Navy Imposes Cybersecurity Training Rules

The U.S. Navy has set some ground rules to ensure its IT workforce is well equipped to handle issues of cybersecurity.

A directive from the Navy secretary puts the deputy CIOs of the Navy and Marine Corps in charge of ensuring that Navy information assurance (IA) workers are complying with cybersecurity identification, training, and certification requirements of the military service.

The Navy's CIO, Rob Carey, outlined the requirements of the directive in a blog post on the Navy website.

Federal agencies across the board are shoring up and establishing rules for how to handle cybersecurity within their IT departments, and creating policies for how to protect cyberspace is a goal for the Obama administration.

The directive requires that commanding officers, commanders, and civilians in charge of agencies develop a plan to manage how IA workers implement cybersecurity requirements.

All IA personnel who carry out technical and management functions, and 70% of those involved in computer network defense service provider and IA architect and engineer work, must meet Department of Defense cybersecurity requirements by Dec. 31, according to the directive.

Further, authorized agencies must conduct compliance visits a minimum of 5% of the year to ensure cybersecurity rules are being met. Organizations that can conduct these visits include the Defense IA Program Office; the Naval Audit Service; the Department of Navy Headquarters; Service IA Workforce Improvement Program Offices of Primary Responsibility; Inspector General; abd DoD Command Cyber Readiness Inspection.

The directive also mandates the establishment of an IA Workforce Management, Oversight, and Compliance Council to lead cybersecurity compliance and training.

Among other things, the council will be responsible for developing cybersecurity training strategies and ensuring compliance with training requirements, according to the directive.

The council also will be review IA cybersecurity requirements and make adjustments if necessary, as well as validate training, education, and certification standards and competency requirements.