FORT HOOD INFORMATION ASSURANCE SECURITY OFFICER/

SYSTEM ADMINISTRATOR GUIDE

Provided by Ft. Hood NEC IAPM Branch
26 June 2009

Current as of:

1. ABOUT THIS DOCUMENT:

HOW TO USE THIS DOCUMENT: this document will provide
all the information you need to get your System Administrator
(SA)/Information Assurance Security Office (IASO) packet
submitted and approved. It will also provide you with the basic
tools and instructions that you will need to administer
computers in your organizational unit (OU), perform basic
requests for your current network users and request Ft. Hood
accounts for new computer users. Keep this document for
future reference!
WHO SHOULD READ THIS DOCUMENT: commanders,
IMOs, all S-6/G-6 shop personnel, prospective SA/IASO
applicants.
HOW TO READ THIS DOCUMENT: be sure to note whether
the document is referring to IASO or SA training requirements.
The quickest way to get frustrated with the process is to turn in
your SA packet with IASO certificates. There are differences!!
Pay attention!!!
WHAT THIS DOCUMENT REFERS TO: this document only
explains the Armys and Fort Hoods minimum requirements for
privileged access. Your individual unit may mandate more
stringent requirements. Your first step should be to see your S6 or G-6 to find out if they have requirements over and above
the ones that the Army and Fort Hood imposes per DOD 8570.01
and the Information Assurance (IA) Training and Certification
BBP.
2. WHICH POSITION IS IDEAL FOR YOU?
Every unit must have 1 primary IASO and 1 primary Systems
Administrator. Keep this in mind when appointing IA
personnel. Yes, a person MAY be an IASO and an SA, but one
appointment must be primary and one appointment must be
alternate. For example, a primary IASO may be an alternate SA,
and vice versa. There is no difference in privilege between
primary and alternate, but the person must meet the training
requirements (including certifications) for both the IASO and SA
positions. Units can appoint multiple alternate IASOs and SAs.
WHAT IS AN IASO? The IASO position is a lot more
demanding (if done correctly) than most people realize. IASOs

are responsible for enforcing all IA policy within their unit,

ensuring that all users receive and understand all IA training,
ensuring all computers in their units are properly accredited,
reporting security violations, incidents and spillages to the
appropriate authorities, and coordinating the reporting and
compliance for IAVM. It truly is a managerial function, and
deserves more attention than is currently given by most units.
For this reason, the IASO position should be filled by a senior
member of the S6/G6 staff in order to properly facilitate the
enforcement of policy and procedure.
WHAT IS AN SA? The SA position is purely technical. The SA
is responsible for installing Army-approved (and Ft. Hood
approved!) hardware and software. The SA may also create and
modify Active Directory groups, and manage computer
attributes for their Active Directory (OU). The SA will also be
expected to troubleshoot issues with network connections,
programs, email and internet. Keep in mind that although the
Army and Central Texas College offer computer training courses
that you may take advantage of, there is no Ft. Hood SA training
class that teaches the basics. So unless you already have a good
store of computer knowledge, be prepared to learn on the fly.

3. GETTING YOUR PACKET READY:

Go to the NEC website> Information Assurance > IASO/SA
Training and Requirements
(https://wwwmil.hood.army.mil/doim/IASO_SA_TrainingAndRequ
irements.aspx) and print out the IA Personnel Requirements
Checklist, which contains the checklists for both IASOs and SAs,
as well as a quick-start set of instructions. ALL COURSES,
TEMPLATES AND WEBSITES REFERENCED IN THE
CHECKLIST CAN BE FOUND AT THE ABOVE-LISTED
WEBSITE. Remember, to access this website, you must
select your CAC Email certificate when prompted.
How do you know which checklist to use? SAs, your checklist
should be headed Systems Administrator. IASOs, your
checklist should be headed Information Assurance Security
Officer. Now, which level should you choose? All unit IASOs
will be appointed to IAM Level I. All in-garrison SAs working on
Ft. Hood NIPR/SIPR computers will choose IAT Level I. Heres
the tricky part, so read carefully: IAT Level II is for SAs who
will be working on tactical systems, working out in the field,
operating networking and switching devices, etc. If you will be
working on tactical systems ONLY, your orders should state IAT
Level II; you will NOT be given a NIPR SA privileged account. If
you will be working on Ft. Hood NIPR computers AND tactical

systems/operating network devices, etc., your orders must state

IAT Level I and Level II. And YES, you must meet training
requirements for Level I AND Level II.
Once you have the checklist you need, its time to start getting
the documents you need ready. As you read through this, please
note that some of the requirements are for IASOs, some of the
requirements are for SAs, and some are for everybody. Pay
close attention to which requirements you are responsible for.

