COMSEC Manager

COMSEC Manager Work Role ID: 723 (NIST: OV-MG-002) Workforce Element: Cybersecurity

Manages the Communications Security (COMSEC) resources of an organization (CNSSI No. 4009).


Qualification Matrix

  BasicIntermediateAdvancedNotes
Foundational Qualification OptionsEducation A BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRCA BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRCTBDFor additional information pertaining to ABET: www.abet.org or CAE: www.caecommunity.org
Foundational Qualification OptionsOR OR OR
Foundational Qualification OptionsDoD/Military TrainingE3AQR3D033 02AA or E3ABR3D033 01AC or 531-25B30-C45 or E3ABR3D033 01AC531-25B40-C46M0923X1 or A-531-0009 or A-531-0045See TAB C (DCWF Training Repository) below for additional course information.
Foundational Qualification OptionsCommercial TrainingTBDTBDTBD
Foundational Qualification OptionsOR OR OR
Foundational Qualification OptionsPersonnel Certification GSECCISM or CISSO or FITSP-M or GCSA or GCIH or GSLC or GICSPSee TAB B (Certification Index) below for certification vendor information. Courses at higher proficiency levels qualify lower levels.
Foundational Qualification AlternativeExperienceConditional AlternativeConditional AlternativeConditional AlternativeRefer to Section 3 of the DoD 8140 Manual for more information.
Residential QualificationOn-the-Job QualificationAlways RequiredAlways RequiredAlways RequiredIndividuals must demonstrate capability to perform their duties in their resident environment.
Residential QualificationEnvironment-Specific RequirementsComponent DiscretionComponent DiscretionComponent Discretion
Annual Maintenance Continuous Professional Development Minimum of 20 hours annually or what is required to maintain certification; whichever is greater.Minimum of 20 hours annually or what is required to maintain certification; whichever is greater.Minimum of 20 hours annually or what is required to maintain certification; whichever is greater.

Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSATs

KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
25

Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).

Knowledge
37

Knowledge of disaster recovery continuity of operations plans.

Knowledge
55

Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.

Knowledge
61

Knowledge of incident response and handling methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
395

Advise senior management (e.g., CIO) on risk levels and security posture.

Task
578

Ensure security improvement actions are evaluated, validated, and implemented as required.

Task
824

Recognize a possible security violation and take appropriate action to report the incident, as required.

Task
852

Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered.

Task
1141A

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge

Additional KSATs

KSAT ID Description KSAT
129

Knowledge of system life cycle management principles, including software security and usability.

Knowledge
143

Knowledge of the organization’s enterprise information technology (IT) goals and objectives.

Knowledge
183

Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Skill
299

Knowledge of information security program management and project management principles and techniques.

Knowledge
325

Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative [COTR] duties, secure procurement, supply chain risk management).

Knowledge
396

Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements.

Task
445

Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.

Task
475

Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.

Task
596

Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy.

Task
600

Evaluate cost benefit, economic, and risk analysis in decision making process.

Task
1004

Knowledge of critical information technology (IT) procurement requirements.

Knowledge
1040A

Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.

Knowledge