisition of DoD IS to ensure IA architecture and systems engineering requirements are properly addressed throughout the acquisition life-cycle.

IASAE-III.5. Design security architectures for use within the enclave environment.

IASAE-III.6. Design and develop IA or IA-enabled products for use within the enclave.

IASAE-III.7. Design and develop CDS for use within CE, NE, or enclave environments.

IASAE-III.8. Develop and implement security designs for new or existing enclave system(s). Ensure that the design of hardware, operating systems, and software applications adequately address IA security requirements for the enclave.

IASAE-III.9. Design, develop, and implement security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation for the enclave environment.

IASAE-III.10. Design, develop, and implement specific IA countermeasures for the enclave.

IASAE-III.11. Develop interface specifications for use within the enclave environment.

IASAE-III.12. Develop approaches to mitigate enclave vulnerabilities and recommend changes to system or system components as needed.

IASAE-III.14. Develop IA architectures and designs for DoD IS with high integrity and availability requirements, to include MAC I systems as defined in DoD Instruction 8500.2, “Information Assurance (IA) Implementation,” February 6, 2003 and DoD Directive 8500.1, “Information Assurance (IA),” October 24, 2002, systems with a high Level-of-Concern for availability or integrity in accordance with Director of Central Intelligence Directive 6/3, “Protecting Sensitive Compartmented Information within Information Systems”, June 5, 1999, and other DAA designated systems.

IASAE-III.15. Develop IA architectures and designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data (e.g., UNCLASSIFIED, SECRET, and TOP SECRET).

IASAE-III.16. Develop IA architectures and designs for systems processing SCI that will operate at Protection Level 3, 4, or 5 as defined in Director of Central Intelligence Directive 6/3, “Protecting Sensitive Compartmented Information within Information Systems”, June 5, 1999.

IASAE-III.17. Develop IA architectures and designs for DoD IS to include automated IS applications, enclaves (which include networks), and special purpose environments with platform IT interconnectivity, e.g., weapons systems, sensors, medical technologies, or distribution systems.

IASAE-III.18. Ensure that acquired or developed system(s) and network(s) employ Information Systems Security Engineering and are consistent with DoD Component level IA architecture.

IASAE-III.19. Assess threats to and vulnerabilities of the enclave.

IASAE-III.20. Identify, assess, and recommend IA or IA-enabled products for use within an enclave and ensure recommended products are in compliance with the DoD evaluation and validation requirements of DoD Instruction 8500.2, “Information Assurance (IA) Implementation,” February 6, 2003 and DoD Directive 8500.1, “Information Assurance (IA),” October 24, 2002.

IASAE-III.21. Ensure that the implementation of security designs properly mitigate identified threats.

IASAE-III.22. Assess the effectiveness of information protection measures utilized by the enclave.

IASAE-III.23. Evaluate security architectures and designs and provide input as to the adequacy of security designs and architectures proposed or provided in response to requirements contained in acquisition documents.

IASAE-III.24. Ensure security deficiencies identified during security/certification testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate DAA or authorized representative.

IASAE-III.25. Provide input to IA C&A process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).

IASAE-III.26. Participate in an IS risk assessment during the C&A process and design security countermeasures to mitigate identified risks.

IASAE-III.27. Provide engineering support to security/certification test and evaluation activities.

IASAE-III.28. Document system security design features and provide input to implementation plans and standard operating procedures.

IASAE-III.29. Recognize a possible security violation and take appropriate action to report the incident.

IASAE-III.30. Implement and/or integrate security measures for use in the enclave and ensure that enclave designs incorporate security configuration guidelines.

IASAE-III.31. Ensure the implementation of enclave IA policies into system architectures.

IASAE-III.32. Ensure the implementation of subordinate CE and NE IA policies are integrated into the enclave system architecture.

IASAE-III.33. Oversee and provide technical guidance to IASAE Level I and II personnel.

IASAE-III.34. Obtain and maintain IA certification appropriate to position.