4. ALL SAs AND IASOs WILL NEED:

Appointment orders: Make absolutely sure that you use the
appointment orders on the NEC website, for SA, IASO, alternate
SA or alternate IASO. Your orders must state whether your
position is Level I or Level II, and whether youre being
appointed for NIPR, SIPR or both. Your appointment orders
must also provide a telephone number where you can be
reached during the workday AND a 24-hour emergency number
(NOTE: this CANNOT be a staff duty number!!).
Security Clearance Verification: We need a current copy of
your clearance information from JPAS (must be less than 30
days old). This one document will prove security clearance,
status of investigation, country of citizenship and local
background check/favorable local review. Make sure that your
JPAS is under the ownership of your Ft. Hood unit, and that it
has passed through the Ft. Hood Installation Security Division.
See below for specific security clearance requirements for each
training level.
Ft. Gordon Managerial Level I Certificate: this 40-hour
course can be taken online and must be retaken every 2 years.
CIO G-6/NETCOM Information Assurance Technical Level
1 Certification: This is an 11-module Skillport course. Once
complete, this course will show as Obtained in the ATC
website, which is where the NEC and Netcom verify all training.
Access this course at https://usarmy.skillport.com> Catalog>
Army Custom Curricula> CIO/G6 NETCOM Information
Assurance.
o Module Names and Numbers
65777_eng - Operating Systems and TCP/IP
65873_eng - Encryption Technologies
65874_eng - Firewalls and VPNs
116122_eng - Microsoft Windows Server 2003: Network
Infrastructure and Active Directory Physical Design
111624_eng - Intrusion Detection and Risk Management
112553_eng - Windows XP: Fundamentals
126360_eng - Planning and Implementing an Active

Directory Infrastructure
125070_eng - TCP/IP
126380_eng - Implementing Active Directory Users and
Groups
126381_eng - Planning and Implementing Group Policy
125071_eng - IP Addressing and Routing

Commercial Certification: all IASOs and SAs must obtain an

Army-required commercial certification BEFORE privileges are
granted. See the paragraph entitled Getting Commercially
Certified below for the specifics on which exam to take, how
you get certified, training, exam vouchers, etc.
A&VTR Account: create an account at https://avtr.us.army.mil/.
Make sure your contact information is current. Create your
account under the RCIO pathway: 7th Signal Command
(Theater) Fort Gordon 106th Signal Brigade (106th Sig Bde)
Fort Hood (Hood).
ATC Account: create an account at https://atc.us.army.mil and
enter all applicable certifications and training. Create your
account under the RCIO pathway: 7th Signal Command
(Theater) Fort Gordon 106th Signal Brigade (106th Sig Bde)
Fort Hood (Hood).

5. SPECIAL REQUIREMENTS FOR IASOs:

Security Clearance: NIPR and SIPR IASOs must have all of
the preceding, plus proof of a valid Secret clearance (U.S.
Secret Access). This information needs to be provided to the
IAPM office in the form of a current JPAS, as described above.
CIO/G-6 NETCOM Information Assurance Security+: all 6
Security+ Skillport modules, including the TestPrep, must be
completed. Once complete, this course will show as Obtained
in the ATC website. Access this course at
https://usarmy.skillport.com> Catalog> Army Custom
Curricula> CIO/G6 NETCOM Information Assurance. Please
note: if you are already CompTIA Security+ certified, you do
NOT have to complete these modules.
o Module names and numbers:
65873_eng - Encryption Technologies
84869_eng - General Security Concepts
84870_eng - Communications Security
84871_eng - Infrastructure Security
84873_eng - Operational and Organizational Security
TPSY0101_eng - TestPrep SY0-101 Security+

