R 300734Z MAR 06
FM CMC WASHINGTON DC(UC)
TO AL MARADMIN(UC)
UNCLASSIFIED//
MARADMIN 156/06
MSGID/GENADMIN/CMC WASHINGTON DC C4//
SUBJ/INFORMATION ASSURANCE WORKFORCE IDENTIFICATION, TRACKING,
/MONITORING AND REPORTING//
REF/A/MSGID:DODI 8500.2/20030206/-//
REF/B/MSGID:DODD 8570.1/20040815/-//
REF/C/MSGID:DOD 8570.01-M/20051219/-//
REF/D/MSGID:DON CIO MEMO/20060118/-//
REF/E/MSGID:CONGRESS/20021217/-//
REF/F/MSGID:GENADMIN/CMC WASHINGTON DC/271628ZFEB2006//
REF/G/MSGID:GENADMIN/MCNOSC QUANTICO VA/072345ZMAR2006//
POC/R. A. LETTEER/GS-15/HQMC C4 IA/-/TEL:703-693-3490
/EMAIL:RAY.A.LETTEER@USMC.MIL//
POC/W. H. RYBCZYNSKI/MSGT/HQMC C4 IA/-/TEL:703-693-3490
/EMAIL:WILLIAM.H.RYBCZYNSKI@USMC.MIL//
POC/KRISTIN F. DIAS/-/HQMC C4 IA/-/TEL:DSN 223-3491
/EMAIL:KRISTIN.F.DIAS.CTR@USMC.MIL//
NARR/REF A IS DOD INFORMATION ASSURANCE (IA) IMPLEMENTATION
INSTRUCTION. REF B IS IA TRAINING, CERTIFICATION AND WORKFORCE
MANAGEMENT DIRECTIVE. REF C IS DOD IA WORKFORCE IMPROVEMENT PROGRAM.
REF D IS DEPT OF THE NAVY (DON) IA WORKFORCE IDENTIFICATION,
TRACKING, MONITORING, AND REPORTING DIRECTIVE. REF E IS E-GOVERNMENT
ACT OF 2002, WHICH DEFINES THE FEDERAL INFORMATION SECURITY
MANAGEMENT ACT (FISMA). REF F IS HQMC C4 IA MSG ON IA WORKFORCE AND
CITES WORKFORCE REPORTING REQUIREMENTS AND REPORTING CHAIN. REF G IS
MCEN OPERATIONAL DIRECTIVE 035-06 REPORTING STRUCTURE FOR MARINE
CORPS ENTERPRISE NETWORK (MCEN) OPERATIONAL DIRECTIVES//
GENTEXT/REMARKS/1. PURPOSE. TO ESTABLISH POLICY, GUIDANCE AND
DIRECTION FOR IDENTIFYING, TRACKING, MONITORING AND REPORTING THE
INFORMATION ASSURANCE WORKFORCE ACROSS THE MARINE CORPS.
2. DISCUSSION. IN ACCORDANCE WITH THE REFERENCES, THE MARINE CORPS
IS REQUIRED TO IDENTIFY THE IA WORKFORCE. TO IMPLEMENT THIS
REQUIREMENT, HQMC C4 AND TECOM WILL UTILIZE THE TRAINING INFORMATION
MANAGEMENT SYSTEM (TIMS). TIMS WILL PROVIDE AN AGGREGATED VIEW
CAPABILITY OF ENTERPRISE WIDE IA WORKFORCE MANAGEMENT INFORMATION.
TIMS WILL CAPTURE CERTIFICATIONS (TECHNICAL AND SECURITY) AND ALL
IA/IT TRAINING FOR EACH INDIVIDUAL REGARDLESS OF PAYMENT SOURCE
(INDIVIDUAL EXPENSE OR GOVERNMENT FUNDED). REF G PROVIDES THE
STRUCTURE FOR COMMANDS TO USE WHEN UTILIZING TIMS FOR REPORTING THE
COMPOSITION OF THE IA WORKFORCE WITHIN THEIR AREA OF RESPONSIBILITY.
A. BACKGROUND. REF A DIRECTS THAT ALL IA PERSONNEL BE IDENTIFIED
AND DESIGNATED IN WRITING. REF B PROVIDES DIRECTION ON THE
REQUIREMENTS FOR TRAINING, CERTIFICATION, AND MANAGEMENT OF IA
WORKFORCE PERSONNEL ACROSS THE DOD. THE MARINE CORPS IS REQUIRED TO
IDENTIFY ALL MILITARY, CIVILIAN AND CONTRACTOR PERSONNEL AND
POSITIONS THAT MAKE UP THE USMC IA WORKFORCE/FORCE STRUCTURE.
PERSONNEL MUST BE IDENTIFIED REGARDLESS OF CIVILIAN SERIES OR
MILITARY OCCUPATIONAL SPECIALTIES. ANYONE WITH PRIVILEGED ACCESS OR
PERFORMING IA FUNCTIONS, INCLUDING CONTRACTORS, AS DEFINED IN REF C
MUST BE TRACKED, TRAINED AND MANAGED.
