Authorizing Official/Designating Representative

Senior official or executive with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation (CNSSI 4009).

Below are the Knowledge, Skills, Abilities and Tasks identified as being required to perform this work role.

CoursesDESCRIPTION
Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
K0003Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
K0004Knowledge of cybersecurity and privacy principles.
K0005Knowledge of cyber threats and vulnerabilities.
K0006Knowledge of specific operational impacts of cybersecurity lapses.
K0013Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
K0019Knowledge of cryptography and cryptographic key management concepts
K0027Knowledge of organization’s enterprise information security architecture.
K0028Knowledge of organization’s evaluation and validation requirements.
K0037Knowledge of Security Assessment and Authorization process.
K0038Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
K0040Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
K0044Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
K0048Knowledge of Risk Management Framework (RMF) requirements.
K0049Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
K0054Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
K0059Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
K0070Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
K0084Knowledge of structured analysis principles and methods.
K0089Knowledge of systems diagnostic tools and fault identification techniques.
K0101Knowledge of the organization??s enterprise information technology (IT) goals and objectives.
K0126Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
K0146Knowledge of the organization’s core business/mission processes.
K0168Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
K0169Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
K0170Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations.
K0179Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
K0199Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zachman, Federal Enterprise Architecture [FEA]).
K0203Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
K0260Knowledge of Personally Identifiable Information (PII) data security standards.
K0261Knowledge of Payment Card Industry (PCI) data security standards.
K0262Knowledge of Personal Health Information (PHI) data security standards.
K0267Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
K0295Knowledge of confidentiality, integrity, and availability principles.
K0322Knowledge of embedded systems.
K0342Knowledge of penetration testing principles, tools, and techniques.
K0622Knowledge of controls related to the use, processing, storage, and transmission of data.
K0624Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
IDDESCRIPTION
S0034Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
S0367Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
IDDESCRIPTION
A0028Ability to assess and forecast manpower requirements to meet organizational objectives.
A0033Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
A0077Ability to coordinate cyber operations with other organization functions or support activities.
A0090Ability to identify external partners with common cyber operations interests.
A0094Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.
A0111Ability to work across departments and business units to implement organization??s privacy principles and programs, and align privacy objectives with security objectives.
A0117Ability to relate strategy, business, and technology in the context of organizational dynamics.
A0118Ability to understand technology, management, and leadership issues related to organization processes and problem solving.
A0119Ability to understand the basic concepts and issues related to cyber and its organizational impact.
A0123Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
A0170Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.
IDDESCRIPTION
T0145Manage and approve Accreditation Packages (e.g., ISO/IEC 15026-2).
T0221Review authorization and assurance documents to confirm that the level of risk is within acceptable limits for each software application, system, and network.
T0371Establish acceptable limits for the software application, network, or system.
T0495Manage Accreditation Packages (e.g., ISO/IEC 15026-2).