Ft. Hood Security+ Class: you must enroll in the Ft. Hood
Security+ class online and include a confirmation of enrollment
in your packet or a certificate if you have completed the course
already. Keep in mind, to attend this class, your packet must be
complete (minus the class itself and commercial certification)
and in the IAPM office. The class instructors will contact IAPM
prior to class starting to verify that all packets have been turned
in. Also, do not be a no show to this class (failing to attend
without cancelling or notifying the instructors policy states
that notification of cancellation must be received by the
instructors no later than the Tuesday prior to the start of the
course). Your commander will receive a notification letter and it
will be noted in your file. Any applicant who is a no-show twice
will have his/her packet destroyed and will forfeit all privileges.
STAND-BY ATTENDANCE: If you would like to attend this
class on a stand-by or walk-in basis, you STILL must turn your
completed packet into the IAPM office BEFORE the start of
class.

6. SPECIAL REQUIREMENTS FOR SA LEVEL I:

Security Clearance: US citizenship and proof of Secret
clearance (U.S. Secret Access) is required, as well as a favorable
review of local personnel, base/military, medical and other
security records as appropriate. This information needs to be
provided to the IAPM office in the form of a current JPAS, as
described above.
Skillport CompTIA A+ 220 601 & 602 Modules or
CompTIA Network+ 2005 Skillport modules, depending on
whether you want A+ or Net+ certification: Once complete,
this course will show as Obtained in the ATC website. Access
the A+ module at https://usarmy.skillport.com. Please note: if
you are already A+ or Net+ certified, you do not need to
complete these modules.
o A+ 601 IT Essentials Module Names and Numbers
242525_eng - Personal Computer Components
242526_eng - Laptop Components, Peripherals, and
Networks
242527_eng - Operating Systems
242528_eng - Security, Safety, and Communication
TP220601_eng - TestPrep 220-601 A+ Essentials
o A+ 602 IT Technician Module Names and Numbers
245875_eng - Installing, Configuring, and Troubleshooting
PC Components
245876_eng - Working with Laptops and Portable Devices

245877_eng - Understanding and Maintaining Networks

245878_eng - Maintaining Operating Systems
245879_eng - Installing and Troubleshooting Printers and
Scanners
245880_eng - Managing IT Security
245881_eng - Recognizing Safety Procedures, Effective
Communication, and Professional Behavior
TP220602_eng - TestPrep 220-602 A+ IT Technician
o Network+ Module Names and Numbers
218678_eng - The Fundamentals of Networking
218693_eng - LAN Technologies
218703_eng - Networking Protocols
218741_eng - IP Addressing and Subnetting
221224_eng - Working with TCP/IP
218759_eng - WANs and Remote Connectivity
218763_eng - Network Operating Systems and Clients
218760_eng - Network Security
218761_eng - Network Troubleshooting
218762_eng - Fault Tolerance and Disaster Recovery

Ft. Hood Security+ Class: you must enroll in the Ft. Hood
Security+ class online and include a confirmation of enrollment
in your packet or a certificate if you have completed the course
already. Keep in mind, to attend this class, your packet must be
complete (minus the class itself and commercial certification)
and in the IAPM office. The class instructors will contact IAPM
prior to class starting to verify that all packets have been turned
in. Also, do not be a no show to this class (failing to attend
without cancelling or notifying the instructors policy states
that notification of cancellation must be received by the
instructors no later than the Tuesday prior to the start of the
course). Your commander will receive a notification letter and it
will be noted in your file. Any applicant who is a no-show twice
will have his/her packet destroyed and will forfeit all privileges.
STAND-BY ATTENDANCE: If you would like to attend this
class on a stand-by or walk-in basis, you STILL must turn your
completed packet into the IAPM office BEFORE the start of
class.

