Standards for Developing Curricula

What is the source of the standards?

There are several applicable standards for training and education. In the United States, the primary sources are the National Institute of Standards and Technology (NIST) and the Committee on National Security Systems (CNSS). The division of responsibility is defined by PL 100-235.

The CNSS (NSTISSI) Standardshave been developed to aid the United States government

Under Executive Order (E.O.) 13231 of October 16, 2001, Critical Infrastructure Protection in the Information Age, the President has redesignated the National Security Telecommunications and Information Systems Security Committee (NSTISSC) as the Committee on National Security Systems (CNSS). The Department of Defense continues to chair the committee under the authorities established by NSD-42. As a standing committee of the President's Critical Infrastructure Protection Board, the CNSS reports fully and regularly on its activities to the Board.

The EO directs the protection of information systems for critical infrastructure, including emergency preparedness communications, and the physical assets that support such systems. The Secretary of Defense and the Director of Central Intelligence are responsible for developing and overseeing the implementation of government-wide policies, principles, standards, and guidelines for the security of systems with national security information.

The CNSS provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems through the CNSS Issuance System. National security systems contain classified information or:

  • involves intelligence activities;

  • involves cryptographic activities related to national security;

  • involves command and control of military forces;

  • involves equipment that is an integral part of a weapon or weapons systems; or

  • is critical to the direct fulfillment of military or intelligence missions (not including routine administrative and business applications).

How do I map my courses to the CNSS(NSTISSI) Standards? Start Here

StandardTitle

4011

National Training Standard for Information Systems Security (INFOSEC)Professionals

4012

National Training Standard for Designated Approving Authority (DAA)

4013

National Training Standard for System Administration in Information Systems Security

4014

National Training Standard for Information Systems Security Officers (ISSO)

4015

National Training Standard for Systems Certifiers

4016

National Training Standard for Risk Analyst

Why are they important?

Training Delivery Standards