Information Assurance Workforce (IAWF)

Presented by:

James Perkins

Director, IT Workforce and Training

17-19 February 2011 IA Workforce

Learning Objectives

• Recognize the IAWF references• Learn the identification, tracking, and management of

the IA Workforce • Apply procedures for training resources

217-19 February 2011 IA Workforce

Agenda

• IAWF References/Background• Identify IAWF• Manage IAWF• Tracking IAWF• IAWF Development• Certification Process• Training Resources• Points of Contact• Questions

317-19 February 2011 IA Workforce

IAWF References/Background

• References:

– DoD 8570.01-M– SECNAV M-5239.2– BUMED INST 5239.xx– NAVMED Policy Memo 09-020

• DoD and DON have established standard procedures for some processes, such as:

– Applying for and receiving IA baseline certification training– Applying for and receiving an exam voucher– Registering for an exam

4

Identify IAWF

• IA Technical:

– Privileged Access: Individuals who have access to system control, monitoring, or administration functions (e.g., system administrator, system programmer) are said to have “privileged access” and therefore, require training and certification to IA Technical levels I, II, or III depending on the functions they perform.

– Must also be trained and certified on the OS or CE they are required to maintain

• Some examples of jobs that hold privileged access or require personnel to perform IA functions include:

– Help Desk Customer Supervisor – Level II or III

– Help Desk Service Technician – Level I - III

– Data Manager – Level III

– System Administrator – Level II (NE) or III (Enclave)

– System Developer – Normally an IAM unless they have privileged access, Level II (NE) or III (Enclave)

5

Identify IAWF

• IA Technical (IAT):

– Privileged Access: Individuals who have access to system control, monitoring, or administration functions (e.g., system administrator, system programmer) are said to have “privileged access” and therefore, require training and certification to IA Technical levels I, II, or III depending on the functions they perform.

– Must also be trained and certified on the OS or CE they are required to maintain

• Some examples of jobs that hold privileged access or require personnel to perform IA functions include (IAT Certification Flow Chart: https://www.cool.navy.mil/ia_documents/ia_iat_flow.htm):

– Help Desk Customer Supervisor – IAT Level II or III

– Help Desk Service Technician – IAT Level I – II

– Data Manager – IAT Level III

– System Administrator – IAT Level II (NE) or III (Enclave)

– System Developer – Normally an IAM unless they have privileged access, Level II (NE) or III (Enclave)

6

Identify IAWF

• IA Manager (IAM):

– Responsible for ensuring the information system (IS) is operated, used, maintained, and disposed of in accordance with security policies and Practices

– IAM Certification flow chart:

• https://www.cool.navy.mil/ia_documents/ia_iam_flow.htm

• IAM Level III:

– BUMED Enclave (CDR Richard Makarski- Director, BUMED M62)

• IAM Level II:

– Fulfilling duties at the network level, reports to IAM III

• IAM Level I:

– Fulfilling duties at the computing level, reports to the IAM II

7

Identify IA IAWF

8

Manage IAWF

9

• IAMs must have:

– IAM Appointment Letter (Example: SECNAV M-5239.2, Appendix C)– DoD Workforce IA Special Code: Information Security (INFOSEC)– DoD Workforce PQS/OJT: If 2210, IT Designated, or NEC this is automatic– IA Certification– Identified as INFOSEC on AMD– Civilians: Identified as INFOSEC in DCPDS– Civilians: Condition of employment clause on Position Description (Examples: SECNAV M-5239.2, para. 3.12.3.2)– Contractors: Identified as INFOSEC in CVS

• IATs must have:

– Privileged Access Agreement (Example: DoD 8570.01-M, Appendix 4)– DoD Workforce IA Special Code: Information Security (INFOSEC)– DoD Workforce PQS/OJT: If 2210, IT Designated, or NEC this is automatic– Identified as INFOSEC on AMD– Civilians: Identified as INFOSEC in DCPDS– Civilians: Condition of employment clause on Position Description (Examples: SECNAV M-5239.2, para. 3.12.3.2)– Contractors: Identified as INFOSEC in CVS– IA Certification– OS Certification

Track IAWF

10

• TWMS:

– Navy Medicine Policy Memorandum 09-020, 17 December 2009, “Information Assurance (IA) Workforce Identification, Tracking, Monitoring, and Reporting”

• Tracking/Management Responsibility:

– Command IAM– BUMED M65

• TWMS issues:

– Personnel are registered in the database but are NOT identified as IAWF– IAMs do not have appropriate permissions to update personnel as IAWF– Personnel are being denied exam vouchers because they are not properly identified

as IAWF in the database

Track IAWF

11

BUMEDIA Cert %:

OS Cert %:

NMEIA Cert %:

OS Cert %:

NMWIA Cert %:

OS Cert %:

NCAIA Cert %:

OS Cert %:

NMSCIA Cert %:

OS Cert %:

According to TWMS: 481 members comprise the Navy Medicine IAWF*

* (as of 31 December 2010)

Track IAWF

• Problems identified in TWMS– Personnel are registered in the database but are NOT identified as

IAWF– IAMs do not have appropriate permissions to update personnel as

IAWF– Personnel are being denied exam vouchers because they are not

properly identified as IAWF in the database

• Recommendations– Site IAMs need to continue to pursue proper permissions for the

TMWS database– IAMs should check to ensure IAWF members are not only registered in

the database but also properly identified as IAWF – Personnel should check their own records to ensure that they are

registered as IAWF

12

IAWF Development

13

• Holistic workforce development solution based on training (classroom and on-the-job), certification, maintenance, continuing education, etc.

