近期美国国防部修订了对信息保障(IA)人员的技能、培训和认证要求,将相关人员分为技术和管理两大类,每一类又分为三个等级,对每一个级别都提出了培训、认证和继续教育的要求,以下是对这六个等级的描述:
Level 1 certification is required prior to being authorized any unsupervised privileged access. Personnel performing these functions, regardless of their occupational title (e.g., system administrator, help desk technician, information system technician, etc,) shall be identified as part of the IA workforce and must comply with these requirements.
IAM Level I personnel are responsible for the implementation and operation of a DoD IS or system component within their CE. Incumbents ensure that IA related IS are functional and secure within the CE.
IAT Level II personnel provide network environment (NE) and advanced level Computing Environment (CE) support. They pay special attention to intrusion detection, finding and fixing unprotected vulnerabilities, and ensuring that remote access points are well secured.
IAM Level II personnel are responsible for the IA program of an Information System (IS) within the Network Environment (NE). Incumbents in these positions perform a variety of security related tasks, including the development and implementation of system information security standards and procedures. They ensure that the IS are functional and secure within the NE.
IAT Level III personnel focus on the enclave environment and support, monitor, test, and troubleshoot hardware and software IA problems pertaining to the CE, NE, and enclave environments. [An enclave is any secured, self-contained computational system within a system of local area networks.]
IAM Level III personnel are responsible for ensuring that all enclave IS are functional and secure. They determine the enclaves’ long term IA systems needs and acquisition requirements to accomplish operational objectives. They also develop and implement information security standards and procedures.
该规定还对各级别提出了人员认证要求,CISSP认证满足技术三级(最高级)、管理二级和三级要求,CISA认证满足技术三级要求,CISM满足管理二级和三级要求。由此可以看出美国国防部对CISSP认证的认可程度。
