Information Assurance Menu

About IA at NSA Partners Rowlett Awards Award Recipients Background Nomination Procedures Links IA News IA Events Open for Registration Closed for Registration Scheduled IA Guidance Media Destruction Guidance Security Configuration Guides Applications Archived Guides Cisco Router Guides Current Guides Database Servers Fact Sheets IPv6 Operating Systems Apple Mac Operating Systems Linux Microsoft Windows Sun Solaris Supporting Documents Switches VoIP and IP Telephony Vulnerability Technical Reports Web Server and Browser Guides Wireless Standards Profiles System Level IA Guidance TEMPEST Overview TEMPEST Products: Level I Certified Confirmed Deficiencies Suspended Terminated No Longer Produced TEMPEST Products: Level II Certified Confirmed Deficiencies Suspended Terminated No Longer Produced TEMPEST Company POCs Certified Suspended Terminated TEMPEST Zoned Equipment IA Academic Outreach National Centers of Academic Excellence in IA Education CAE/IAE Program Criteria CAE-R Program Criteria Colloquium Institutions SEAL Program Applying FAQs IA Courseware Evaluation Program Institutions FAQs Student Opportunities IA Business and Research IA Business Affairs Office Certified Product Sales and Support Commercial COMSEC Evaluation Program Commercial Satellite Protection Program Independent Research and Development Program User Partnership Program National IA Research Laboratory Partnerships with Industry NIAP and COTS Product Evaluations IA Programs Global Information Grid High Assurance Platform Releases Computing Platform Architecture and Security Criteria IA Training and Rating Program Inline Media Encryptor Suite B Cryptography IA Careers Contact Information
.
Skip Search Box

FAQ's

1. What is the objective of the CAEIAE program criteria?
The criteria are designed to measure and recognize the depth and maturity of Information Assurance (IA) academic programs and to stimulate the development of broad-ranging IA programs to meet the varying needs of the student population, including workforce professionals, as well as the employment needs of government and industry. Institutions successfully meeting the criteria are "designated" as National Centers of Academic Excellence in Information Assurance Education by the National Security Agency and the Department of Homeland Security. The criteria are not designed to the discriminating level required of programs offering a specific "accreditation"; or "certification." Accreditation and certification establish a minimum set of criteria to assure that a basic level of quality instruction is provided in a field of study. National Centers of Academic Excellence in Information Assurance Education are expected to be national role models.

Back to Top

2. How do Information Assurance (IA) and Information Systems Security (INFOSEC) differ and are the terms used interchangeably in the criteria?
Information Assurance is the preferred skill. There is a national movement from Information Systems Security to the more complex discipline of Information Assurance. Recognizing the current state of transition, the terms are used interchangeably in the criteria. Definitions from the National Information Assurance Glossary, Committee on National Security Systems Instruction (CNSSI) 4009, revised June 2006, follow:
  • Information Assurance (IA) - Information Assurance comprises measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.
  • Information Systems Security (Information Security, ISS, INFOSEC) - Protection of information systems against unauthorized access to or modification of information whether in storage, processing, or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.

Back to Top
3. How were the criteria developed?
The criteria were developed by the National Security Agency in consultation with key information assurance representatives from academia, industry, and government.

Back to Top
4. Why were the original CAEIAE criteria revised?
Because of the dynamic nature of the field of Information Assurance, the criteria are assessed annually. The criteria are revised to raise the program standards and keep pace with the increasing depth and maturity of university programs in Information Assurance.

Back to Top
5. Why do the criteria reflect an emphasis on research?
Research-based education versus textbook-centric instruction develops a much-needed skill set and contributes to meeting national research needs. Research in Information Assurance also provides the students and teachers with a method to keep IA curricula current and relevant.

Back to Top
6. Is it appropriate to use the same criteria for graduate and undergraduate programs?
Recognizing that graduate and undergraduate programs address differing levels of depth, their treatment in the same criteria is deemed appropriate at this time. Within the criteria, there are ways to discern differences.

Back to Top
7. Why is there an emphasis on graduate programs?
The critical demand for Information Assurance education, as well as IA faculty, requires an emphasis on graduate programs. Traditionally, changing undergraduate programs of study often appears to interfere with existing accreditations (e.g., ACM). We are working with existing accreditation authorities to increase recognition for undergraduate studies in IA.

Back to Top
8. Why is there an emphasis on distance learning?
Distance learning is an effective means to meet the needs of the global workforce.

Back to Top
9. How does one define an area of study?
The ever-changing nature and complexity of providing Information Assurance to heterogeneous distributed systems requires focused study. This study, while multi-disciplined in nature, should be steeped in technology. Areas of study or focus areas in universities allow for this in-depth study. Focus areas range from majors within majors, to minors within minors, to simply a declared set of elective choices of study from which a student can choose. Evidence that a university has given thought to the scope, sequence, and content of such concentrated study should be recognized.

Back to Top
10. Can two or more universities partner to meet the criteria?
Applications based on partnerships will be considered; however, designation as a National Center of Academic Excellence in Information Assurance Education may only be granted to the lead university where the declared Center for Information Assurance Education resides. The certificate of designation would reflect the lead university and also recognize the collaborating institution.

Note: Collaborating schools will only be recognized when sufficient evidence reflects that students from both schools have unfettered access to the complete Information Assurance curriculum.

Back to Top
11. What if a university has two schools, each with declared Information Assurance Centers? Can those schools within a university each be declared as a National Center of Academic Excellence in IA Education?
National Centers of Academic Excellence in Information Assurance Education are declared at the university level. In a university that has multiple programs, each of significant strength in teaching Information Assurance, interprogram collaboration is highly encouraged. An example of this collaboration might be for those individual Information Assurance Centers to be pulled under the umbrella of an institute.

The National Centers of Academic Excellence in Information Assurance Education Program provides increased availability of learning in Information Assurance (IA) Education through a network of leading institutions and authorities in IA Education.

Back to Top

  

Date Posted: Nov 14, 2008 | Last Modified: Nov 14, 2008 | Last Reviewed: Nov 14, 2008

  
bottom
National Security Agency / Central Security Service