FAA to develop security certification
- By Paula Shaki Trimble
- Aug 15, 2000
FAA Office of Information Systems Security
The Federal Aviation Administration is on the verge of awarding a contract
to develop a certification program for FAA information systems security
The FAA announced plans Aug. 11 to make a sole-source award to the International
Information Systems Security Certification Consortium 2 (ISC 2), a nonprofit
corporation that develops certification programs for information systems
ISC 2 will be responsible for conducting six classes of 35 to 40 employees
each to certify information systems security professionals in support of
the FAA's Information Systems Security training initiative. Training is
expected to begin Sept. 16.
The FAA created its Information Systems Security program in response
to the Computer Security Act of 1987. The act requires that agencies train
federal employees and supporting contractors prior to giving them access
to a computer system. The FAA also requires that an information systems
security manager be appointed to implement the FAA's program within his
or her line of business.
In May, the FAA created the Office of Information Systems Security under
the authority of Raymond Long, formerly the FAA's Year 2000 program lead,
to coordinate the agency's information security activities at all air traffic
Long has said that the key to a successful program lies in building
awareness of security issues within the work force. The General Accounting
Office in December 1999 reported that the FAA's insufficient management
support, insufficient user training and inadequate policy enforcement contributed
to its failure to comply with internal personnel security policies during
the Year 2000 remediation effort.
ISC 2 will be responsible for training and certifying FAA information
systems security workers in Washington, D.C., Oklahoma City and other locations,
according to the FAA.