Department of Defense

Information Assurance workforce

Hundreds of hours are required to become certified as an Information Assurance Security Officer (IASO) in Dept. of Army organizations- and all organizations are required to have at least two IASOs on orders at all times. This includes hundreds, if not thousands, of very small military units and installation offices, managing IA compliance for as few as 5-15 systems and users.


Hundreds of man-hours are invested in bringing IASOs and their organizations into initial compliance with applicable federal, agency, and organization policies. Hundreds more are spent in a continual effort to keep up with the constantly changing IA requirements, applying any changes required by each revision, and updating the numerous records associated with accreditation. Annual training requirements for these appointments are also a considerable drain on employee time.


Yet, most of these responsibilities are assigned as an "additional duty" to personnel with no IT background or IA expertise. Many appointees are rotated in and out of these appointments before approaching even basic levels of competency. As a result, continuity and rates of compliance in units served by unit-level "IASO appointees" is extremely low (bordering on non-existent) while repetition and redundancy in training and tasks required to maintain organizational compliance is high.


Rather than wasting much of the time being invested by a constant rotation of un/under-qualified personnel, using manpower "borrowed" from their primary missions/duty positions- suggest IA tasks could be accomplished far more effectively, and efficiently, by a much smaller cadre of IT experts who maintain the appropriate IA certifications and subject matter expertise.


A portion of the money (ie: man-hours) saved could be used to implement local, classroom-based training program for unit-level "IA Assistants," who could assist with routine administrative tasks (such as notifying the IASO of hardware and software configuration changes, maintaining a list of machine names and MAC addresses, etc.) under direct supervision of a well-qualified IASO.



1 vote
Idea No. 17618