Cybersecurity Training and Certification Program

Department of the Army Pamphlet 25?2?6

Information Management: Army Cybersecurity

Cybersecurity Training and Certification Program

Headquarters Department of the Army Washington, DC 8 April 2019

UNCLASSIFIED

SUMMARY

DA PAM 25?2?6 Cybersecurity Training and Certification Program

This new publication, dated 8 April 2019--

o Supports the guidance in AR 25?2 (throughout).

o Provides guidance and procedures for the training, certification, and management of the Department of the Army cybersecurity workforce conducting cybersecurity functions in assigned duty positions (throughout).

Headquarters Department of the Army Washington, DC 13 March 2019

Department of the Army Pamphlet 25?2?6

Information Management : Army Cybersecurity

Cybersecurity Training and Certification Program

History. This publication is a new Department of the Army pamphlet.

Summary. This pamphlet provides guidance on the cybersecurity training and certification processes and procedures relating to military, Department of the Army

Civilians, and contractors (to include foreign and local national personnel) performing cyberspace functions in accordance with the Department of Defense cyberspace workforce directives and manuals. This pamphlet aligns, manages, and standardizes cyberspace work roles, baseline qualifications, and training requirements.

Applicability. This pamphlet applies to the Regular Army, the Army National Guard/Army National Guard of the United States, and the U.S. Army Reserve, unless otherwise stated.

Proponent and exception authority. The proponent of this pamphlet is the Chief Information Officer/G?6. The proponent has the authority to approve exceptions or waivers to this pamphlet that are consistent with controlling law and regulations. The proponent may delegate this approval authority, in writing, to a division chief within the proponent agency or its direct reporting unit or field operating agency, in the grade

of colonel or the civilian equivalent. Activities may request a waiver to this pamphlet by providing justification that includes a full analysis of the expected benefits and must include formal review by the activity's senior legal officer. All waiver requests will be endorsed by the commander or senior leader of the requesting activity and forwarded through their higher headquarters to the policy proponent. Refer to AR 25?30 for specific guidance.

Suggested improvements. Users are invited to send comments and suggested improvements on DA Form 2028 (Recommended Changes to Publications and Blank Forms) directly to the Chief Information Officer/G?6 (SAIS?PRG), 107 Army Pentagon, Washington, DC 20310?0107.

Distribution. This pamphlet is available in electronic media only and is intended for the Regular Army, the Army National Guard/Army National Guard of the United States, and the U.S. Army Reserve.

Contents (Listed by paragraph and page number)

Chapter 1 Introduction, page 1 Purpose ? 1?1, page 1 References and forms ? 1?2, page 1 Explanation of abbreviations and terms ? 1?3, page 1 Scope ? 1?4, page 1 Overview ? 1?5, page 1

Chapter 2 Accountability, page 2 Army Training and Certification Tracking System ? 2?1, page 2 Required documents ? 2?2, page 2

Chapter 3 Department of Defense Cyberspace Workforce Framework, page 2 Description ? 3?1, page 2 Roles ? 3?2, page 2

Chapter 4 Army e-Learning, page 3 Description ? 4?1, page 3

DA PAM 25?2?6 ? 8 April 2019

i

UNCLASSIFIED

Contents--Continued

Contract personnel ? 4?2, page 3 Course completion ? 4?3, page 3

Chapter 5 Training and Certification Program, page 3 What is cybersecurity training? ? 5?1, page 3 Program requirements ? 5?2, page 4

Chapter 6 Authorized Users, page 4 Requirements ? 6?1, page 4 Acceptable use policy ? 6?2, page 4

Chapter 7 Cybersecurity Training and Qualification Requirements, page 5 Cybersecurity workforce training and qualification assignment ? 7?1, page 5 Privileged users ? 7?2, page 5 Authorizing officials ? 7?3, page 5 Information system owners ? 7?4, page 6 Information systems security manager ? 7?5, page 6 Information system security officer ? 7?6, page 6 Communications security workstation management ? 7?7, page 6 Information management officer ? 7?8, page 6

Chapter 8 Cybersecurity Workforce Certification Release to Department of Defense, page 6 Certification validation ? 8?1, page 6 Release a certification ? 8?2, page 7

Chapter 9 Retraining Requirements for Issuance of a Final (Second) Voucher, page 7 Retest ? 9?1, page 7 Retraining ? 9?2, page 7

Chapter 10 Qualifications, page 7 What does qualified mean? ? 10?1, page 7 Requirements ? 10?2, page 8

Chapter 11 Combatant Commands That Use Army as Their Lead Agent, page 8 Civilians ? 11?1, page 8 Military personnel ? 11?2, page 8

