DoD Instruction 8500.2 - Common Access Card (CAC)
DoD Instruction 8500.2 - Common Access Card (CAC)
DoD Instruction 8500.2 - Common Access Card (CAC)
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
DODI <strong>8500.2</strong>, February 6, 2003<br />
5.9.5. Ensure that IA Officers (IAOs) are appointed in writing, as required, and<br />
provide oversight to ensure that they are following established IA policies and<br />
procedures. In addition to meeting all access requirements specified in <strong>DoD</strong> Directive<br />
8500.1, paragraph 4.8. (reference (a)), all newly appointed IAOs shall be U.S. citizens.<br />
Foreign nationals who are direct or indirect hires and are currently appointed as IAOs<br />
may continue in these positions provided they satisfy the provisions of <strong>DoD</strong> Directive<br />
8500.1, paragraph 4.8. (reference (a)); are under the supervision of an IAM who is a U.S.<br />
citizen; and are approved in writing by the DAA. When circumstances warrant, a single<br />
individual who is a U.S. citizen may fill both the IAM and the IAO roles.<br />
5.9.6. Ensure that all IAOs and privileged users receive the necessary<br />
technical and IA training, education, and certification to carry out their IA duties.<br />
5.9.7. Ensure that compliance monitoring occurs, and review the results of<br />
such monitoring.<br />
5.9.8. Ensure that IA inspections, tests, and reviews are coordinated.<br />
5.9.9. Ensure that all IA management review items are tracked and reported.<br />
5.9.10. Ensure that incidents are properly reported to the DAA and the <strong>DoD</strong><br />
reporting chain, as required, and that responses to IA-related alerts are coordinated.<br />
5.9.11. Act as the primary IA technical advisor to the DAA and formally notify<br />
the DAA of any changes impacting the <strong>DoD</strong> information system's IA posture.<br />
5.10. Each IA Officer, in addition to satisfying all responsibilities of an Authorized<br />
User, shall assist the IAM in meeting the duties and responsibilities outlined in<br />
paragraph 5.9., above, and:<br />
5.10.1. Ensure that all users have the requisite security clearances and<br />
supervisory need-to-know authorization, and are aware of their IA responsibilities before<br />
being granted access to the <strong>DoD</strong> information system.<br />
5.10.2. In coordination with the IAM, initiate protective or corrective<br />
measures when an IA incident or vulnerability is discovered.<br />
5.10.3. Ensure that IA and IA-enabled software, hardware, and firmware comply<br />
with appropriate security configuration guidelines.<br />
9