Information

Only available on StudyMode
  • Download(s) : 10
  • Published : March 11, 2013
Open Document
Text Preview
NSTISSI No. 4011 20 June 1994

NSTISS
NATIONAL SECURITY TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY

NATIONAL TRAINING STANDARD FOR INFORMATION SYSTEMS SECURITY (INFOSEC) PROFESSIONALS

NSTISS
NATIONAL SECURITY TELECOMMUNICATIONS AND INFORMATION SYSTEMS SECURITY

NATIONAL MANAGER

FOREWORD

1. This instruction provides the minimum course content for the training of information systems security (INFOSEC) professionals in the disciplines of telecommunications security and automated information systems (AIS) security. 2. Representatives of the National Security Telecommunications and Information Systems Security Committee may obtain additional copies of this instruction from: Executive Secretariat National Security Telecommunications and Information Systems Security Committee National Security Agency Fort George G. Meade, MD 20755-6000 3. U.S. Government contractors are to contact their appropriate government agency or Contracting Officer Representative regarding distribution of this document.

J. M. McCONNELL Vice Admiral, U.S. Navy

NSTISSI No. 4011

NATIONAL TRAINING STANDARD FOR INFORMATION SYSTEMS SECURITY (INFOSEC) PROFESSIONALS

PURPOSE . . . . . . . . SCOPE AND APPLICABILITY REFERENCES. . . . . . . RESPONSIBILITIES. . . . TRAINING STANDARD . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

SECTION I II III IV V

SECTION I - PURPOSE 1. This instruction establishes the minimum training standard for the training of information systems security (INFOSEC) professionals in the disciplines of telecommunications and automated information systems (AIS) security.

SECTION II - SCOPE AND APPLICABILITY 2. National Security Telecommunications and Information Systems Security Directive No. 501 establishes the requirement for federal departments and agencies to implement training programs for INFOSEC professionals. As defined in NSTISSD 501, an INFOSEC professional is an individual who is responsible for the security oversight or management of national security systems during phases of the life cycle. That directive is being implemented in a synergistic environment among departments and agencies which are committed to satisfying these INFOSEC education and training requirements in the most effective and efficient manner possible. This instruction is the first in a series of minimum training and education standards which are being developed to assist departments and agencies in meeting their responsibilities in these areas.

NSTISSI No. 4011

3. The body of knowledge listed in this instruction may be obtained from a variety of sources, i.e., the National Cryptologic School, contractors, adaptations of existing department/agency training programs, or a combination of experience and formal training. 4. This instruction is applicable to all departments and agencies of the U.S. Government, their employees, and contractors who are responsible for the security oversight or management of national security systems during each phase of the life cycle. SECTION III - REFERENCES 5. P.L. 100-235, Computer Security Act of 1987, dated January 8, 1988. 6. National Policy for the Security of National Security Telecommunications and Information Systems, dated July 5, 1990. 7. NSTISSD 501, National Training Program for Information Systems Security (INFOSEC) Professionals, dated 16 November 1992. 8. OMB Circular A-130, Appendix III, Security of Federal Automated Information Systems, December 12, 1985. 9. Office of Personnel Management, 5 CFR Part 930, Training Requirements for the Computer Security Act, January 3, 1992. 10. NSTISSI No. 4009, National Information Systems Security (INFOSEC) Glossary, June 5, 1992. SECTION IV - RESPONSIBILITIES 11. Heads of U.S. Government departments and agencies will:

a. Ensure that INFOSEC professionals obtain the body of knowledge as outlined in this instruction. b. Ensure that an INFOSEC training...
tracking img