Certification Process

14

Start

Take Basic IA Knowledge Assessment

Pass?

Take/Review Basic/Conceptual IA Training Courses Based on Self-Study Guide

Take DIAP-Sponsored Pre-Test forAppropriate 8570.1 Exam

Pass?

Take Certification Training* (or use Self-Study Methods) via NAVMED Voucher

Request Exam VoucherThrough NETWARCOM Process per Business Rules

Register and Take Exam via Proctored/Approved Site for 8570.1 Testing

Pass?

Identify Knowledge Shortfalls with Training Coordinator or via Exam Feedback

Engage in Additional Preparation (Courses or Study)

Report Success to Navy Medical 8570.1 Coordinator Who Logs Results in Appropriate Tool

End

Components/processes under NAVMISSA control.

No Yes Yes

No

Yes

No

Processes and procedures defined by Navy policy and guidance.

Review Self-Study Reference Guide with Training Coordinator

NeedPlan?

Yes

Work with Manager to Select Self-Study Courses and Document Plan

No

Decision points

Certification Process

• Efforts moving forward:– Personnel who have received CISSP vouchers are required to

test within 90 days of completing training• Personnel will need to be contacted for exam results information• Updates will need to be made in the TWMS database to reflect

new certification information– Personnel receiving Security+ certifications after Jan 2011 will be

required to register their certification with CompTIA and must complete CPE credits to maintain their certifications

• Personnel who obtained the Security+ certification prior to Jan 2011 will also have requirements for keeping their certifications active

• More information regarding maintaining certification and requirements is coming soon

15

Resources

16

• Navy Credentialing Opportunities On-Line (COOL)

– https://www.cool.navy.mil

• Defense Information Systems Agency

– http://www/disa.mil

• IAWF Certification Resources Home Page

– https://www.portal.navy.mil/netwarcom/ia/default.aspx

• Navy SKILLPORT training page

– https://navyiacertprep.skillport.com

Resources

• COOL (Credentialing Opportunities On-Line) explains how Navy service members can meet civilian certification and license requirements related to their ratings, jobs, designators, and occupations.

• Use COOL to:– Get background information about civilian licensure and certification. – Identify licenses and certifications relevant to Navy ratings, jobs,

designators, and occupations. – Learn how to fill gaps between Navy training and experience and

civilian credentialing requirements. – Learn about resources available to Navy service members that can

help them gain civilian job credentials.

17

Resources

Training Voucher Program:

• Command is responsible for travel costs and time, but in most cases the vendors will have training available at regional locations

– Regional courses will be scheduled if sufficient staff are available

• No staff should be attending certification training for certifications that do not match their role and/or experience level

– For example: No IAT I personnel should attempt CISSP unless highly-experienced (5 or more years is requirement)

• Those using Navy Medicine funds must agree to follow through with certification and will be tracked for results

• DON’s exam voucher program, administered by NETWARCOM, will provide certification test vouchers on-demand (72 hour turn-around) for all personnel who are properly identified in the TWMS database as IAWF

– Staff must pass NETWARCOM-specified exam pre-tests with an 80% score to receive a voucher per NETWARCOM’s policy

18

Resources

Training Voucher Program (continued):

• Training Program currently offers training and certification opportunities in two categories:

– Security+ • Available for all IAWF personnel who fall into IAT Levels I and II or IAM Level I• Training and testing is held on site by NAVMED selected vendor

– CISSP• Available for all IAWF personnel who fall into IAT Level III and IAM Level II or III• Personnel are required to locate a public training and testing session near their home

site

• Other certification opportunities are available through NETWARCOM or other vendors but are not covered by NAVMED funds

• Personnel are free to pursue other certifications that meet DoD 8570.1-M compliance standards with personal funds, site provided funding, or other funding methods

19

Contact Information

• Mr. James Perkins, Director IM/IT Workforce and Training (M65)– James.Perkins@med.navy.mil or 202-762-3157

• Mr. Christopher Taylor, Program Analyst– Christopher.Taylor@med.navy.mil or 202-762-0926

• Ms. Natalie Salisbury, IM/IT Workforce Support – Natalie.Salisbury@med.navy.mil or 202-762-3818

• Ms. Rasheedah Sharp, IM/IT Workforce Support– Rasheedah.Sharp@med.navy.mil or 202-762-3616

2017-19 February 2011 Leading NAVMED through PortfolioManagement.

Questions

2117-19 February 2011 Leading NAVMED through PortfolioManagement.