All appointments to required IA roles (e.g., DAA and IAM/IAO) are established in writing, to include assigned duties and appointment criteria such as training, security clearance, and IT-designation. A System Security Plan is established that describes the technical, administrative, and procedural IA program and policies that govern the DoD information system, and identifies all IA personnel and specific IA requirements and objectives (e.g., requirements for data handling or dissemination, system redundancy and backup, or emergency response).
MAC / CONF | Impact | Subject Area |
---|---|---|
MACI MACII MACIII | High | Security Design and Configuration |
Threat |
---|
When local IA policies that govern DoD information systems are nonexistent, it is impossible for these systems to be accredited. Â Appropriate IA documentation is necessary to effectively communicate local IA instruction throughout the local enterprise. |
Guidance |
---|
1. All appointments to required IA roles (e.g., DAA and IAM/IAO) shall be qualified and at a minimum meet the eligibility requirements. 2. Appointees shall acknowledge duties and criteria by reading and signing a designation document. 3. A System Security Plan shall be developed that describes the technical, administrative, and procedural IA program and policies that govern the DoD information system, and identifies all IA personnel and specific IA requirements and objectives (e.g., requirements for data handling or dissemination, system redundancy and backup, or emergency response). |