3. ACTION: IN SUPPORT OF REQUIREMENTS ESTABLISHED IN REFS C AND
D, COMMANDS ARE DIRECTED TO COLLECT AND AGGREGATE ALL REPORTING DATA
FOR ALL MARINE CORPS PERSONNEL CURRENTLY PERFORMING INFORMATION
SYSTEM MANAGEMENT AND/OR IA FUNCTIONS. TO ENSURE CORRECT DATA IS
OBTAINED, REF G SPECIFICALLY IDENTIFIED THE PROCESS FOR COMPILATION
AND SUBMISSION OF DATA. ADHERRANCE TO THE REPORTING STRUCTURE PER REF
G WILL AVOID DUPLICATE COUNTING AND GIVE MAJOR COMMANDS VISIBILITY OF
IA EXPERTISE ACROSS EACH AOR. AS LISTED IN REF G, COMMANDS MUST
IDENTIFY TO THE POCS LISTED ABOVE THEIR REPORTING REPRESENTATIVE.
THIS INDIVIDUAL WILL BE GIVEN AN ACCOUNT FOR REPORTING VIA TIMS.
COMMAND PRIMARY AND SECONDARY REPRESENTATIVES MUST BE IDENTIFIED TO
HQMC C4 IA NLT 07 APRIL 06.
A. EXAMPLES OF IA WORKFORCE PERSONNEL INCLUDE, BUT ARE NOT LIMITED TO
THOSE PERSONNEL HOLDING THE 0689 MOS, APPOINTED AS DESIGNATED
APPROVING AUTHORITIES (DAA), INFORMATION ASSURANCE MANAGERS (IAM),
INFORMATION ASSURANCE OFFICERS (IAO), OR CURRENTLY PERFORMING IA
FUNCTIONS (E.G. INFORMATION SYSTEMS COORDINATORS (ISC), SYSADMIN,
NETWORK ADMIN) AS A PRIMARY, ADDITIONAL OR EMBEDDED DUTY AS DEFINED
IN REF C. REPORTING MUST BE COMPLETED USING TIMS NLT 30 MAY 06.
B. DEFINITIONS FOR IDENTIFYING THE IA WORKFORCE ARE AVAILABLE AT THE
HQMC C4 IA WEB SITE AT
HTTP(DOUBLE SLASH)HQDOD.HQMC.USMC.MIL/C4/IA.ASP. IF AN INDIVIDUAL
PERFORMS ANY OF THE IA FUNCTIONS LISTED UNDER THE IA WORKFORCE
DESCRIPTIONS, THE INDIVIDUAL IS A MEMBER OF THE MARINE CORPS IA
WORKFORCE. IT IS UNDERSTOOD THAT PERSONNEL CURRENTLY PERFORMING IA
FUNCTIONS MAY NOT BE DEDICATED 100 PERCENT TO THOSE FUNCTIONS. THE
ENTIRE WORKFORCE MUST BE IDENTIFIED TO INCLUDE THOSE PERFORMING IA
FUNCTIONS AS AN ADDITIONAL OR EMBEDDED DUTY.
4. THE DON IA WORKFORCE WORKING GROUP AGREED UPON THE FOLLOWING
TITLES AS STANDARD NAMING FOR THE IA WORKFORCE. THESE TITLES DO NOT
AUTOMATICALLY MAP TO THE FUNCTIONS PERFORMED BY THE INFORMATION
ASSURANCE TECHNICIAN (IAT) MOS OR IAM BILLET. THE ENTIRE COMMAND
MUST BE CONSIDERED WHEN IDENTIFYING THE IA WORKFORCE. POSITION AND
FUNCTIONAL REQUIREMENTS OF RESPECTIVE LEVELS ARE CITED IN REF C,
WHICH IS AVAILABLE ON THE C4 IA WEB SITE.
5. IAM (LEVEL ONE THROUGH THREE). IAM PERSONNEL WILL INITIALLY BE
DRAWN FROM EXISTING IAM AND IAO PERSONNEL. EXAMPLES OF IAM PERSONNEL
INCLUDE, BUT ARE NOT LIMITED TO:
A. IAM LEVEL I:
NETWORK OPERATIONS CENTER MANAGERS
INFORMATION SYSTEM SECURITY OFFICERS
INFORMATION ASSURANCE OFFICERS
INFORMATION ASSURANCE SECURITY OFFICERS (IASO)
INFORMATION MANAGEMENT OFFICERS (IMO)
INFORMATION SYSTEMS OFFICERS (ISO)
B. IAM LEVEL II.
UNIT COMSEC MANAGERS
PERSONNEL WHO DRAFT BASE-LEVEL IA POLICIES
CERTIFICATION AGENT (CA)
INFORMATION ASSURANCE CHIEFS
INFORMATION SYSTEM SECURITY AUDITORS/INSPECTORS
C. IAM LEVEL III.
MAJOR COMMAND IA/COMSEC MANAGERS
INFORMATION ASSURANCE PROGRAM MANAGERS
6. IAT (LEVEL ONE THROUGH THREE). IAT PERSONNEL CAN INCLUDE, BUT
ARE NOT LIMITED TO: EXISTING 02XX, 06XX, 28XX, SYSTEM ADMINISTRATORS,
NETWORK MANAGERS, SYSTEM ADMINISTRATORS, NETWORK OFFICERS AND IAT'S.
