FAA to boost work force training

The Federal Aviation Administration has tapped a vendor to develop a certification

program for FAA information systems security workers.

The FAA announced plans Aug. 11 to make a sole-source award to the International

Information Systems Security Certification Consortium Inc. (ISC2), a nonprofit

corporation that develops certification programs for information systems

security practitioners.

ISC2 is expected to conduct six classes of 35 to 40 employees each beginning

Sept. 16. The company will certify information systems security professionals

in support of the FAA's Information Systems Security training initiative.

The FAA created its Information Systems Security program in response

to the Computer Security Act of 1987. The act requires that agencies train

federal employees and supporting contractors prior to giving them access

to a computer system.

In May, the FAA created the Office of Information Systems Security under

the authority of Raymond Long, formerly the FAA's Year 2000 program leader,

to coordinate the agency's information security activities at all air traffic

facilities.

Long has said that the key to a successful program lies in building

an awareness of security issues within the work force. The General Accounting

Office in December 1999 reported that the FAA's insufficient management

support, insufficient user training and inadequate policy enforcement contributed

to its failure to comply with internal personnel security policies during

the Year 2000 remediation effort.

ISC2 will be responsible for training and certifying FAA information

systems security workers in Washington, D.C., Oklahoma City and other locations.