The National Centers of Academic Excellence in Information Assurance Education (CAEIAE) and the CAE-Research (CAE-R) are outreach programs designed and operated initially by the National Security Agency (NSA) in the spirit of Presidential Decision Directive 63, National Policy on Critical Infrastructure Protection, May 1998. The NSA and the Department of Homeland Security (DHS) in support of the President's National Strategy to Secure Cyberspace, February 2003, now jointly sponsor the program. The goal of the program is to reduce vulnerability in our national information infrastructure by promoting higher education in information assurance (IA), and producing a growing number of professionals with IA expertise in various disciplines.


Under the CAEIAE program, 4-year colleges and graduate-level universities are eligible to apply to be designated as a National Center of Academic Excellence in IA Education. Institutions meeting the Carnegie Foundation's classifications of Research University/Very High (RU/VH), Research University/High (RU/H) and Doctoral Research University (DRU) are eligible to apply for CAE-R. Each applicant must pass a rigorous review demonstrating its commitment to academic excellence in IA education. During the application process applicants are evaluated against stringent criteria. Designation as a CAEIAE or CAE-R is valid for five academic years, after which the school must successfully reapply in order to retain its CAEIAE designation.

CAEIAEs and CAE-Rs receive formal recognition from the U.S. government, as well as opportunities for prestige and publicity, for their role in securing our nation's information systems. Students attending these designated schools are eligible to apply for scholarships and grants through the Department of Defense Information Assurance Scholarship Program and the Federal Cyber Service Scholarship for Service Program (SFS). Designation as a Center does not carry a commitment for funding from the NSA or the DHS.

CAEIAE and CAE-R Institutions are located throughout the country-many within driving distance of major DoD installations, federal research centers, and other federal agencies. These schools serve as regional centers of IA expertise and have begun to provide more programs aimed at retooling and retaining current federal and state information technology personnel.

In conjunction with these programs, the Information Assurance Directorate is a sponsor of the Colloquium for Information Systems Security Education (The Colloquium) and the Senior Executive Academic Liaison (SEAL). The addition of these programs helps to promote and increase the availability of information assurance education across the nation while benefiting both NSA and the partnering universities.

Return to the Top


Call for Applications

Each year the NSA and DHS hold a call for applications for these programs. Applications for CAEIAE and CAE-R will be due 15 January of each year. New and redesignated CAEIAEs and CAE-Rs will be announced in June at the Colloquium for Information Systems Security Education (CISSE) each year.

Prior to submitting an application for the National Centers of Academic Excellence in IA Education Program, IA courseware must be certified under the IA Courseware Evaluation Program for NSTISSI 4011 and one other CNSS standard. Completed electronic mapping for 4011 and one other CNSS standard must be submitted by no later than 31 August of each year. Institutions with IACE Certificates issued in 2006 (expire in June 2009) must also map their courseware to the current version of each standard by 31 August 2008. CAE-Rs do not need to map to curriculum. The Carnegie Foundation classification is the requirement they must meet.

Return to the Top


Application Procedures & Requirements

The National Centers of Academic Excellence in Information Assurance Education Program is offered annually and is open to nationally or regionally accredited 4-year colleges and universities for their graduate and undergraduate programs. The CAE-Research is open to nationally or regionally accredited universities that meet Carnegie Foundation classification of RU/VH, RU/H or DRU.

Applicants must submit a letter of their intent to apply, along with evidence of national or regional accreditation and Carnegie ranking for CAE-R. The letter must be on official college/university letterhead; signed by a collegiate official at an appropriate level (Dean or higher); and postmarked not later than the application due date. The mailing address follows:

National Security Agency
Attn: Ms. Christine Nickell, I924
9800 Savage Road, Suite 6744
Fort Meade, MD 20755-6744

CAEIAE applicants must possess current certification under the Information Assurance Courseware Evaluation Program. The criteria for the National Centers of Academic Excellence in Information Assurance Education Program provide specific information on this prerequisite. Applicants are encouraged to apply for the Information Assurance Courseware Evaluation Program as soon as possible, and all mapping should be complete by 31 August 2008 under this program. The Information Assurance Courseware Evaluation Program Manager may be reached at AskIACE[at]nsa[dot]gov.

After the prerequisite is met, contact the National Centers of Academic Excellence in Information Assurance Education Program Office by email, AskCAEIAE[at]nsa[dot]gov,to establish access to the on-line application. Use of the on-line application process is required. The electronic process enables the submitting institution to have multiple individuals participate in the entry of data, while giving the lead individual the ability to review all data and electronically submit the application. The process is intended to simplify the submission of data; create thorough and uniform submissions; and enhance the review process.

Applicants must clearly demonstrate, in sufficient detail, how they meet each of the ten program criteria, and include supporting documentation where required and appropriate. Minimum requirements must be met for each of the ten criteria.

Applications are due to the program office by 15 January of each year.

Return to the Top


CAE-R applicants should contact the program office by email, AskCAEIAE[at]nsa[dot]gov, to establish access. Applicants must meet the Carnegie Foundation classification of RU/VH, RU/H or DRU or be a military academy before beginning the process. Use of the on-line application process is required. Applicants must clearly demonstrate how they meet each of the program criteria.

