scope:

a. This Order establishes an agency-wide ISS approach that supports the FAA's ISS Awareness and Training Program. Federal statutes and regulatory requirements defined in the National Institute of Standards and Technology (NIST) Special Publications (SP) establish the requirements and recommendations of this Order. This Order does not address facility, personnel, or privacy awareness training or National Security Systems (NSS), computer systems that process classified information. Any questions regarding NSS should be directed to the Assistant Administrator for Security and Hazardous materials (ASH-1).

b. This Order applies to all personnel accessing FAA-owned or FAA-controlled information systems. An FAA-controlled information system or device is one that, although may be owned by another entity (such as a contractor), is used in performing agency work.

Purpose of This Order. This Order establishes the Federal Aviation Administration (FAA) Policy for an agency-wide Information Systems Security (ISS) Awareness and Training Program. This Order assigns the framework, roles, and responsibilities for the ISS Awareness and Training Program. Employees represent one of the most significant vulnerabilities to security, and individuals' actions can positively or negatively affect the confidentiality, integrity, and availability of information and information systems.