>>Centers of Academic Excellence

1. What is the objective of program criteria?

The criteria are designed to measure and recognize the depth and maturity of Information Assurance (IA) academic programs, and to stimulate the development of broad-ranging IA programs in order to meet the varying needs of the student population, including work-force professionals, as well as the employment needs of government and industry. Institutions successfully meeting the criteria are "designated" as National Centers of Academic Excellence in Information Assurance Education by the Department of Homeland Security and the National Security Agency. The criteria are not designed to the discriminating level required of programs offering a specific "accreditation" or "certification." Accreditation and certification establish a minimum set of criteria to assure that a basic level of quality instruction is provided in a field of study. National Centers of Academic Excellence in Information Assurance Education are expected to be National role models.

2. How do Information Assurance (IA) and Information Systems Security (INFOSEC) differ, and are the terms used interchangeably in the criteria?

Information Assurance is the preferred skill. There is a national movement from Information Systems Security to the more complex discipline of Information Assurance. Recognizing the current state of transition, the terms are used interchangeably in the criteria. Definitions from National Security Telecommunications and Information Systems Security Instruction (NSTISSI) No. 4009, August 1997, follow:

• Information Assurance (IA) - Information operations that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.



• Information Systems Security (Information Security, ISS, INFOSEC) - Protection of information systems against unauthorized access to or modification of information whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats.

3. How were the criteria developed?

The criteria were developed by the National Security Agency in consultation with key information assurance representatives from academia, industry, and government.

4. Why were the original criteria, dated November 1998, revised?

Due the dynamic nature of the field of Information Assurance, the criteria are assessed annually. The criteria are revised to raise the program standards and keep pace with the increasing depth and maturity of university programs in IA.

5. Why do the criteria reflect an emphasis on research?

Research-based education versus textbook centric instruction develops a much needed skill set and contributes to meeting national research needs.

6. Is it appropriate to use the same criteria for graduate and undergraduate programs?

Recognizing that graduate and undergraduate programs address differing levels of depth, their treatment in the same criteria is deemed appropriate at this time. Within the criteria, there is reason for discerning differences.

7. Why is there an emphasis on graduate programs?

The critical demand for IA education as well as IA faculty demands an emphasis on graduate programs.

8. Why is there an emphasis on distance learning?

Distance learning is an effective means to meet the needs of the global work force.

9. Why is consideration being given to certificate programs?

Certificate programs in IA are expanding to meet the IA educational needs of the work force population and their contribution to advancing the state of IA education for the current work force cannot be overlooked. These customized programs recognize the dynamic nature of IA and provide state-of-the-art educational benefits immediately applicable on the job.

10. How does one define a concentration of study?

The ever-changing nature and complexity in providing information assurance to heterogeneous distributed systems requires focused study. This study, while multidisciplined in nature, should be steeped in technology. Concentrations of study in universities allow for this in-depth study. Concentrations range from majors within majors, to minors within minors, to simply a declared set of elective choices of study from which a student can choose. Evidence that a university has given thought to the scope, sequence, and content of such concentrated study should be recognized.

11. Can two or more universities partner to meet the criteria?

Applications based on partnerships will be considered; however, designation as a National Center of Academic Excellence in Information Assurance Education may only be granted to the lead university where the declared Center for Information Assurance Education resides. The certificate of designation would reflect the lead university and also recognize the collaborating institution. Note: Collaborating schools will only be recognized when sufficient evidence reflects that students from both schools have complete unfettered access to the complete IA curriculum.

12. What if a university has two schools, each with declared IA Centers? Can those schools within a university each be declared as a CAEIAE?

National Centers of Academic Excellence in Information Assurance Education are declared at the university level. In a university which has multiple programs, each of significant strength in teaching IA, inter program collaboration is highly encouraged. An example of this collaboration might be for those individual IA Centers to be pulled under the umbrage of an institute.