Top NSA Banner

Access to the IACE Database:

1. I’ve forgotten my IACE application URL, username and password – what should I do?
2.  I would like others to access my account or help with data input. Whom do I contact?
3.  I’ve submitted my mapping for review. Why can’t I edit the other data in my account?
4. I am no longer the point of contact for my institution. How do I transfer the account to my replacement?
5. The head of our IA department has left or retired.  How do I find out if my institution has an existing IACE account, and if so, change the point of contact information?

Mapping Courseware:

1. There are three mapping levels: E (entry), I (intermediate) and A (advanced); for some of the standards, must I map to all three levels or is the E level sufficient to receive a certificate?
2. What does mapping to “ALL“ of the elements mean?
3. When there are references to "agency" in the standards,  e.g. "explain "agency" policy, describe "agency" control points,  is replacing "agency" with "organization" appropriate when mapping?
4. Would certified courseware need to meet every objective for each major subject area, or could curriculum covering one portion of the objectives to the stated standards be certified?
5. What is an acceptable number of courses to map to one standard?  Is 10 too many?
6. Can I use the course textbooks and supplemental reading in my courseware mapping?
7. Can someone from the NIETP Office preview and consult on my mapping before I submit it for review?
8. What happens if I've entered information into my account, but am not ready to submit it by the 31 August or 15 January deadlines?
9. I would like to certify both my graduate and undergraduate programs.Should I map the courseware from both programs?
10. My 40xx certificate expires this year and I must re-certify my courseware. Since 40xx has not changed, my original mapping is still in my IACE application.   I have since consolidated the courseware into fewer courses.  Can I resubmit what is currently in the IACE database?
11. I am in the beginning stages of creating a new program for Information Systems Security; do you have any suggestions for getting started?
12. Is there any publicly available information on OPSEC?

CNSS Certificates

1.  Can an institution's courseware be certified for only 4011, or is an additional CNSS standard required?
2. Can you please provide information on becoming accredited for certification training?
3. Can I still issue CNSS certificates to our students if they don't take the specific courses I used to map our courseware?
4. There is a reporter for a local magazine doing an article on our CNSS mapping.  Would it be possible for him to contact the NIETP Office and ask a few questions about the program?

Access to the IACE Database:

1. I've forgotten my IACE application URL, username and password - what should I do?
Send an email to AskIACE@nsa.gov containing the name of the institution as it appears on the IACE account.  The email should state the type of information (URL, username and/or password) that has been forgotten.

2. I would like others to access my account or help with data input. Whom do I contact?
The institution's point of contact (POC) controls access to the account.  The POC grants access under the "Request New Data Entry Person" function within the IACE database. The new user will receive an email with his/her login name, password, and IACE application URL.

3. I've submitted my mapping for review. Why can't I edit the other data in my account?
When courseware is submitted for review, the application is placed in a "read-only" state to retain the integrity of the data.  Once the reviews are finalized, the application will be reopened for editing. 

4. I am no longer the point of contact for my institution. How do I transfer the account to my replacement?
Send an email to AskIACE@nsa.gov to include the name of the institution, an email address, first name, middle initial, last name for the replacement. 

5. The head of our IA department has left or retired.  How do I find out if my institution has an existing IACE account, and if so, change the point of contact information?
Send an email to AskIACE@nsa.gov  to include the name of the institution and the circumstances.   If applicable, the email should contain the email address, first name, middle initial, last name for the new POC. 

Mapping Courseware:

1. There are three mapping levels: E (entry), I (intermediate) and A (advanced); for some of the standards, must I map to all three levels or is the E level is sufficient to receive a certificate?  
The E level is sufficient to receive a certificate.  The CNSS certificate indicates the level (E, I, A) to which mapping was verified.

2.  What does mapping to "ALL" of the elements mean?
All elements = 100% of the elements. 
Exception: Some standards may have elements that state "Government only," indicating that only government institutions need to map to these elements.

3. When there are references to "agency" in the standards, e.g. "explain 'agency' policy, describe "agency" control points, is replacing "agency" with "organization" appropriate when mapping?
Yes.  The standards state "agency" because they were developed for the Government.

4. Would certified courseware need to meet every objective for each major subject area, or could curriculum covering one portion of the objectives to the stated standards be certified? 
There is only one certification for each national standard, or level of a standard, and that is to certify that the courseware meets 100% of the objectives.  Once courseware is formally submitted, subject matter experts review it and validate that 100% of the objectives are met. 

5.  What is an acceptable number of courses to map to one standard?  Is 10 too many?
There is no definitive number, but limiting the number of courses to only those needed saves time and effort and demonstrates that students can reasonably complete the courseware set of instruction.

6.  Can I use the course textbooks and supplemental reading in my courseware mapping?
Yes.  When referencing textbooks, the chapter and chapter title need to be included.  Since textbooks become rapidly outdated in the computer field, it is increasingly common to use supplemental reading.   The supplemental reading must be truly "supplemental" in that it is required vs. optional for the course.

7.  Can someone from the NIETP Office preview and consult my mapping before I submit it for review?
The NIETP Office does not preview IACE submissions.  Some applicants have a third party review their submissions, or they ask other institutions that have successfully mapped courseware to perform a quality check. 

8.  What happens if I've entered mapping into my account, but am not ready to submit it by the 31 August or 15 January deadlines?
There are no extensions to the existing deadline(s), but whether mapping is submitted or not, it is retained in the IACE account until the CNSS standards are updated, superseded, or cancelled. 
Exception:  If the IACE database itself is unavailable (IACE server down, etc.)  just prior to a deadline, an extension will be granted to all based on the length of the outage. (day for day) 

9.  I would like to certify both my graduate and undergraduate programs. Should I map the courseware from both programs?

Yes - If all the courses are needed to fully map to a standard, or level of a standard.  

No  - If all the courses are not needed.  The IACE program certifies an institution's courseware, not its courses or programs.  Only the minimum number of courses containing the courseware needed to fully map to a standard are required.

10.  My 40xx certificate expires this year and I must re-certify our courseware. Since 40xx has not changed, my original mapping is still in my IACE application.  We have since consolidated the courseware into fewer courses.  Can I resubmit what is currently in the database?
What is currently in the database can be resubmitted, as long as all of the standard elements are still being taught.

11.  I am in the beginning stages of creating a new program for Information Systems Security; do you have any suggestions for getting started? 
IACE can be used as a tool to develop new courseware or to consolidate existing IA courseware. 

12.  Is there any publicly available information on OPSEC?
Information on Operations Security (OPSEC) can be found at http://www.ioss.gov/

CNSS Certificates:

1.  Can an institution be certified in only 4011, or is an additional CNSS standard required?
An institution can be certified for only one standard.  An additional standard is only required as a prerequisite to apply for designation as a National Center of Academic Excellence in IA Education.

2.  Can you please provide information on becoming accredited for certification training?
The IACE Program does not accredit training institutions. IACE certifies that an institution's courseware meets all the requirements of a specific CNSS standard within the courseware set of instruction. 

3. Can we still issue CNSS certificates to our students if they don't take the specific courses we used to map our courseware?
Yes - As long as all the material is covered in the courses they do take.  The CNSS standards and IACE program were designed with maximum modularity and flexibility in mind, to encourage the inclusion of the courseware modules in other courses/programs. 

4.  There is a reporter for a local magazine doing an article on our CNSS mapping.  Would it be possible for him to contact the NIETP Office and ask a few questions about the mapping?
The reporter can contact the NSA Public Affairs Office at 301-688-6524.  Another option is to refer the reporter to our website:
/ia/academic_outreach/index.shtml