Information Systems Security Officer

Information System Security Officer (ISSO)/Technical Security Requirements. The contractor shall perform the following duties related to Information Assurance/Technical Security IAW DoD JSIG and applicable DoD, DAF, ACC, and 57th Wing applicable AIS security polices and regulations:- Manage, update, and accomplish AIS RMF BOE and BOE associated requirements. Ensure development and implementation of procedures IAW Configuration Management policies and procedures for evaluation of AIS security program.- Perform analysis of network security, based upon RMF JSIG, National Industrial Security Program Operating Manual (NISPOM) Chapter 8, and other sources as added or updated, advise customers on AIS certification and accreditation issues.- Perform AIS risk assessments and make recommendations to customers, 57th Wing Information System Security Manager (ISSM), and System Owner.- Participation in AIS Configuration Control Board.- Advise 57th Wing ISSM and System Owner on security testing methodologies and processes.- Evaluate AIS certification documentation and provide written recommendations for accreditation to 57th Wing ISSM and System Owner.- Review AIS security to accommodate and/or recommend changes to policy or technology.- Evaluate Information Technology (IT) threats and vulnerabilities to determine whether additional safeguards are needed and report these threats or vulnerabilities to 57th Wing ISSM and System Owner.- Develop and maintain a formal Information Systems Security Program.- Recommend changes/updates to the 57th Wing Information Assurance Standard Operating Procedure (IA SOP) to the 57th Wing ISSM when applicable to support unique AIS requirements.- Review and evaluate all certification/accreditation support documentation for proof of acceptable AIS and network security procedures and based upon review, provide written documentation for accreditation to the 57th Wing ISSM, to include External Information Systems (EIS).- Ensure all personnel have the requisite security clearances, authorization, need-to-know, and are aware of their security responsibilities before granting access to AIS.- Ensure approved procedures are in place for clearing, purging, declassifying, and releasing system memory, media, and output.- Ensure all accreditation documentation, to include Cyber Program required documentation is loaded to Core File Share IAW 57th Wing IA SOP.- Conduct and coordinate AIS security inspections, tests, and reviews.- Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered within the applicable computer or network system.- Ensure that data ownership and responsibilities are established for each AIS, to include accountability, access rights, and special handling requirements.- Ensure development and implementation of an information security education, training, and awareness program, to include attending, monitoring, and presenting AIS security training.

Manage Media Custodian Training, User Account Training, Annual SAP Security Training, and Data Transfer Training.- Evaluate threats and vulnerabilities to ascertain whether additional safeguards are needed. Manage, track, and install AIS vulnerability patches.- Assess configuration changes in the system, environment, and operational needs that could affect AIS accreditation.- Review existing security documentation to verify documents still accurately represent the system; a re-evaluation of the system vulnerabilities, threat and risk; and complete security test, or subset of the original test that will be conducted.- Conduct periodic testing of the security posture of the information systems as required.

Verify the compliance of the system with the security requirements by demonstrating, inspecting, and analyzing the system’s capabilities and base-line configuration.- Ensure configuration management for security-relevant AIS software, hardware, and firmware is maintained and documented.- Ensure system recovery processes are monitored to ensure security features and procedures are properly restored.- Ensure all AIS security-related documentation is current and accessible to authorized individuals.- Ensure system security requirements are addressed during all phases of the system life cycle.

Develop and manage an AIS End of Support (EOS) program for all AIS and associated equipment/devices. Advise customer onupcoming costs associated with replacing EOS equipment for effective budget. 1.2.1.27. Perform weekly system audits as required on multiple systems; work closely with system administrators and ensure current security measures are sufficient and in compliance with approved policies and processes.-Pe rform account management for all systems and access; tasks include verifying requirements for access and adding/modifying/deleting accounts as required.- Write Request for Approvals (RFA) for equipment and electronic data being used in off-site locations.- Participate in annual self-inspections and Command Compliance Inspections; identify discrepancies and report security incidents as required by the DAA and/or Program Security Officer (PSO).- Maintain a working knowledge of system functions, security safeguards, and operational security measures.- Provide research and analysis in support of expanding programs and areas of responsibility.- Manage Media Control Program to include accountability of magnetic and optical media of all types.- Perform virus and malicious code scanning on all computer media entering the facility.- Perform file transfers between local systems to storage devices.- Manage the disposition and destruction of AIS, at all classification levels, and supported devices/peripherals IAW DoD policies.- Inspect incoming equipment to ensure what was ordered; inspect outgoing equipment for classified markings and for any non-volatile storage devices.