Requirements for information security as described in Department of Energy (DOE)

DOE-STD-1171-2003

Supporting Knowledge and Skills

Discuss the onsite management and planning activities for automated

information systems security.

Discuss the assignment of automated information systems security

responsibilities, authorities, and accountability.

Discuss the required contents and maintenance of an automated information

systems security plan.

Perform an evaluation of the automated information systems security plan to

verify its currency and conformity with DOE orders.

Describe the local statement of threat to computing and information resources.

Describe how the automated information systems security organization interfaces

with the configuration management and planning processes.

Describe how the automated information systems security organization interfaces

with the site risk management program.

Describe the automated information systems security awareness program and

the automated information systems security organization's responsibilities for that

program.

Discuss the integration of TEMPEST considerations into automated information

systems security planning.

Describe the local automated information systems security inspection/review

program.

Describe the purpose and methodology of certification and accreditation of

computing resources.

Describe the methods used to protect information assets on computing

resources.

Describe the methods used to provide physical protection of computing resource

assets.

Discuss the continuity and reliability of critical operations for computing

resources.

25.

Safeguards and security personnel acting in information security shall

demonstrate a familiarity level knowledge of the requirements for information

security as described in Department of Energy (DOE) Order 5639.8A, Security of

Foreign Intelligence Information and Sensitive Compartmented Information.