DOD 8570.01-M (WITH CHANGE-3), INFORMATION ASSURANCE WORKFORCE IMPROVEMENT PROGRAM

Question 1

Who is responsible for developing, coordinating, and publishing baseline certification requirements for personnel who perform specialized IA functions?

Answer 1

ASD (NII)/DoD CIO

Question 2

How often at a minimum must the IA WIPAC meet?

Answer 2

Annually

Question 3

Which office provides oversight to the IA WIPAC and IA baseline certification approval process?

Answer 3

Defense-wide Information Assurance Program (DIAP)

Question 4

Who is required to serve as the DoD Shared Service Center (SSC) for the Office of Management and Budget (OMB)-directed Information System Security Line of Business (ISS LoB) for Tier I Awareness training?

Answer 4

Director of the Defense Information Systems Agency (DISA)

Question 5

What manages the certification testing process requirement for the Department?

Answer 5

DANTES

Question 6

The heads of the DoD Components must provide for the initial IA orientation and annual awareness training to all authorized users to ensure they know, understand, and can apply the IA requirements of their system(s) in accordance with which reference?

Answer 6

DoD Directive 8570.1

Question 7

The heads of the DoD Components must obtain the appropriate background investigation per which reference prior to granting unsupervised privileged access or management responsibilities to any DoD system?

Answer 7

DoD Instruction 8500.2

Question 8

Which training requirements must the heads of the DoD components ensure are met for personnel who perform IA functions on national security systems?

Answer 8

Committee on National Security Systems

Question 9

Which functions focus on the development, operation, management, and enforcement of security capabilities for systems and networks?

Answer 9

Information Assurance (IA)

Question 10

IA measures protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, along with what else?

Answer 10

Non-repudiation

Question 11

What must be completed by personnel who hold privileged access?

Answer 11

Privileged Access Agreement

Question 12

Personnel performing IA duties assess and implement identified corrections associated with technical vulnerabilities as part of which program?

Answer 12

Information Assurance Vulnerability Management (IAVM)

Question 13

What are intended to produce IA personnel with a baseline understanding of the fundamental IA principles and practices related to the functions of their assigned position?

Answer 13

IA certification programs

Question 14

DoD Components must use certifications approved by which office to meet the minimum IA baseline certification requirement?

Answer 14

ASD(NII)/DoD CIO

Question 15

What provides DoD IA policy, training requirements, and DoD sponsored training to support IA professionals?

Answer 15

DoD IA Portal

Question 16

Personnel IA certification status and renewal rates are management review items according to which reference?

Answer 16

DoD Instruction 8500.2

Question 17

Within how many months of IA duty assignments must all military and Government civilian IAT personnel achieve the appropriate IA certification unless a waiver is granted?

Answer 17

6

Question 18

How many years from the effective date of DoD 8570.01-M to DoD employees and contractors who perform IA functions have to comply with certification requirements?

Answer 18

4 (page 22)

Question 19

What is the minimum certification level that is required prior to IA Managers authorizing unsupervised privileged access for personnel performing IAT Levels I through III functions?

Answer 19

IAT Level I

Question 20

What is the maximum time that Designated Accrediting Authorities (DAAs) can issue certification requirement waivers for severe operational or personnel constraints?

Answer 20

6 months

Question 21

Personnel who are not appropriately qualified within how many months of assignment to a position or who fail to maintain their certification status shall not be permitted privileged access?

Answer 21

6

Question 22

Which positions are not authorized to be held by LNs or Foreign Nationals (FNs)?

Answer 22

IAT Level III

Question 23

Which personnel provide Network Environment (NE) and advancement level CE support?

Answer 23

IAT Level II

Question 24

How many years of experience do IAT Level II personnel typically have in IA technology or a related area?

Answer 24

3

Question 25

Which personnel focus on the enclave environment and support, monitor, test, and troubleshoot hardware and software IA problems pertaining to the CE, NE, and enclave environments?

Answer 25

IAT Level III

Question 26

How many years of experience do IAT Level III personnel typically have in IA technology or a related area?

Answer 26

7

Question 27

Within how many months of assignment of IA duties must management category military and Government civilian personnel achieve the appropriate IA baseline certification for their level?

Answer 27

6

Question 28

DAAs may waive certification requirements under severe operational or personnel constraints for a maximum of how many months?

Answer 28

6

Question 29

Personnel in management category positions will retain an appointing letter assigning them IA responsibilities for their systems per which reference?

Answer 29

DoD Instruction 8500.2

Question 30

Which IAM positions may not be assigned to LNs or FNs?

Answer 30

IAM Level III

Question 31

Which personnel are responsible for the implementation and operation of a DoD IS or system DoD Component within their CE?

Answer 31

IAM Level I

Question 32

Which personnel are responsible for the IA program of an IS within the NE?

Answer 32

IAM Level II

Question 33

How many years of management experience do IAM Level II’s usually have?

Answer 33

5

Question 34

Which personnel are responsible for ensuring all enclave IS are functional and secure?

Answer 34

IAM Level III

Question 35

How many years of management experience do IAM Level III’s usually have?

