Minimum Certifications Required by DoD Inst 8570.01 M, by CND:

CND Analyst	CND Infrastructure Report	CND Incident Reporter	CND Auditor	CND-SP Manager
GCIA	SSCP	GCIH	CISA	CISSP-ISSMP
CEH	CEH	CSIH	GSNA	CISM
-	-	CEH	CEH	-

DoD 8570.01 M: General Requirements - User Awareness

This requirement, specified in Chapter 6, paragraph C6.3 mandates a minimum level of awareness for all Information Assurance (IA) users.

SPECIFIC REQUIREMENTS

User orientation and awareness programs will address:

• The importance of IA to the organization and to the authorized user.
• Relevant laws, policies, and procedures, and how they affect the authorized user (e.g., copyright, ethics, standards of conduct).
• Examples of external threats such as script kiddies, crackers, hackers, protesters, or agents in the employ of terrorist groups or foreign countries.
• Examples of internal threats such as malicious or incompetent authorized users, users in the employ of terrorist groups or foreign countries, disgruntled employees or service members, hackers, crackers, and self-inflicted intentional or unintentional damage.
• The potential elevated sensitivity level of aggregated unclassified information.
• Authorized user risk from social engineering.
• Common methods to protect critical system information and procedures.
• Principles of shared risk in networked systems (i.e., how a risk assumed by one person is imposed on the entire network) and changes in the physical environment (e.g. water, fire, dust/dirt).
• Risks associated with remote access (e.g., telecommuting, during deployment, or on temporary duty).
• Legal requirements regarding privacy issues, such as email status (DoD Directive 2500 and the need to protect systems containing payroll, medical and personnel records.
• Knowledge of malicious codes (e.g., logic bomb, Trojan horse, malicious mobile code, viruses, and worms) including how they attack, how they damage an IS, how they may be introduced inadvertently or intentionally, and how users can mitigate their impact.
• The impact of distributed denial of service attacks and what users can do to mitigate them.
• How to prevent self-inflicted damage to system information security through disciplined application of IA procedures such as proper log on, use of passwords, preventing spillage of classified information, e-mail security, etc.
• Embedded software and hardware vulnerabilities, how the Department of Defense corrects them (e.g., IAVA process), and the impact on the authorized user.
• Prohibited or unauthorized activity on DoD systems (e.g., peer-to-peer file sharing, gambling, personal use and gain issues).
• Requirements and procedures for reporting spillages, unauthorized or suspicious activity, and local IA office point of contact information.
• Categories of information classification and differences between handling information on the Non-Classified Internet Protocol Router Network (NIPRNet) or the SECRET Internet Protocol Router Network (SIPRNet).
• Software issues including license restrictions on DoD systems, encryption, and media sanitation requirements and procedures.
• Definition of Information Operations Condition (INFOCON) and its impact on authorized users.
• Sources of additional information and training.