What is the job description of an IASO?

Answer 1

As far as the ARMY is concerned,

"The main role of the IASO is to provide Information Assurance oversight, guidance and support to the general user in accordance with the requirements of the Command's Information Assurance program.

The IASO must be familiar with IA policy, guidance and training requirements, per AR 25-2,and Best Business Practices (BBP).

The IASO is assigned to the lowest Information Assurance management level."

One of the duties of the IASO is to ensure that all personnel associated with IS receive system-specific and general awareness security training (see AR 25-2, para 3-2f) including:

• IA training and certification
• IA situation and awareness briefing
• Information Assurance Workforce Improvement Program
• Information Assurance Training and Certification Best Business Practice (BBP)

The IASO also functions as support to the IAM (aka ISSM) in carrying out their responsibilities.

Answer 2

IASO stands for "Information Assurance Security Officer." In general terms they are responsible for managing and enforcing DoD Information Assurance rules, regulations, policies, and procedures - in particular those of the US Army.

According to AR 25-2, section 3-2 f, the responsibilities an IASO are:

(1) Enforce IA policy, guidance, and training requirements per this regulation and identified BBPs.

(2) Ensure implementation of IAVM dissemination, reporting, and compliance procedures.

(3) Ensure all users meet the requisite favorable security investigations, clearances, authorization, need-to-know, and

security responsibilities before granting access to the IS.

(4) Ensure users receive initial and annual IA awareness training.

(5) Ensure log files and audits are maintained and reviewed for all systems and that authentication (for example,

password) policies are audited for compliance.

(6) Prepare, distribute, and maintain plans, instructions, and SOPs concerning system security.

(7) Review and evaluate the effects on security of system changes, including interfaces with other ISs and document

all changes.

(8) Ensure that all ISs within their area of responsibility are certified, accredited and reaccredited.

(9) Maintain and document CM for IS software (including IS warning banners) and hardware.

(10) Pre-deployment or operational IASOs will ensure system recovery processes are monitored and that security

features and procedures are properly restored.

(11) Pre-deployment or operational IASOs will maintain current software licenses and ensure security related

documentation is current and accessible to properly authorized individuals.

(12) Tenant IASOs will support and assist tenant IAMs (or the installation IAM if no tenant IAM exists).

(13) Report security violations and incidents to the servicing RCERT in accordance with Section VIII, Incident and

Intrusion Reporting.