Annex H18 IA Roles and Responsibilities

Question 0

IA Manager

Answer 0

Determines what security controls need to be in place to protect the info being processed

Implements the overall IA program for the organization

Multiple IAMs may exist within an organization

Primary IA technical advisor to the DAA

Ensure that system users are provided annual IA awareness training

Develop and maintain a command level IA program

Ensure that all IAO’s and privileged users receive the necessary technical and IA training, education, and certification to carry out their duties

Question 1

Designated Approving Authority

Answer 1

Ensure that security is incorporated as an element of the info system life cycle process

Review the SAA to confirm that the residual risk is within acceptable limits

The DAA accepts this responsibility and risk by issuing an accreditation statement

Thee accreditation is based from the certification of the system

Question 2

IA Officer

Answer 2

IS’s are operated, maintained, and disposed
All users have the requisite security clearences
IT users and operations read, understand and sign an appropriate network user agreement
Enforce security policies and safeguards

Question 3

Certifying Authority

Answer 3

Making technical judgement for system compliance IAW applicable DOD/DON security requirements

Question 4

Annual Training Requirements for Info Systems users

Answer 4

Training- Currently CYBERM0000 on Marinenet