COMSEC Manager
Manages the Communications Security (COMSEC) resources of an organization (CNSSI No. 4009).
Qualification Matrix
| Basic | Intermediate | Advanced | Notes | ||
|---|---|---|---|---|---|
| Foundational Qualification Options | Education | A BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRC | A BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRC | TBD | For additional information pertaining to ABET: www.abet.org or CAE: www.caecommunity.org |
| Foundational Qualification Options | OR | OR | OR | ||
| Foundational Qualification Options | DoD/Military Training | E3AQR3D033 02AA or E3ABR3D033 01AC or 531-25B30-C45 or E3ABR3D033 01AC | 531-25B40-C46 | M0923X1 or A-531-0009 or A-531-0045 | See TAB C (DCWF Training Repository) below for additional course information. |
| Foundational Qualification Options | Commercial Training | TBD | TBD | TBD | |
| Foundational Qualification Options | OR | OR | OR | ||
| Foundational Qualification Options | Personnel Certification | GSEC | CISM or CISSO or FITSP-M or GCSA or GCIH or GSLC or GICSP | See TAB B (Certification Index) below for certification vendor information. Courses at higher proficiency levels qualify lower levels. | |
| Foundational Qualification Alternative | Experience | Conditional Alternative | Conditional Alternative | Conditional Alternative | Refer to Section 3 of the DoD 8140 Manual for more information. |
| Residential Qualification | On-the-Job Qualification | Always Required | Always Required | Always Required | Individuals must demonstrate capability to perform their duties in their resident environment. |
| Residential Qualification | Environment-Specific Requirements | Component Discretion | Component Discretion | Component Discretion | |
| Annual Maintenance | Continuous Professional Development | Minimum of 20 hours annually or what is required to maintain certification; whichever is greater. | Minimum of 20 hours annually or what is required to maintain certification; whichever is greater. | Minimum of 20 hours annually or what is required to maintain certification; whichever is greater. |
Core KSATs
| KSAT ID | Description | KSAT |
|---|---|---|
| 22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
| 25 | Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]). |
Knowledge |
| 37 | Knowledge of disaster recovery continuity of operations plans. |
Knowledge |
| 55 | Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data. |
Knowledge |
| 61 | Knowledge of incident response and handling methodologies. |
Knowledge |
| 108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
| 395 | Advise senior management (e.g., CIO) on risk levels and security posture. |
Task |
| 578 | Ensure security improvement actions are evaluated, validated, and implemented as required. |
Task |
| 824 | Recognize a possible security violation and take appropriate action to report the incident, as required. |
Task |
| 852 | Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered. |
Task |
| 1141A | Knowledge of an organization’s information classification program and procedures for information compromise. |
Knowledge |
| 1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
| 1158 | * Knowledge of cybersecurity principles. |
Knowledge |
| 1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
| 6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
Additional KSATs
| KSAT ID | Description | KSAT |
|---|---|---|
| 129 | Knowledge of system life cycle management principles, including software security and usability. |
Knowledge |
| 143 | Knowledge of the organization’s enterprise information technology (IT) goals and objectives. |
Knowledge |
| 183 | Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. |
Skill |
| 299 | Knowledge of information security program management and project management principles and techniques. |
Knowledge |
| 325 | Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative [COTR] duties, secure procurement, supply chain risk management). |
Knowledge |
| 396 | Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements. |
Task |
| 445 | Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders. |
Task |
| 475 | Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance. |
Task |
| 596 | Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy. |
Task |
| 600 | Evaluate cost benefit, economic, and risk analysis in decision making process. |
Task |
| 1004 | Knowledge of critical information technology (IT) procurement requirements. |
Knowledge |
| 1040A | Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure. |
Knowledge |