Maintain a plan for site security improvements and progress towards meeting accreditation.

Ensure the information system (IS) is operated, used, maintained, and disposed of in accordance with security policies and practices.

Ensure the IS is certified and accredited.

Ensure users and system support personnel have required security clearances, authorization and need-to-know, are indoctrinated, and are familiar with internal security practices before access to the IS is granted.

Enforce security policies and safeguards on personnel having access to an IS for which the ISSO is responsible.

Ensure audit trails are reviewed periodically (e.g., weekly, daily), and audit records are archived for future reference, if required.

Initiate protective or corrective measures.

Report security incidents in accordance with agency-specific policy when the IS is compromised.

Report security status of the IS, as required by the SSM.

Evaluate known vulnerabilities to ascertain if additional safeguards are needed.

When given a series of system security breaches, will be able to identify system vulnerabilities and recommend security solutions required to return systems to an operational level of assurance. (Entry Level)

When given a proposed new system architecture requirement, will be able to investigate and document system security technology, policy, and training requirements to assure system operation at a specified level of assurance. (Intermediate Level)

When given a proposed IS accreditation action, will be able to analyze and evaluate system security technology, policy, and training requirements in support of the Senior System Manager (SSM), viz., Chief Information Officer (CIO), Designated Approving Authority (DAA), Chief Technology Officer (CTO), etc., approval to operate the system at a specified level of assurance. This analysis will include a description of the management/technology team required to successfully complete the accreditation process. (Advanced Level)