information assurance workforce (iawf) presented by: james perkins director, it workforce and...
TRANSCRIPT
Information Assurance Workforce (IAWF)
Presented by:
James Perkins
Director, IT Workforce and Training
17-19 February 2011 IA Workforce
Learning Objectives
• Recognize the IAWF references• Learn the identification, tracking, and management of
the IA Workforce • Apply procedures for training resources
217-19 February 2011 IA Workforce
Agenda
• IAWF References/Background• Identify IAWF• Manage IAWF• Tracking IAWF• IAWF Development• Certification Process• Training Resources• Points of Contact• Questions
317-19 February 2011 IA Workforce
IAWF References/Background
• References:
– DoD 8570.01-M– SECNAV M-5239.2– BUMED INST 5239.xx– NAVMED Policy Memo 09-020
• DoD and DON have established standard procedures for some processes, such as:
– Applying for and receiving IA baseline certification training– Applying for and receiving an exam voucher– Registering for an exam
4
Identify IAWF
• IA Technical:
– Privileged Access: Individuals who have access to system control, monitoring, or administration functions (e.g., system administrator, system programmer) are said to have “privileged access” and therefore, require training and certification to IA Technical levels I, II, or III depending on the functions they perform.
– Must also be trained and certified on the OS or CE they are required to maintain
• Some examples of jobs that hold privileged access or require personnel to perform IA functions include:
– Help Desk Customer Supervisor – Level II or III
– Help Desk Service Technician – Level I - III
– Data Manager – Level III
– System Administrator – Level II (NE) or III (Enclave)
– System Developer – Normally an IAM unless they have privileged access, Level II (NE) or III (Enclave)
5
Identify IAWF
• IA Technical (IAT):
– Privileged Access: Individuals who have access to system control, monitoring, or administration functions (e.g., system administrator, system programmer) are said to have “privileged access” and therefore, require training and certification to IA Technical levels I, II, or III depending on the functions they perform.
– Must also be trained and certified on the OS or CE they are required to maintain
• Some examples of jobs that hold privileged access or require personnel to perform IA functions include (IAT Certification Flow Chart: https://www.cool.navy.mil/ia_documents/ia_iat_flow.htm):
– Help Desk Customer Supervisor – IAT Level II or III
– Help Desk Service Technician – IAT Level I – II
– Data Manager – IAT Level III
– System Administrator – IAT Level II (NE) or III (Enclave)
– System Developer – Normally an IAM unless they have privileged access, Level II (NE) or III (Enclave)
6
Identify IAWF
• IA Manager (IAM):
– Responsible for ensuring the information system (IS) is operated, used, maintained, and disposed of in accordance with security policies and Practices
– IAM Certification flow chart:
• https://www.cool.navy.mil/ia_documents/ia_iam_flow.htm
• IAM Level III:
– BUMED Enclave (CDR Richard Makarski- Director, BUMED M62)
• IAM Level II:
– Fulfilling duties at the network level, reports to IAM III
• IAM Level I:
– Fulfilling duties at the computing level, reports to the IAM II
7
Identify IA IAWF
8
Manage IAWF
9
• IAMs must have:
– IAM Appointment Letter (Example: SECNAV M-5239.2, Appendix C)– DoD Workforce IA Special Code: Information Security (INFOSEC)– DoD Workforce PQS/OJT: If 2210, IT Designated, or NEC this is automatic– IA Certification– Identified as INFOSEC on AMD– Civilians: Identified as INFOSEC in DCPDS– Civilians: Condition of employment clause on Position Description (Examples: SECNAV M-5239.2, para. 3.12.3.2)– Contractors: Identified as INFOSEC in CVS
• IATs must have:
– Privileged Access Agreement (Example: DoD 8570.01-M, Appendix 4)– DoD Workforce IA Special Code: Information Security (INFOSEC)– DoD Workforce PQS/OJT: If 2210, IT Designated, or NEC this is automatic– Identified as INFOSEC on AMD– Civilians: Identified as INFOSEC in DCPDS– Civilians: Condition of employment clause on Position Description (Examples: SECNAV M-5239.2, para. 3.12.3.2)– Contractors: Identified as INFOSEC in CVS– IA Certification– OS Certification
Track IAWF
10
• TWMS:
– Navy Medicine Policy Memorandum 09-020, 17 December 2009, “Information Assurance (IA) Workforce Identification, Tracking, Monitoring, and Reporting”
• Tracking/Management Responsibility:
– Command IAM– BUMED M65
• TWMS issues:
– Personnel are registered in the database but are NOT identified as IAWF– IAMs do not have appropriate permissions to update personnel as IAWF– Personnel are being denied exam vouchers because they are not properly identified
as IAWF in the database
Track IAWF
11
BUMEDIA Cert %:
OS Cert %:
NMEIA Cert %:
OS Cert %:
NMWIA Cert %:
OS Cert %:
NCAIA Cert %:
OS Cert %:
NMSCIA Cert %:
OS Cert %:
According to TWMS: 481 members comprise the Navy Medicine IAWF*
* (as of 31 December 2010)
Track IAWF
• Problems identified in TWMS– Personnel are registered in the database but are NOT identified as
IAWF– IAMs do not have appropriate permissions to update personnel as
IAWF– Personnel are being denied exam vouchers because they are not
properly identified as IAWF in the database
• Recommendations– Site IAMs need to continue to pursue proper permissions for the
TMWS database– IAMs should check to ensure IAWF members are not only registered in
the database but also properly identified as IAWF – Personnel should check their own records to ensure that they are
registered as IAWF
12
IAWF Development
13
• Holistic workforce development solution based on training (classroom and on-the-job), certification, maintenance, continuing education, etc.
