Provides support for a program, organization, system, or enclaves information assurance program. Provides support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies. Maintains operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed. Assists with the management of security aspects of the information system and performs day-to-day security operations of the system. Evaluate security solutions to ensure they meet security requirements for processing classified information. Performs vulnerability/risk assessment analysis to support certification and accreditation. Provides configuration management for information system security software, hardware, and firmware. Manages changes to system and assesses the security impact of those changes. Prepares and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Assessment and Authorization Packages, and System Requirements Traceability Matrices (SRTMs).
- Evaluate security solutions to ensure they meet security requirements for processing classified information
- Propose, coordinate, implement, and enforce information systems security policies, standards, and methodologies
- Maintain operational security posture for an information system or program
- Provide support to the Information System Security Manager (ISSM) for maintaining the appropriate operational IA posture for a system, program, or enclave
- Develop and maintain documentation for C&A in accordance with ODNI and DoD policies
- Develop and update the system security plan and other IA documentation
- Provide configuration management for security-relevant information system software, hardware, and firmware
- Assist with the management of security aspects of the information system and perform day-to- day security operations of the system
- Develop system security policy and ensure compliance
- Plan and coordinate the IT security programs and policies
- Manage and control changes to the system and assess the security impact of those changes
- Obtain C&A for ISs under their purview
- Provide support for a program, organization, system, or enclaves information assurance program
- Serve as the Approval Authority for ISs under their control
