STIGQter STIGQter: STIG Summary: Traditional Security Checklist Version: 1 Release: 3 Benchmark Date: 15 Jun 2020:

Information Assurance - System Training and Certification/ IA Personnel

DISA Rule

SV-41060r3_rule

Vulnerability Number

V-31013

Group Title

Information Assurance - System Training and Certification/ IA Personnel

Rule Version

IA-06.02.01

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

1. A program must be in place to establish and document required training/certification of (IA) IAM/IAT personnel.

2. In addition to the initial and recurring (annual) training requirements every system user must undergo, the IA staff such as ISSM, ISSO, SA, NSO must be part of an organizational certification program IAW DoD 8570.01-M, IA Workplace Improvement Program.

3. Training/certification requirements must be documented for each IA staff member to include their current certification level: IAM (I-III) or IAT (I-III).

Check Contents

1. Check records for required training/certification of (IA) IAM/IAT personnel. In addition to the initial and recurring (annual) training requirements every system user must undergo, the IA staff such as ISSM, ISSO, SA, NSO must be part of an organizational certification program IAW DoD 8570.01-M, Workplace Improvement Program.

2. Ensure this certification program is in place and that training/certification requirements are documented for each IA staff member, which includes current certification level: IAM (I-III) or IAT (I-III).

TACTICAL ENVIRONMENT: In a tactical environment records should be maintained at fixed locations where IA and security staff are working. This check is not applicable to units in a mobile/field environment.

Vulnerability Number

V-31013

Documentable

False

Rule Version

IA-06.02.01

Severity Override Guidance

1. Check records for required training/certification of (IA) IAM/IAT personnel. In addition to the initial and recurring (annual) training requirements every system user must undergo, the IA staff such as ISSM, ISSO, SA, NSO must be part of an organizational certification program IAW DoD 8570.01-M, Workplace Improvement Program.

2. Ensure this certification program is in place and that training/certification requirements are documented for each IA staff member, which includes current certification level: IAM (I-III) or IAT (I-III).

TACTICAL ENVIRONMENT: In a tactical environment records should be maintained at fixed locations where IA and security staff are working. This check is not applicable to units in a mobile/field environment.

Check Content Reference

M

Target Key

2506

Comments