Chapter 12 Continuing Education Credits and Sustainment Training, page 9 Sources ? 12?1, page 9 Accepted courses and training ? 12?2, page 9

Chapter 13 Mobile Training Teams, page 9 Overview ? 13?1, page 9 Availability ? 13?2, page 9 Prohibitions ? 13?3, page 9 Hosting ? 13?4, page 9

ii

DA PAM 25?2?6 ? 8 April 2019

Contents--Continued

Appendixes A. References, page 10 B. Summary of Functional Requirements, page 12 C. Frequency of Training Completion and Certification Validations, page 13 D. Qualification Chart for DOD 8570.01?M Categories and Levels, page 14 E. Risk Management Framework and DOD 8570.01?M Category and Work Role Comparison, page 16 F. Resources, page 18

Table List

Table 3?1: Department of Defense cyberspace workforce framework categories and specialty areas, page 2 Table 10?1: Qualification requirements, page 8 Table B?1: Summary of functional requirements, page 12 Table D?1: Qualification chart for cybersecurity workforce, page 14 Table E?1: Work role comparisons, page 16

Figure List

Figure C?1: Inter-relation of Department of Defense and Army systems for training and certification completions, page 13

Glossary

DA PAM 25?2?6 ? 8 April 2019

iii

Chapter 1 Introduction

1?1. Purpose This pamphlet provides the procedures to carry out the Army Training and Certification Program guidance provided in AR 25?2 at the Department of the Army (DA) level. The processes and procedures in this pamphlet will help to develop a trained and qualified cybersecurity workforce.

1?2. References and forms See appendix A.

1?3. Explanation of abbreviations and terms See glossary.

1?4. Scope This pamphlet applies to all DA organizational levels. It includes qualification guidance for the DOD cyberspace workforce framework (DCWF) work roles and categories as defined in DODD 8140.01, DOD 8570.01?M, DODI 8510.01, and AR 25 ? 2.

1?5. Overview a. The cybersecurity workforce focuses on the operation and management of cyberspace capabilities for DOD infor-

mation systems (ISs) and networks. Cybersecurity ensures that adequate security measures and established cybersecurity policies and procedures are applied to all ISs and networks.

b. All organizations will develop, document, and disseminate cybersecurity awareness and training policy and procedures throughout their commands, to include their subordinate activities. The cybersecurity awareness and training policy must address purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. Review the policy/procedures for cybersecurity awareness and training annually. The commander of the organization (or their designee) who has signing authority signs the policy.

c. The cybersecurity workforce includes all cyberspace information technology (IT) privileged users and specialty positions to include cybersecurity managers who perform any of the functions described in DOD 8570.01?M, regardless of occupational specialty, and regardless of whether the duty is performed full-time or part-time as an additional/embedded duty. The cybersecurity training and qualification program intends to provide cybersecurity personnel with a baseline understanding of the fundamental cybersecurity principles and practices related to the functions of their assigned position.

d. For planning purposes, the standard continuing education (CE) or sustainment training is normally a minimum of 20 to 40 hours annually, or 120 hours over 3 years.

e. The Army Credentialing Opportunities On-Line site has a complete list of qualifying credentials at . Training and qualification requirements for the cybersecurity workforce are listed in this pamphlet.

f. Cybersecurity Fundamentals training, located on the Cybersecurity Training Center website (), must be completed every 3 years.

g. Cybersecurity workforce personnel who have completed the Cybersecurity Fundamentals course on the Cybersecurity Training Center website can earn 40 CE units/continuing professional education for their Information Systems Audit and Control Association (ISACA), International Information System Security Certification Consortium (ISC2) certification, Computing Technology Industry Association (CompTIA) Security+ CE, and CompTIA Advanced Security Practitioner (CASP) CE certifications. Individuals will receive one CE credit for each hour completed. The course may count as credit toward Global Information Assurance Certification (GIAC). Individuals should upload completion certificates to their vendor account for a decision.

h. All personnel holding information assurance technical (IAT) positions must obtain appropriate computing environment certifications or certificates of training for the operating system(s) and/or security-related tools/devices they support, as required by their employing organization. All technical personnel in the IAT Level III category will obtain a commercial computing environment certification (not just a certificate of training). Computer network defense service providers (CNDSPs) (except CNDSP managers) and information assurance system architect and engineers (IASAEs) who perform IAT functions must obtain appropriate computing environment certifications or certificates of training for the operating system(s) and/or security-related tools/devices they support.

DA PAM 25?2?6 ? 8 April 2019

1

Chapter 2 Accountability

2?1. Army Training and Certification Tracking System All personnel with network access will register in the Army Training and Certification Tracking System (ATCTS) at . If an organization has a valid reason for not using ATCTS for its authorized users then a memorandum of record signed by the authorizing official (AO) for that command must be sent to usarmy.belvoir.hqda-cio-g6.mbx.training-and-certification@mail.mil.

