From Traditional Security
Part of IT Position Designation
Associated with IA controls: ECPA-1, PRAS-1, PRAS-2, PRNK-1
Failure to designate an appropriate IT level could result in an individual having access to an
Checks: Check #1. Request to see and ensure that organization manning documents (eg., JTD) and position descriptions for Military and Government Civilians and the statement of work and/or DD 254 (Contract Security Specification) for Contractors – are available for identification of current ADP (AKA: IT position) designations. Check #2. Check to ensure that IT position (AKA: ADP) designations are assigned to each civilian and military position or contractor employee duties contained in statements of work in which an employee has duties requiring access to a Government Information System (IS). * In most cases this will encompass 100% of all employees. NOTE 1: Personnel Occupying Information Systems Positions Designated ADP-I, ADP-II and ADP-III. DoD military, civilian personnel, consultants, and contractor personnel performing on unclassified automated information systems may be assigned to one of three position sensitivity designations (in accordance with Appendix 10 of DoD 5200.2-R, Personnel Security Program) and MINIMALLY investigated as follows: ADP-I (AKA: IT-1): SSBI/SBPR/PPR ADP-II (AKA: IT-2): ANACI /NACI /NACLC/ S-PR ADP-III (AKA: IT-3): NAC/ENTNAC Those personnel falling in the above ADP categories who also require access to classified information will, of course, be subject to the appropriate investigative scope for the level of security clearance required. The investigative scope for clearances may exceed but not be less than that required for the designated ADP level. Check #3. Check to ensure that employees or any persons with Privileged Access (eg.,SA, NSO or IAO) to Information Systems (IS) are in positions identified as ADP I (AKA: IT I) and that a current (5-year PR) or successfully adjudicated SSBI is on file for each incumbent of such positions. NOTE 2: Privileged access typically provides access to the following system controls IAW Change 3, APPENDIX 1 of the DoD 8570.01-M: - Access to the control functions of the information system/network, administration of user accounts, etc. - Access to change control parameters (e.g., routing tables, path priorities, addresses) of routers, multiplexers, and other key information system/network equipment or software. - Ability and authority to control and change program files, and other users’ access to data. - Direct access to operating system level functions (also called unmediated access) that would permit system controls to be bypassed or changed. - Access and authority for installing, configuring, monitoring, or troubleshooting the security monitoring functions of information systems/networks (e.g., network/system analyzers; intrusion detection software; firewalls) or in performance of cyber/network defense operations. NOTE 3: Certain employees with very limited AND "supervised" privileged access on IS may be in positions designated as IT II and all basic system users should be in positions designated as IT III. NOTE 4: All designated IA Positions IAW DoD 8570.01-M (IAT Levels I-III or IAM Levels I-III) must be checked, time permitting. Random checks of all other site personnel records should be made. TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments and is also applicable to a field/mobile environment.
Fixes: Ensure that organization manning documents (eg., JTD) and position descriptions for Military and Government Civilians and the statement of work and/or DD 254 (Contract Security Specification) for Contractors – are available for identification of current ADP (AKA: IT position) designations. Ensure that IT position (AKA: ADP) designations are assigned to each civilian and military position or contractor employee duties contained in statements of work in which an employee has duties requiring access to a Government Information System (IS). * In most cases this will encompass 100% of all employees. NOTE 1: Personnel Occupying Information Systems Positions Designated ADP-I, ADP-II and ADP-III. DoD military, civilian personnel, consultants, and contractor personnel performing on unclassified automated information systems may be assigned to one of three position sensitivity designations (in accordance with Appendix 10 of DoD 5200.2-R, Personnel Security Program) and MINIMALLY investigated as follows: ADP-I (AKA: IT-1): SSBI/SBPR/PPR ADP-II (AKA: IT-2): ANACI /NACI /NACLC/ S-PR ADP-III (AKA: IT-3): NAC/ENTNAC Those personnel falling in the above ADP categories who also require access to classified information will, of course, be subject to the appropriate investigative scope for the level of security clearance required. The investigative scope for clearances may exceed but not be less than that required for the designated ADP level. Ensure that employees or any persons with Privileged Access (eg.,SA, NSO or IAO) to Information Systems (IS) are in positions identified as ADP I (AKA: IT I) and that a current (5-year PR) or successfully adjudicated SSBI is on file for each incumbent of such positions. NOTE 2: Privileged access typically provides access to the following system controls IAW Change 3, APPENDIX 1 of the DoD 8570.01-M: - Access to the control functions of the information system/network, administration of user accounts, etc. - Access to change control parameters (e.g., routing tables, path priorities, addresses) of routers, multiplexers, and other key information system/network equipment or software. - Ability and authority to control and change program files, and other users’ access to data. - Direct access to operating system level functions (also called unmediated access) that would permit system controls to be bypassed or changed. - Access and authority for installing, configuring, monitoring, or troubleshooting the security monitoring functions of information systems/networks (e.g., network/system analyzers; intrusion detection software; firewalls) or in performance of cyber/network defense operations. NOTE 3: Certain employees with very limited AND supervised privileged access on IS may be in positions designated as IT II and all basic system users should be in positions designated as IT III.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer