System Administrator

System Administrator Work Role ID: 451 (NIST: OM-SA-001) Workforce Element: IT (Cyberspace)

Installs, configures, troubleshoots, and maintains hardware, software, and administers system accounts.


Qualification Matrix

  BasicIntermediateAdvancedNotes
Foundational Qualification OptionsEducation A BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRCA BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRCTBDFor additional information pertaining to ABET: www.abet.org or CAE: www.caecommunity.org
Foundational Qualification OptionsOR OR OR
Foundational Qualification OptionsDoD/Military TrainingE3AQR3D032 02AA or E3AQR3D032 00BB or C-150-2012 or C-150-2011 or M09CVQ1 or F07DZZ1 or A-202-2100 now A-150-1251 or A-150-1200 or A-150-1201 or A-102-5900 or A-531-0767F07DZZ1 or M03385G or M10395B or M223854 or A-150-0045 now W-250-0750 or A-531-0021 or W-250-0750 or A-150-3400 now W-250-0750 or A-150-1980 or A-150-1202 or A-150-1203 or A-150-1250 or A-150-1855 / A-150-1940 or A-113-0205 or A-113-0175 or A-113-0018 or A-113-0382 or A-113-0027 or A-113-0383 or A-113-0175 or A-113-0202 or A-113-0233 or DISA-US1379M0923W1 or A-102-5888 or A-102-5599 (SNOOP) or A-531-0045 or A-113-0381 or A-113-0381 or A-113-0342 or A-121-0594 (P/L) or A-104-0084 or A-150-4219 (P/L) or A-150-9020 (P/L)See TAB C (DCWF Training Repository) below for additional course information.
Foundational Qualification OptionsCommercial TrainingTBDTBDTBD
Foundational Qualification OptionsOR OR OR
Foundational Qualification OptionsPersonnel CertificationA+ or CND or Network+Cloud+ or GICSP or SSCP or Security+ or GSECFITSP-O or GFACT or CASP+ or CCNP Security or CCSPSee TAB B (Certification Index) below for certification vendor information. Courses at higher proficiency levels qualify lower levels.
Foundational Qualification AlternativeExperienceConditional AlternativeConditional AlternativeConditional AlternativeRefer to Section 3 of the DoD 8140 Manual for more information.
Residential QualificationOn-the-Job QualificationAlways RequiredAlways RequiredAlways RequiredIndividuals must demonstrate capability to perform their duties in their resident environment.
Residential QualificationEnvironment-Specific RequirementsComponent DiscretionComponent DiscretionComponent Discretion
Annual Maintenance Continuous Professional Development Minimum of 20 hours annually or what is required to maintain certification; whichever is greater.Minimum of 20 hours annually or what is required to maintain certification; whichever is greater.Minimum of 20 hours annually or what is required to maintain certification; whichever is greater.

Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSATs

KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
76

Knowledge of measures or indicators of system performance and availability.

Knowledge
96

Knowledge of performance tuning tools and techniques.

Knowledge
99A

Knowledge of principles and methods for integrating system components.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
127

Knowledge of systems administration concepts.

Knowledge
171A

Skill in correcting physical and technical problems that impact system/server performance.

Skill
211A

Skill in monitoring and optimizing system/server performance.

Skill
216A

Skill in recovering failed systems/servers.

Skill
219A

Skill in operating system administration.

Skill
344

Knowledge of virtualization technologies and virtual machine development and maintenance.

Knowledge
452

Conduct functional and connectivity testing to ensure continuing operability.

Task
518

Develop and document systems administration standard operating procedures.

Task
518A

Comply with organization systems administration standard operating procedures.

Task
521A

Implement and enforce local network usage policies and procedures.

Task
683

Maintain baseline system security according to organizational policies.

Task
695

Manage accounts, network rights, and access to systems and equipment.

Task
701A

Manage system/server resources including performance, capacity, availability, serviceability, and recoverability.

Task
713A

Monitor and maintain system/server configuration.

Task
763B

Perform repairs on faulty system/server hardware.

Task
781

Plan, execute, and verify data redundancy and system recovery procedures.

Task
835A

Troubleshoot hardware/software interface and interoperability problems.

Task
986

Knowledge of organizational information technology (IT) user security policies (e.g., account creation, password rules, access control).

Knowledge
1033

Knowledge of basic system administration, network, and operating system hardening techniques.

Knowledge
1153A

Install, update, and troubleshoot systems/servers.

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs

KSAT ID Description KSAT
70

Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).

Knowledge
72

Knowledge of local area and wide area networking principles and concepts including bandwidth management.

Knowledge
79

Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).

Knowledge
81A

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Knowledge
112A

Knowledge of systems engineering theories, concepts, and methods.

Knowledge
113

Knowledge of server and client operating systems.

Knowledge
114A

Knowledge of system/server diagnostic tools and fault identification techniques.

Knowledge
141

Knowledge of the enterprise information technology (IT) architecture.

Knowledge
145

Knowledge of the type and frequency of routine maintenance needed to keep equipment functioning properly.

Knowledge
148

Knowledge of Virtual Private Network (VPN) security.

Knowledge
167A

Skill in conducting system/server planning, management, and maintenance.

Skill
170

Skill in configuring and optimizing software.

Skill
194

Skill in diagnosing connectivity problems.

Skill
195A

Skill in troubleshooting failed system components (i.e., servers)

Skill
202A

Skill in identifying and anticipating system/server performance, availability, capacity, or configuration problems.

Skill
206A

Skill in installing system and component upgrades.

Skill
209

Skill in maintaining directory services.

Skill
287

Knowledge of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]).

Knowledge
342A

Knowledge of operating system command line/prompt.

Knowledge
386

Skill in using virtual machines.

Skill
434A

Check system hardware availability, functionality, integrity, and efficiency.

Task
456A

Conduct periodic system maintenance including cleaning (both physically and electronically), disk checks, routine reboots, data dumps, and testing.

Task
499

Design group policies and access control lists to ensure compatibility with organizational standards, business rules, and needs.

Task
572

Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.

Task
728A

Oversee installation, implementation, configuration, and support of system components.

Task
763A

Diagnose faulty system/server hardware.

Task
811

Provide ongoing optimization and problem solving support.

Task
892

Skill in configuring and utilizing software-based computer protection tools (e.g., software firewalls, anti-virus software, anti-spyware).

Skill
1034C

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge
1034B

Knowledge of Payment Card Industry (PCI) data security standards.

Knowledge
1034A

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge
1072

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge
1074A

Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly.

Knowledge
6590

Skill in interfacing with customers.

Skill
6918

Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.

Ability
6919

Ability to determine the best cloud deployment model for the appropriate operating environment.

Ability
6942

Skill in designing or implementing cloud computing deployment models.

Skill
6945

Skill in migrating workloads to, from, and among the different cloud computing service models.

Skill