DISA STIGS Viewer - Information Assurance - System Training and Certification/ IA Personnel

Information Assurance - System Training and Certification/ IA Personnel

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-245776	IA-06.02.01	SV-245776r917333_rule		Medium

Description

STIG	Date
Traditional Security Checklist	2024-08-09

Details

Check Text (C-49207r917188_chk)

1. Check records for required training/certification of (IA) IAM/IAT personnel. In addition to the initial and recurring (annual) training requirements every system user must undergo, the IA staff such as ISSM, ISSO, SA, NSO must be part of an organizational certification program IAW DOD 8570.01-M, Workplace Improvement Program.

2. Ensure this certification program is in place and that training/certification requirements are documented for each IA staff member, which includes current certification level: IAM (I-III) or IAT (I-III).

TACTICAL ENVIRONMENT: In a tactical environment records should be maintained at fixed locations where IA and security staff are working. This check is not applicable to units in a mobile/field environment.

Fix Text (F-49162r917189_fix)

1. A program must be in place to establish and document required training/certification of (IA) IAM/IAT personnel.

2. In addition to the initial and recurring (annual) training requirements every system user must undergo, the IA staff such as ISSM, ISSO, SA, NSO must be part of an organizational certification program IAW DOD 8570.01-M, IA Workplace Improvement Program.

3. Training/certification requirements must be documented for each IA staff member to include their current certification level: IAM (I-III) or IAT (I-III).

NOTE: DODM 8570 requirements will be met until full implementation of DODM 8140.03 requirements. Implementation dates for DOD Manual 8140.03 include a two-year timeline for personnel (civilian and military) in positions coded with cybersecurity work roles and three years for personnel (civilian and military) in positions coded with work roles in any other workforce element. The dates for required qualification would be 15 February 2025 for cybersecurity work roles and the same date in February 2026 for all Defense Cyber Workforce Framework work roles.