Want this question answered?
kk
witch of the following is true about telework
ia technical level 1 identifies
DoD Directive 8570.1
Dod 4500.9-r
Dod 4500.9-r
IASO is to ensure that all personnel associated with IS receive system-specific and general awareness security training (see AR 25-2, para 3-2f) including:IA training and certificationIA situation and awareness briefingInformation Assurance Workforce Improvement ProgramInformation Assurance Training and Certification Best Business Practice (BBP)The IASO is also responsible to responsible to the IAM for ensuring that the appropriate operational IA posture is maintained for a DoD information system or organization.
dod 4500.9-r
There are three DoD regulations that have provisions for implementing safeguards. DoD Regulation 5400.11, "DoD Privacy Program;" DoD Instruction 8500.2, "DoD Information Assurance Implementation;" and DoD Regulation 8580.2, "DoD Health Information Security Regulation."
AR 25-2 includes this requirement. It applies only to the Army although is is mostly in line with other DoD IA documents.The responsibilty for ensuring IA training actually falls to the IAM.According to DoDI 8500.2 Paragraph 5.9.6, the IAM is responsible to:5.9.6. Ensure that all IAOs and privileged users receive the necessarytechnical and IA training, education, and certification to carry out their IA duties.According to DoDI 8500.2 Paragraph 5.10.1, the IAO is responsible to:5.10.1. Ensure that all users have the requisite security clearances and supervisory need-to-know authorization, and are aware of their IA responsibilities before being granted access to the DoD information system.Note that according to DoDI 8500.2 Enclosure 2, the IAO is describe thus:E2.1.28. IA Officer (IAO). An individual responsible to the IAM for ensuring that the appropriate operational IA posture is maintained for a DoD information system or organization. While the term IAO is favored within the Department of Defense, it may be used interchangeably with other IA titles (e.g., Information Systems Security Officer, Information Systems Security Custodian, Network Security Officer, or Terminal Area Security Officer).Also:DoDD 8500.01E4.22. All personnel authorized access to DoD information systems shall be adequatelytrained in accordance with DoD and Component policies and requirements and certified as required in order to perform the tasks associated with their IA responsibilities.DoDI 8500.2PRTN-1 Information Assurance TrainingA program is implemented to ensure that upon arrival and periodically thereafter, allpersonnel receive training and familiarization to perform their assigned IAresponsibilitieS.Outside the Army, DoDI 8500.2 states that the IAM has this responsibility, but the Army has obviously delegated this to the IASO, who answers, in turn, to the IAM.The IASO is responsible to prepare or supervise the preparation of system specific and annual IA awareness training. They are also responsible to track the status of users for compliance with policies and procedures for training. If a user has not received the required training, the IASO is responsible to see that the user is denied authorization to use the information system (e.g. by denying initial account creation or disabling their accounts) until they receive the requisite training. They are free to use any tool or method to track the training but they should be at least keeping track of each user by name, clearance, systems they are assigned to access, training required for the assigned systems, training completed, dates training is completed, and required training not yet completed. Obviously in the case of training that must be repeated on a regular basis such as annual IA awareness, the IASO should be keeping track of when each user is due to repeat their training and reminding them that training is due along with reminding them of the consequences of not completing the training (i.e. loss of privileges to access the systems). This can be especially tricky when the non-compliant individual is high ranking such as a flag officer - in which case it sucks to be the IASO.AR 25-2 (Army Regulation 25-2) paragraph 3-2 f. (4) requires IASOs to"Ensure users receive initial and annual IA awareness training."Outside the Army, DoDI 8500.2 states that the IAM has this responsibility, but the Army has obviously delegated this to the IASO, who answers, in turn, to the IAM.
IA provides for restoration of information systems by incorporating all of the following except
The document that provides basic guidance and regulatory requirements for derivative classification for DoD personnel is: DoDM 5200.01, DoD Information Security Program