-
Conduct initial and periodic analysis and secure configuration of any Commercial Off-the-Shelf (COTS) and/or Non-Developmental Items (NDI) to ensure that they are appropriately configured, software/hardware/firmware is controlled, and that any unique risks posed are mitigated.
-
Implement all Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) applicable to any system IA-enabled components.
-
Maintain and update completed Security Technical Implementation Guides (STIGs), Security Readiness Guides (SRGs), and a Secure Content Automation Protocol (SCAP) Benchmark checklist for each product (operating system or applicable software).
-
Conduct vulnerability scans on JPATS Aircrew Training Devices (ATDs) and information systems (ISs) using an Air Force-approved scanning tool (currently Assured Compliance Assessment Solution (ACAS)) and prepare and analyze test results, identify potential security vulnerabilities, and provide guidance on mitigating risks in support for the development into a Plan of Action and Milestones (POA&M) for each site.
-
Manage all cybersecurity compliance activities utilizing eMASS as the system of record. If there is no SIPR access in the facility, the ISSO shall obtain a courier card to transport ACAS scans to enter the results in SIPR eMASS.
-
Maintain an acceptable baseline of cybersecurity controls within eMASS to achieve and maintain an Authority to Operate (ATO) for the system.
-
Update and maintain all required RMF artifacts, which may include drafting new documentation updated with industry standards.
-
Review newly discovered vulnerabilities to detect compliance and risk issues associated with the organizations’ ATO; identify issues that will affect the ATO status and correct them.
-
Report a potential security violation to the Program Office ISSM and the SPO within 8 hours or NLT the end of the duty day after detection.
-
Review documented cybersecurity policy; ensure program compliance with documented policy and identify any disconnects; POA&M those non-compliant in eMASS along with a schedule to fix the issue.
-
Review cybersecurity documentation and update documentation to maintain compliance with changing Air Force policy and/or industry best practices.
-
Ensure system recovery processes are monitored to ensure that security features and procedures are properly restored.
-
Conduct weekly system audits of both automated and manual audit logs.
-
Ensure configuration management for security-relevant software, hardware, and firmware is documented and maintained.
-
Complete the required documentation necessary to maintain EMSEC certification of all classified areas, rooms, or systems.
-
Maintain and submit updates to the cybersecurity scorecard.
-
Support the development of the Program Protection Implementation Plan (PPIP).
-
Apply all STIGs to the system on an ongoing basis to remain in compliance with the JPATS ATD Continuous Monitoring Plan and maintain the ATO of the system.
-
Maintaining the active directory, account management, maintenance, and administration of group policy, applying updates, patches, and antivirus software. System administrative duties also include hardware maintenance, troubleshooting, diagnostics and repair, software lifecycle maintenance, and maintaining the ACAS servers.
-
Other duties as assigned