Answer 35

10

Question 36

Which reference directs that a DAA be appointed for each DoD information system operating within, or on behalf of, the Department of Defense?

Answer 36

DoD Directive 8500.1 (page 41)

Question 37

Who is the official that has the authority to formally assume responsibility for operating a system at an acceptable level of risk?

Answer 37

DAA (page 41)

Question 38

Each assigned DAA must complete the DoD DAA CBT or WBT product within how many days assignment to the position?

Answer 38

60

Question 39

How often must each assigned DAA recertify in the DISA DAA Certification course?

Answer 39

Every 3 years (page 43)

Question 40

Who is the first and most vital line of defense for securing DoD information and systems?

Answer 40

User

Question 41

Which CBT presented by DISA meets all DoD level requirements for end user awareness training?

Answer 41

DoD IA Awareness

Question 42

What are the DoD Components required to use as their IA Awareness Provider?

Answer 42

DoD SSC

Question 43

How often must personnel take IA awareness refresher training to retain access?

Answer 43

Annually

Question 44

IA workforce data elements must comply with requirements established in which reference?

Answer 44

DoD Instruction 8500.2

Question 45

All positions in the 2210 or other civilian IA job series must comply with what guidance on standardized titling?

Answer 45

Office of Personnel Management (OPM)

Question 46

What must be used as the Position Specialty Code (PSC) in the Defense Civilian Personnel Data System for all DoD civilian positions and personnel with IA functions regardless of OPM series or job title?

Answer 46

INFOSEC

Question 47

What allows identification of a DoD civilian position with IA functions regardless of OPM series or job title?

Answer 47

Position Specialty Code (PSC)

Question 48

What is used to consolidate IA qualification and workforce management reporting requirements?

Answer 48

IA WIP Annual Report

Question 49

Who coordinates IA Training and Certification Program requirements?

Answer 49

ASD(NII)/DoD CIO

Question 50

What includes all individuals working for the Department of Defense in a foreign country who are nationals or non U.S. residents of that country?

Answer 50

LN

Question 51

Within how many months of assignment of IA duties must IASAE specialty military and Government civilian personnel achieve the appropriate IA baseline certification for their level?

Answer 51

6

Question 52

How many years after the effective date of DoD 8570.01-M do DoD employees and contractors performing IA fucntions have to comply with the certification requirements?

Answer 52

4

Question 53

Waivers issued by DAAs to waive certification requirements when there are severe operational personnel constraints cannot be extended beyond how many months?

Answer 53

6

Question 54

Personnel in IASAE specialty positions will retain an appointing letter assigning them IA responsibilities for their system(s) in accordance with which reference?

Answer 54

DoD Instruction 8500.2

Question 55

Which positions may not be held by LNs or FNs?

Answer 55

IASAE Level III

Question 56

How many years of experience do IASAE Level II personnel usually have?

Answer 56

5

Question 57

Which positions are responsible for the design, development, implementation, and/or integration of a DoD IA architecture, system, or system component for use within the CE, NE, and enclave environments?

Answer 57

IASE Level III

Question 58

Which personnel are responsible for the design, development, implementation, and/or integration of a DoD IA architecture, system, or system component for use within their CE?

Answer 58

IASAE Level I

Question 59

Which personnel are responsible for the design, development, implementation, and/or integration of a DoD IA architecture, system, or system component for use within the NE?

Answer 59

IASAE Level II

Question 60

How many years of experience do IASAE Level III personnel usually have?

Answer 60

10

Question 61

What is the normal sustainment training/continuing education required over 3 years to maintain certification status for planning purposes?

Answer 61

120 hours

Question 62

Within how many months of assignment to an accredited CND-SP position must all CND-SP specialty military and government civilian personnel achieve the appropriate CND certification?

Answer 62

6

Question 63

What has the authority to waive certification requirements under severe operational or personnel constraints?

Answer 63

USSTRATCOM

Question 64

Which personnel use collected data from a variety of CND tools to analyze events that occur within their environment?

Answer 64

CND-A

Question 65

How many years of minimum experience in CND technology or a related field is recommended for CND-A personnel?

Answer 65

2

Question 66

Which personnel test, implement, deploy, maintain, and administer infrastructure systems?

Answer 66

CND-IS

Question 67

How many years of minimum experience in supporting CND and/or network systems and technology is recommended for CND-IS personnel?

Answer 67

4

Question 68

Who do CND-IS personnel work under and typically report to?

Answer 68

CND-SPM

Question 69

Which personnel investigate and analyze all response activities related to cyber incidents within the NE or Enclave?

Answer 69

CND-IR

Question 70

How many years of minimum experience in the CND technology or a related field is recommended for CND-IR personnel?

Answer 70

5

Question 71

Which personnel perform assessments of systems and networks within NE or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy?

Answer 71

CND-AU

Question 72

Which personnel are responsible for producing guidance for their NE or enclave, assisting with risk assessments and risk management for organizations within their NE or enclave, and are responsible for managing the technical classifications within their organization?

Answer 72

CND-SPM