Cybersecurity/IA Workforce Management Strengthened
Published, July 8, 2010
To ensure continuous oversight and sustainment of the Information Assurance Workforce Improvement Program, the Department of the Navy signed out a new instruction that further defines cybersecurity and information assurance workforce management and assigns compliance responsibilities.
Key requirements of SECNAVINST 5239.20: "DON Cybersecurity/Information Assurance Workforce Management, Oversight, And Compliance," include:
- Deputy CIOs, Navy and Marine Corps, shall ensure Information Assurance Workforce (IAWF) identification, training and certification compliance.
- Commanding officers, commanders and civilian heads of agencies shall develop an IAWF Management Implementation Plan.
- Major Subordinate Command and Echelon I and II Command Information Officers shall establish administrative chains of command to track and report IAWF management compliance status.
- IAWF Management, Oversight, and Compliance Council shall meet quarterly to oversee compliance status.
- Services shall conduct command compliance visits (minimum of 5 percent each year).
- Compliance visits may be conducted by the following organizations/activities:
- Defense Information Assurance (IA) Program Office;
- Naval Audit Service;
- DON Headquarters level;
- Service IA Workforce Improvement Program Offices of Primary Responsibility (OPRs);
- Inspector General staffs;
- DoD Command Cyber Readiness Inspection;
- Red Team assessments and Blue Team assist visits.
The Department of Defense requires the services to train and certify all IA military, civilian and contractor personnel to a baseline IA commercial certification per the DoD 8570.01 directive and the IA Workforce Improvement Program (IA WIP) manual. One hundred percent of the IA personnel who carry out technical and management functions and 70 percent of personnel involved in computer network defense service provider and IA architect and engineer work must be certified by Dec. 31, 2010.
Commanders/commanding officers should take immediate action to ensure command cybersecurity/IA billets are identified and the personnel are trained and certified to the required DoD baseline certification per service requirements. CDRs/COs may contact the service OPRs for recommendations regarding IA workforce compliance. Possible immediate actions include: training/testing stand-downs, team training through the virtual training environment, scheduled Skillsoft e-learning and purchase of commercial certification classroom training through end-of-year funds. (Exam vouchers are purchased centrally and do not cost the individual command.)
Please refer questions to the DON, Navy and Marine Corps OPRs: Chris Kelsall, DON CIO, firstname.lastname@example.org; Mike Knight, NAVCYBERFOR, email@example.com; or MGySgt Artie Crawford, HQMC C4 IA, firstname.lastname@example.org.