THIS ALSO INCLUDES THOSE PERSONNEL ASSIGNED AS INFORMATION SYSTEM
COORDINATORS (ISC) WITHIN THEIR COMMAND. PERSONNEL WHO ARE ASSIGNED
AS AN ISC, AS WELL AS NETWORK AND SYSTEM ADMINISTRATORS, ARE ALSO
PART OF THE IA WORKFORCE, ALTHOUGH THEY MAY ONLY PERFORM ADDITIONAL
OR EMBEDDED IA FUNCTIONS AS AN OVERALL PART OF THEIR
RESPONSIBILITIES. IAT PERSONNEL OFTEN WORK WITH THE COMMAND IAM AND
THE COMMAND IA STAFF TO ENSURE IA/CND RESPONSIBILITIES ARE
ACCOMPLISHED. CONTRACTOR PERSONNEL IN IA POSITIONS ARE REQUIRED TO
COMPLY WITH THE SAME TRAINING AND CERTIFICATION REQUIREMENTS AS
GOVERNMENT PERSONNEL. EXAMPLES OF IAT PERSONNEL INCLUDE, BUT ARE NOT
LIMITED TO:
A. IAT LEVEL I.
CLIENT SUPPORT ADMINISTRATORS
HELPDESK TECHNICIANS
COMSEC RESPONSIBLE OFFICER
TERMINAL AREA SECURITY OFFICERS
B. IAT LEVEL II.
NETWORK OPERATIONS CENTER TECHNICIAN
FUNCTIONAL SYSTEM ADMINISTRATORS
NETWORK SECURITY OFFICER
VTC FACILITATORS/SYSTEM ADMINISTRATORS
SYSTEM SECURITY ADMINISTRATOR
COMSEC ACCOUNTANTS
COMSEC ACCOUNT WORKSTATION ADMINISTRATORS
LOCAL REGISTRATION AUTHORITY
C. IAT LEVEL III.
NETWORK OPERATIONS CENTER SECURITY
MAJOR COMMAND SYSTEM ADMINISTRATORS
CERTIFIED TEMPEST TECHNICAL AUTHORITY (CTTA)
NETWORK ADMINISTRATORS
IT SYSTEMS DEVELOPERS/TESTERS
7. TO REITERATE, REPORTING MUST BE COMPLETED NLT 30 MAY 06 USING
TIMS. DIRECTIONS TO ACCESS AND POPULATE TIMS AND STEP-BY-STEP
REPORTING INSTRUCTIONS ARE POSTED ONLINE ON THE HQMC C4 IA WEBSITE AT
HTTP(DOUBLE SLASH)HQDOD.HQMC.USMC.MIL/C4/IA.ASP.
8. RESULTS WILL ALSO BE USED FOR ANNUAL USMC FISMA REPORTING,
TRAINING AND QUALIFICATION PLANNING, BUDGET SUBMISSIONS FOR TRAINING
AND CERTIFICATION OF ENTERPRISE IA WORKFORCE PERSONNEL AND FOR
CURRENT AND FUTURE REQUIREMENTS. FAILURE TO PROPERLY DOCUMENT THE IA
WORKFORCE WILL RESULT IN INACCURATE FISMA REPORTING AS MANDATED PER
REF E. THE LACK OF, OR INACCURATE REPORTING, WILL DIRECTLY IMPACT
PROGRAM FUNDING AND SUPPORT. ADDITIONALLY, THE PROPER DOCUMENTATION
AND CERTIFICATION OF THE COMMAND'S IA WORKFORCE IS AN IG REPORTABLE
ITEM.
9. HAVING A WELL TRAINED MARINE CORPS IA WORKFORCE IS ESSENTIAL TO
ENSURING USMC INFORMATION SYSTEMS AVAILABILITY, INTEGRITY,
AUTHENTICATION, CONFIDENTIALITY, AND NONREPUDIATION AND PROVIDING FOR
RESTORATION OF INFORMATION SYSTEMS BY INCORPORATING PROTECTION,
DETECTION, AND REACTION CAPABILITIES. ALL OF THESE BASIC IA TENETS
MUST BE MAINTAINED TO ENHANCE THE CAPABILITIES OF THE WARFIGHTER AND
ENSURE CONTINUED SUCCESS OF OUR CORPS ON THE BATTLEFIELD.
10. CONTACT THE POCS LISTED ABOVE FOR FURTHER CLARIFICATION AND
GUIDANCE AS NEEDED.//