Review and Selection Procedures

  1. Qualified information assurance professionals from the National Security Agency, the Department of Homeland Security, and the Committee on National Security Systems will assess applications. Other qualified individuals will be invited to assess applications, as needed. By completing the application, a university grants consent to having their application assessed by reviewers from government, as well as by non-government reviewers under contract to the government.
  2. Applications will be rated independently using the point system identified in the criteria. Points will be consolidated, and a point-spread average will be assigned.
  3. Applicants will receive written notification of the determination by April or May.
  4. Qualifying applicants will be designated as National Centers of Academic Excellence in Information Assurance Education or a Center of Academic Excellence-Research for a period of 5 academic years, after which they must successfully reapply in order to retain the designation.
  5. Applicants who are not designated are encouraged to reapply during the next annual cycle.
  6. Consolidated comments from the reviewers will be provided to applicants upon request. Contact the program office at AskCAEIAE[at]nsa[dot]gov to receive the comments.

Return to the Top


Frequently Asked Questions

  1. What is the objective of the CAEIAE program criteria?
  2. How do Information Assurance (IA) and Information Systems Security (INFOSEC) differ and are the terms used interchangeably in the criteria?
  3. How were the criteria developed?
  4. Why were the original CAEIAE criteria revised?
  5. Why do the criteria reflect an emphasis on research?
  6. Is it appropriate to use the same criteria for graduate and undergraduate programs?
  7. Why is there an emphasis on graduate programs?
  8. Why is there an emphasis on distance learning?
  9. How does one define an area of study?
  10. Can two or more universities partner to meet the criteria?
  11. What if a university has two schools, each with declared Information Assurance Centers? Can those schools within a university each be declared as a National Center of Academic Excellence in IA Education?

Return to the Top

1. What is the objective of the CAEIAE program criteria?

The criteria are designed to measure and recognize the depth and maturity of Information Assurance (IA) academic programs, and to stimulate the development of broad-ranging IA programs in order to meet the varying needs of the student population, including work force professionals, as well as the employment needs of government and industry. Institutions successfully meeting the criteria are "designated" as National Centers of Academic Excellence in Information Assurance Education by the National Security Agency and the Department of Homeland Security. The criteria are not designed to the discriminating level required of programs offering a specific "accreditation" or "certification." Accreditation and certification establish a minimum set of criteria to assure that a basic level of quality instruction is provided in a field of study. National Centers of Academic Excellence in Information Assurance Education are expected to be National role models.

Return to the Top

2. How do Information Assurance (IA) and Information Systems Security (INFOSEC) differ and are the terms used interchangeably in the criteria?

Information Assurance is the preferred skill. There is a national movement from Information Systems Security to the more complex discipline of Information Assurance. Recognizing the current state of transition, the terms are used interchangeably in the criteria. Definitions from the National Information Assurance Glossary, Committee on National Security Systems Instruction (CNSSI) 4009, revised June 2006, follow:

  • Information Assurance (IA) - Information Assurance is comprised of measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.
  • Information Systems Security (Information Security, ISS, INFOSEC) - Protection of information systems against unauthorized access to or modification of information whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.

Return to the Top

3. How were the criteria developed?

The criteria were developed by the National Security Agency in consultation with key information assurance representatives from academia, industry, and government.

Return to the Top

4. Why were the original CAEIAE criteria revised?

Due the dynamic nature of the field of Information Assurance, the criteria are assessed annually. The criteria are revised to raise the program standards and keep pace with the increasing depth and maturity of university programs in Information Assurance.

Return to the Top

5. Why do the criteria reflect an emphasis on research?

Research-based education versus textbook centric instruction develops a much-needed skill set and contributes to meeting national research needs. Research in Information Assurance also provides the students and teachers with a method to keep IA curriculum current and relevant.

Return to the Top

6. Is it appropriate to use the same criteria for graduate and undergraduate programs?

Recognizing that graduate and undergraduate programs address differing levels of depth, their treatment in the same criteria is deemed appropriate at this time. Within the criteria, there is reason for discerning differences.

Return to the Top

7. Why is there an emphasis on graduate programs?

The critical demand for Information Assurance (IA) education as well as IA faculty demands an emphasis on graduate programs. Traditionally, changing undergraduate programs of study often appears to interfere with existing accreditations (e.g. ACM). We are working with existing accreditation authorities to increase recognition for undergraduate studies in IA.

Return to the Top

8. Why is there an emphasis on distance learning?

Distance learning is an effective means to meet the needs of the global work force.

Return to the Top

9. How does one define an area of study?

The ever-changing nature and complexity in providing Information Assurance to heterogeneous distributed systems requires focused study. This study, while multi-disciplined in nature, should be steeped in technology. Areas of study or focus areas in universities allow for this in-depth study. Focus areas range from majors within majors, to minors within minors, to simply a declared set of elective choices of study from which a student can choose. Evidence that a university has given thought to the scope, sequence, and content of such concentrated study should be recognized.

Return to the Top


10. Can two or more universities partner to meet the criteria?

Applications based on partnerships will be considered; however, designation as a National Center of Academic Excellence in Information Assurance Education may only be granted to the lead university where the declared Center for Information Assurance Education resides. The certificate of designation would reflect the lead university and also recognize the collaborating institution. Note: Collaborating schools will only be recognized when sufficient evidence reflects that students from both schools have complete unfettered access to the complete Information Assurance curriculum.

Return to the Top

11. What if a university has two schools, each with declared Information Assurance Centers? Can those schools within a university each be declared as a National Center of Academic Excellence in IA Education?

National Centers of Academic Excellence in Information Assurance Education are declared at the university level. In a university which has multiple programs, each of significant strength in teaching Information Assurance, inter program collaboration is highly encouraged. An example of this collaboration might be for those individual Information Assurance Centers to be pulled under the umbrage of an institute.

Return to the Top

The National Centers of Academic Excellence in Information Assurance Education Program provides increased availability of learning in Information Assurance (IA) Education through a network of leading institutions and authorities in IA Education.