2?2. Required documents All personnel must upload the following documents to ATCTS after registration:

a. Acceptable use policy (AUP) if not signed on the Cybersecurity Center website at . b. DA Form 7789 (Privileged Access Agreement (PAA) and Acknowledgment of Responsibilities) (if performing technical functions only). c. Appointment letter (cybersecurity workforce only). d. DD Form 2875 (System Authorization Access Request (SAAR)).

Chapter 3 Department of Defense Cyberspace Workforce Framework

3?1. Description The DCWF derives from the National Initiative for Cybersecurity Careers and Studies?National Cybersecurity Workforce Framework. Both frameworks provide a blueprint to categorize, organize, and describe cybersecurity work according to specialty areas, tasks, and knowledge, skills, and abilities (KSAs). The frameworks organize cybersecurity into seven highlevel categories, each comprised of several specialty areas. Each specialty area consists of multiple work roles. See for additional information.

3?2. Roles a. The DCWF associates work roles with categories/specialties, as shown in table 3?1. Cybersecurity personnel must

determine the work role that fits their job functions. b. KSAs and tasks related to each work role are listed in ATCTS under the KSA and Task tab in the work role box.

Individuals must review the KSAs and tasks before choosing the work role(s), to ensure that the work role(s) chosen correlates with the job duties.

Table 3?1 Department of Defense cyberspace workforce framework categories and specialty areas--Continued

Category

Specialty Areas

Securely Provision

Risk Management

Software Development

Architecture

Technology Research & Development

Systems Requirements Planning

Test and Evaluation

Operate & Maintain

Data Administration

Knowledge Management

Customer Service & Tech Support

Network Services

System Administration

Systems Security Analysis

Oversee & Govern

Legal Advice & Advocacy

Strategic Planning & Policy

Education & Training

Cybersecurity Management

Acquisition & Program/Project Management

Executive Cyberspace Leadership

Protect & Defend

Computer Network Defense

Incident Response

CND Infrastructure

Vulnerability Assessment &

Systems Development

2

DA PAM 25?2?6 ? 8 April 2019

Table 3?1 Department of Defense cyberspace workforce framework categories and specialty areas--Continued

Category

Specialty Areas

(CND) Analysis

Support (CND ? IS)

Management

Analyze

Threat Analysis

Exploitation Analysis

All-Source Analysis

Targets

Operate & Collect

Collection Operations

Cyber Operational Planning

Cyber Operations

Investigate

Investigation

Digital Forensics

Chapter 4 Army e-Learning

4?1. Description a. The Army e-Learning program, comprised of commercial off-the-shelf computer-based and web-based distance

learning courseware, is the preferred method for all DA organizations to train their workforces in IT. Army e-Learning is the primary source of initial and sustainment IT training for Soldiers and DA Civilians before using alternative sources of instruction such as mobile training teams (MTTs) or courses contracted through the Chief Information Officer (CIO)/G?6. There is no cost to individuals or organizations to use Army e-Learning courses and products. Individuals must have an Army Knowledge Online (AKO) user identification (ID) (not AKO email) to register for Army e-Learning courses.

b. Army e-Learning modules for cybersecurity training are available via the AKO portal at or .

c. DA Civilians, military, and local/foreign national personnel can self-register in Army e-Learning and receive access to the entire Army e-Learning catalog.

4?2. Contract personnel a. A government point of contact (POC) must request access for contractor personnel supporting Army cybersecurity

contracts. Access is restricted to the cybersecurity CIO/G?6 folder that includes baseline and computing environment training. Contractors who require access to Army e-Learning for cybersecurity training will send their request through their government POC.

b. Contractors must also register in ATCTS at and have their duty appointment letter and DA Form 7789, if applicable, uploaded into their profile. The Army e-Learning program Skillport--Contractor Access Request is located at under Documents. The contractors' registration document is located on Cybersecurity Training Center website at under Courses.

4?3. Course completion All lessons within an Army e-Learning course must be completed with at least 70 percent success. To generate end of module certificates, individuals must enroll in each learning program course. There are various learning programs in the CIO?G6, Cybersecurity IA/IT Baseline Certification folder in Army e-Learning. Find enrollment procedures at under Documents.

Chapter 5 Training and Certification Program

5?1. What is cybersecurity training? Cybersecurity training is the sum of the processes used to impart the body of knowledge associated with IT security to those who use, maintain, develop, or manage IT systems. A well-trained staff can often compensate for weak technical

DA PAM 25?2?6 ? 8 April 2019

3

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download