Info System Security Management Specialty Area Qualification Matrix

Cyber IT/CSWF Information

Associated Work Roles

  • Information Systems Security Manager (722)
  • COMSEC Manager (723)

Note: This page presents the qualification requirements at the Specialty Area level, a summary category one level above work roles. Until the qualification requirements for the Work Roles are released, please refer to the Specialty Area qualification table below for information. This table will be updated to reflect the specific Work Role requirements when the information is available.

Specialty Area Framework Category: Operate and Maintain

Specialty Areas responsible for providing the support, administration, and maintenance necessary to ensure effective and efficient information technology (IT) system performance and security.

Info System Security Management Description

Oversees and ensures that the appropriate operational security posture (e.g., network and system security, physical and environmental protection, personnel security, incident handling, security training and awareness) is implemented and maintained for an information system or program. Advises the Authorizing Official (AO), an information system owner, or the Chief Information Security Officer (CISO) on the security of an information system or program.

Example Job/Billet Titles

  • Combat Systems Information Officer (CSIO)
  • Cybersecurity Officer (IAO)
  • Information Systems Security Operations/Officer (ISSO)

Master Tasks and KSAs

Detailed information on the Tasks and Knowledge, Skills and Abilities (KSAs) associated with each Marine Corps Specialty Area can be found in the Master Task & KSA List spreadsheet on the NAVIFOR website (requires credentials/CAC to access) or on the DoD Cyber Exchange website.

Initial Training

Initial training qualification for a specialty area is generally met by a High School diploma or equivalent and completion of recruit training.

Minimum Credential Requirement

You must meet one of the education, training, or certification requirements in the Qualifications Table below. See “Understanding Qualifications” on the Qualifications Table for more information on the order of precedence for the minimum credential requirement.

Qualifying Degrees

The Qualifications Table below includes college degrees in the Education section. For example, "Bachelor degree from accredited University." To view a list of degree programs that are acceptable for this Specialty Area, click List of Qualifying Degrees below or the Information icon in the Qualifications Table.

Worksheet View

Click the button to toggle in and out of the worksheet view for the qualifications table. Turning the worksheet view on will allow you to mark requirements and qualifications for your proficiency level, and then print a printer-friendly version of the matrix worksheet.

Note: The Qualification Matrix information on this page will be in a different order when printed to reduce the number of pages needed.

View Proficiency Level(s)

Qualifications Table

All qualifications have not been met.
 
Basic Intermediate Advanced
N/A not entry level position Bachelor Degree from accredited University Bachelor Degree from accredited University
  CNSSI 4012-Senior Systems Managers/4013-System Administrators/4014-Information Systems Security Officers (ISSO) /4015-Systems Certifiers/4016-Risk Analysts Graduate Degree from accredited University
  NDU CISO certificate-Chief Information Security Officer (CISO) CNSSI 4012-Senior Systems Managers/4013-System Administrators/4014-Information Systems Security Officers (ISSO) /4015-Systems Certifiers/4016-Risk Analysts
    NDU CIO certificate-Chief Information Officer (CIO)
OR
 
N/A not entry level position CID M09BNJ1 Cybersecurity Technician CID M02D2M2 Cyber Networks Operations Engineer (Cyber NETOPS Eng)
  CID N23CUQ1 Joint Cyber Analysis CID M09CHN1 Communications Chief
    CID M09D3H1 Cybersecurity Managers
    CID M09DRX1 Advance Communications Officer (ACOC)
OR
 
N/A Certified Authorization Professional (CAP) Certified Authorization Professional (CAP)
  CompTIA Security+ Certified Information Security Manager (CISM)
  GIAC Security Leadership Certification (GSLC) Certified Information Systems Security Professional (CISSP)
    CompTIA Advanced Security Practitioner (CASP+)
    GIAC Security Leadership Certification (GSLC)
AND
 
Evaluation of job performance at Marine Corps Unit based off T&R events from NAVMC 3500.56A, NAVMC 3500.105A Evaluation of job performance at Marine Corps Unit based off T&R events from NAVMC 3500.56A, NAVMC 3500.105A Evaluation of job performance at Marine Corps Unit based off T&R events from NAVMC 3500.56A, NAVMC 3500.105A

Note: The Qualification Matrix information on this page will be in a different order when printed to reduce the number of pages needed.

