The contractor shall provide IA technical system administration support at each site on all IA accredited training devices.

Incorporate and maintain trainer IA programs that identify: IA architecture requirements, objectives, and policies; IA personnel; and IA processes and procedures. This includes the maintenance and performance of the tasks identified by the IA controls listed in DoDI 8500.2 series, the System Security Authorization Agreement (SSAA), and the Designated Approval Authority (DAA) Accreditation memorandum for the corresponding Mission Assurance Category III (MAC III), classified training equipment.

Provide IA security oversight for IA accredited training devices to include: coordinating with the site COR on IA security measures, and assisting with analyzing security procedures and periodic testing, evaluation, verification, accreditation, and review of information system installations at the appropriate classification level.

Assist and support the site COR with the implementation of the Information Assurance Vulnerability Management Program (IAVMP). Implement/install applicable government-directed patches including: Information Assurance Vulnerability Alerts (IAVA), Information Assurance Vulnerability Bulletins (IAVB), and Information Assurance Technical Advisories (IATA) for the trainer operating system(s) and software applications. Assist and support the COR in vulnerability management updates.

Ensure information ownership responsibilities are followed to include accountability, access approvals, and special handling requirements.

Maintain logs and repository of accreditation and certification documentation for IA accredited trainers.

Ensure IA compliance monitoring IAW DoDI 8500.2 series, review the results of such monitoring, and notify the proper authorities of the results of the review as designated by the COR.

Ensure site IA security procedures are implemented in accordance with configuration management policies and practices.

Assist in the re-accreditation process as a subject matter expert for IA accredited training devices.

Implement government directed technical vulnerability corrections.

Perform weekly antivirus software updates and scans.

Implement and enforce DoN systems account access and password policy IAW SECNAV M-5239.1 series.

Ensure the administration of privileged user accounts IAW system role-based access schemes as per site operating procedures and COR authorization. Assist the COR in maintaining accounts currency to ensure that individual accounts designated as inactive, suspended, or terminated are promptly deactivated and associated passwords are disabled and removed.

Ensure system audit logs are reviewed weekly and any security violations are reported to the COR. Ensure audit log records are backed up and maintained IAW DoDI 8500.2 series controls.

Perform data backup at least weekly (if there is a change) and store backup data, IAW DoDI 8500.2 series controls (may be specified via a Maintenance Requirement Card (MRC)).

Ensure all media and data storage is properly marked and labeled per policy and guidance documents (i.e., SECNAV M-5510.36 series.

Ensure that the network device program activities are carried out for the network control devices (e.g., firewalls, routers, switches), IAW DOD policy and organization specific guidelines, including maintaining configuration of network control devices IAW Defense Information Systems Agency (DISA), Security Technical Implementation Guides (STIGs) and National Security Agency (NSA) security guidelines to protect the network control devices from unauthorized access. Conduct quarterly tests for changes and updates made to the network control devices to ensure integrity IAW the systems Configuration Management Plan (may be specified via a MRC).

Ensure COMS contract personnel receive initial and annual IA awareness training. All IA training shall be documented and available for COR review at any time.

The Contractor shall provide a summary document of all IA activities in the Contractor's format that shall be presented in the Annual Site Review at each site.