Certification Process
14
Start
Take Basic IA Knowledge Assessment
Pass?
Take/Review Basic/Conceptual IA Training Courses Based on Self-Study Guide
Take DIAP-Sponsored Pre-Test forAppropriate 8570.1 Exam
Pass?
Take Certification Training* (or use Self-Study Methods) via NAVMED Voucher
Request Exam VoucherThrough NETWARCOM Process per Business Rules
Register and Take Exam via Proctored/Approved Site for 8570.1 Testing
Pass?
Identify Knowledge Shortfalls with Training Coordinator or via Exam Feedback
Engage in Additional Preparation (Courses or Study)
Report Success to Navy Medical 8570.1 Coordinator Who Logs Results in Appropriate Tool
End
Components/processes under NAVMISSA control.
No Yes Yes
No
Yes
No
Processes and procedures defined by Navy policy and guidance.
Review Self-Study Reference Guide with Training Coordinator
NeedPlan?
Yes
Work with Manager to Select Self-Study Courses and Document Plan
No
Decision points
Certification Process
• Efforts moving forward:– Personnel who have received CISSP vouchers are required to
test within 90 days of completing training• Personnel will need to be contacted for exam results information• Updates will need to be made in the TWMS database to reflect
new certification information– Personnel receiving Security+ certifications after Jan 2011 will be
required to register their certification with CompTIA and must complete CPE credits to maintain their certifications
• Personnel who obtained the Security+ certification prior to Jan 2011 will also have requirements for keeping their certifications active
• More information regarding maintaining certification and requirements is coming soon
15
Resources
16
• Navy Credentialing Opportunities On-Line (COOL)
– https://www.cool.navy.mil
• Defense Information Systems Agency
– http://www/disa.mil
• IAWF Certification Resources Home Page
– https://www.portal.navy.mil/netwarcom/ia/default.aspx
• Navy SKILLPORT training page
– https://navyiacertprep.skillport.com
Resources
• COOL (Credentialing Opportunities On-Line) explains how Navy service members can meet civilian certification and license requirements related to their ratings, jobs, designators, and occupations.
• Use COOL to:– Get background information about civilian licensure and certification. – Identify licenses and certifications relevant to Navy ratings, jobs,
designators, and occupations. – Learn how to fill gaps between Navy training and experience and
civilian credentialing requirements. – Learn about resources available to Navy service members that can
help them gain civilian job credentials.
17
Resources
Training Voucher Program:
• Command is responsible for travel costs and time, but in most cases the vendors will have training available at regional locations
– Regional courses will be scheduled if sufficient staff are available
• No staff should be attending certification training for certifications that do not match their role and/or experience level
– For example: No IAT I personnel should attempt CISSP unless highly-experienced (5 or more years is requirement)
• Those using Navy Medicine funds must agree to follow through with certification and will be tracked for results
• DON’s exam voucher program, administered by NETWARCOM, will provide certification test vouchers on-demand (72 hour turn-around) for all personnel who are properly identified in the TWMS database as IAWF
– Staff must pass NETWARCOM-specified exam pre-tests with an 80% score to receive a voucher per NETWARCOM’s policy
18
Resources
Training Voucher Program (continued):
• Training Program currently offers training and certification opportunities in two categories:
– Security+ • Available for all IAWF personnel who fall into IAT Levels I and II or IAM Level I• Training and testing is held on site by NAVMED selected vendor
– CISSP• Available for all IAWF personnel who fall into IAT Level III and IAM Level II or III• Personnel are required to locate a public training and testing session near their home
site
• Other certification opportunities are available through NETWARCOM or other vendors but are not covered by NAVMED funds
• Personnel are free to pursue other certifications that meet DoD 8570.1-M compliance standards with personal funds, site provided funding, or other funding methods
19
Contact Information
• Mr. James Perkins, Director IM/IT Workforce and Training (M65)– [email protected] or 202-762-3157
• Mr. Christopher Taylor, Program Analyst– [email protected] or 202-762-0926
• Ms. Natalie Salisbury, IM/IT Workforce Support – [email protected] or 202-762-3818
• Ms. Rasheedah Sharp, IM/IT Workforce Support– [email protected] or 202-762-3616
2017-19 February 2011 Leading NAVMED through PortfolioManagement.
Questions
2117-19 February 2011 Leading NAVMED through PortfolioManagement.