This is an official U.S. Marine Corps websiteUpdated: March 31, 2021
TOP

Basic

Foundational understanding of computer systems and related cybersecurity software and hardware components. Ability to apply simple concepts and routine processes with frequent and specific guidance. Ability to perform successfully in routine, structured situations, or more complex situations with supervision.

Intermediate

Working knowledge and application of Information Security and security operational characteristics for a variety of computer platforms, networks, software applications, and Operating Systems. Extensive knowledge of basic concepts and processes and experience applying these with only periodic high-level guidance. Ability to perform successfully in non-routine and sometimes complicated situations.

Advanced

Application and mastery of Information Security, plans, and functions; responsible for the management of complex projects, and initiatives with large scope. An in-depth understanding of complex concepts and processes, and experience applying these with little or no guidance. Ability to provide guidance to others and to perform successfully in complex, unstructured situations.

Click link to go to Certified Information Systems Security Professional (CISSP) COOL Snapshot page.

The International Information Systems Security Certification Consortium, Inc. (ISC 2), Certified Information Systems Security Professional (CISSP) is an advanced skill level certification for experienced security practitioners, managers and executives interested in proving their knowledge across a wide array of security practices and principles. Candidates must meet a combination of education and experience requirements. Candidates must pass a written exam.

Click link to go to Project Management Professional (PMP) COOL Snapshot page.

The Project Management Institute (PMI), Project Management Professional (PMP) is an advanced skill level credential for professionals who lead and direct projects. PMPs demonstrate strong interpersonal skills and the ability to lead, and an understanding of technical processes and the business environment. Candidates must meet a combination of education and experience requirements and pass a written exam.

Click link to go to CompTIA Security+ COOL Snapshot page.

The Computing Technology Industry Association (CompTIA), Security+ is an entry-level, vendor-neutral certification for IT professionals. The Security+ validates the baseline skills needed to perform core security functions, incorporating best practices in hands-on troubleshooting and problem-solving skills. Candidates demonstrate the ability to evaluate and implement security solutions for an enterprise environment, monitor and secure hybrid environments, understand laws and policies, and identify, analyze, and respond to security events and incidents. Candidates should meet experience recommendations and must pass a written exam.

Click link to go to GIAC Security Leadership Certification (GSLC) COOL Snapshot page.

The Global Information Assurance Certification (GIAC), Security Leadership Certification (GSLC) is an advanced skill level certification for information security, information technology and security professionals with leadership responsibilities. GSLCs understand governance and technical controls focused on protecting, detecting, and responding to security issues. GSLCs display knowledge of data, network, host, application, and user controls along with fundamental management topics that pertain to the security lifecycle. There are no prerequisites for the GSLC certification. Candidates must pass a written exam.

 

 

Click link to go to Certified Information Security Manager (CISM) COOL Snapshot page.

The Certified Information Security Manager (CISM) is an advanced certification for the individual who designs, builds, and manages an enterprises information security. CISM focuses on information risk management as the basis of information security. It also includes material on broader issues such as how to govern information security as well as on practical issues such as developing and managing an information security program and managing incidents. This certification is targeted toward experienced information security managers and those who have information security management responsibilities. Five or more years of information security work experience, with a minimum of three years of information security management work experience is required.

Click link to go to Certified Authorization Professional (CAP) COOL Snapshot page.

The International Information Systems Security Certification Consortium Inc. (ISC 2), Certified Authorization Professional (CAP) is ideal for IT, information security and information assurance practitioners and contractors seeking to prove their understanding of the RMF. It is evidence candidates have the advanced knowledge and technical ability to formalize processes to assess risk and establish security documentation. Candidates must pass a written exam and have at least two years of cumulative, paid work experience in one or more of the seven domains of the (ISC)² CAP Common Body of Knowledge (CBK).

Click link to go to CompTIA Advanced Security Practitioner (CASP+) COOL Snapshot page.

The Computing Technology Industry Association (CompTIA), CompTIA Advanced Security Practitioner (CASP+) certification is for advanced level cyber-security professionals. CASP+ practitioners have the knowledge and skills need to conceptualize, engineer, integrate, and implement secure solutions across complex environments to support a resilient enterprise. While not required, candidates should meet CompTIA's recommended level of experience. Candidates must pass an exam that includes written and performance-based questions.