|
A Guide to Understanding Information System Security Officer Responsibilities
for Automated Information Systems
TABLE OF CONTENTS
FOREWORD
ACKNOWLEDGMENTS
LIST OF TABLES
1. INTRODUCTION
1.1 Security Regulations, Policies, and Standards
1.1.1 Federal Regulations
1.1.2 Department of Defense Security Policy
1.1.3 Security Standards
1.2 Purpose
1.3 Structure of the Document
2. OPERATIONAL ENVIRONMENT7
2.1 Type of Information Processed
2.1.1 Unclassified
2.1.2 Sensitive Unclassified
2.1.3 Confidential
2.1.4 Secret
2.1.5 Top Secret
2.2 Security Mode of Operation
2.2.1 Dedicated Security Mode
2.2.2 System High Security Mode
2.2.3 Partitioned Security Mode
2.2.4 Compartmented Security Mode
2.2.5 Multilevel Security Mode
3. ISSO AREAS OF RESPONSIBILITY
3.1 ISSO Technical Qualifications
3.2 Overview of ISSO Responsibilities
3.3 ISSO Security Responsibilities
3.4 Security Regulations and Policies
3.5 Mission Needs
3.6 Physical Security Requirements
3.6.1 Contingency Plans
3.6.2 Declassification and Downgrading of Data and Equipment
3.7 Administrative Security Procedures
3.7.1 Personnel Security
3.7.2 Security Incidents Reporting
3.7.3 Termination Procedures
3.8 Security Training
3.9 Security Configuration Management
3.10 Access Control
3.10.1 Facility Access
3.10.2 Identification and Authentication (I&A)
3.10.3 Data Access
3.11 Risk Management
3.12 Audits
3.12.1 Audit Trails
3.12.2 Auditing Responsibilities
3.13 Certification and Accreditation
4. SECURITY PERSONNEL ROLES
4.1 Designated Approving Authority (DAA)
4.2 Component Information System Security Manager (CISSM)
4.3 Information System Security Manager (ISSM)
4.4 Network Security Manager (NSM)
4.5 Information System Security Officer (ISSO)
4.6 Network Security Officer (NSO)
4.7 Terminal Area Security Officer (TASO)
4.8 Security Responsibilities of Other Site Personnel
4.9 Assignment of Security Responsibilities
BIBLIOGRAPHY
REFERENCES
ACRONYMS
GLOSSARY
|