7. SPECIAL REQUIREMENTS FOR SA LEVEL II:

Security Clearance: Proof of US citizenship and proof of
Secret clearance (U.S. Secret Access) is required; if you will
have administrative access to networking devices, you must also
have an SSBI, or one initiated. This information needs to be

provided to the IAPM office in the form of a current JPAS, as

described above.
CIO/G-6 NETCOM Information Assurance Security+: all 6
Security+ Skillport modules, including the TestPrep, must be
completed. Once complete, this course will show as Obtained
in the ATC website. Access this course at
https://usarmy.skillport.com> Catalog> Army Custom
Curricula> CIO/G6 NETCOM Information Assurance. Please
note: if you are already CompTIA Security+ certified, you do
NOT have to complete these modules.
o Module names and numbers:
65873_eng - Encryption Technologies
84869_eng - General Security Concepts
84870_eng - Communications Security
84871_eng - Infrastructure Security
84873_eng - Operational and Organizational Security
TPSY0101_eng - TestPrep SY0-101 Security+
Ft. Hood Security+ AND NMS Courses: you must enroll in
both Ft. Hood Sec+/NM classes online (2 weeks total classroom
time) and include a confirmation of enrollment in your packet or
the two certificates if you have completed the course already.
Keep in mind, to attend this class, your packet must be complete
(minus the class itself and CompTIA certification) and in the
IAPM office. The class instructors will contact IAPM prior to
class starting to verify that all packets have been turned in.
Also, do not be a no show to this class (failing to attend
without cancelling or notifying the instructors - policy states
that notification of cancellation must be received by the
instructors no later than the Tuesday prior to the start of the
course). Your commander will receive a notification letter and it
will be noted in your file. Any applicant who is a no-show twice
will have his/her packet destroyed and will forfeit all privileges.
STAND-BY ATTENDANCE: If you would like to attend this
class on a stand-by or walk-in basis, you STILL must turn your
completed packet into the IAPM office BEFORE the start of
class.

8. GETTING COMMERCIALLY CERTIFIED:

Which Exam to Take:
o IASO: All IASOs must take the Security+ CompTIA
examination.
o SA Level I: All Level I SAs may choose to take either the
A+ or Net+ exam.
o SA Level II: All Level II SAs must take the Security+
exam. However, if, prior to appointment, the SA was

certified in an IAT Level II or III DoD Approved Baseline

Certification (see the Information Assurance (IA) Training
and Certification Best Business Practice for DoD Approved
Baseline Certifications), this certification may fulfill the
requirement. Please direct any questions to the IAPM
office.
o Combination Appointments: if you are serving in more
than one capacity (for example, SA/IASO or SA Level I/SA
Level II), you will need to achieve certifications that will
fulfill requirements for both levels. That being said, the
good news is that Security+ certification will fulfill both
requirements.
Training: The Ft. Hood Security+ 1-week class will cover what
you need to know in order to successfully become Security+
certified. There is currently no training offered by Ft. Hood for
the A+ certification exams, but there are many good study
guides in bookstores and online. Also, Skillport offers several
modules that are designed to assist you in becoming A+
certified.
Vouchers: the good news is that (if you are military or a
civilian (GS) employee) you dont have to pay for your own
exams; NETCOM provides vouchers that will cover the exam
cost. Before you can be awarded a voucher, you MUST have
current appointment orders (for each position you are currently
holding) uploaded on the ATC website. NETCOM will not pay
for you to take an exam that you do not need, so make sure you
have your appointment orders loaded. There is an instruction
document on the NEC website entitled User CompTIA PreAssessment Instructions that details how to fill out and submit
your voucher request form and complete and submit the
applicable preassessment tests. We will request the voucher
from NETCOM. Keep in mind that the entire request process
could take up to 2 weeks. Please note: NETCOM vouchers
are NOT available to contractors.
Scheduling the Exam: once you have your voucher, you must
schedule your exam within the prescribed period or your
voucher will expire, and your SA/IASO account will be disabled.
NETCOM will provide you with the contact information
necessary to schedule your test.
What if I Fail? If you fail your certification exam on the first
try, dont worry. NETCOM provides 2 vouchers for each exam.
So if you fail, study what you didnt understand and request an
additional voucher after completing the NETCOM-required
retraining courses (see the ATC website for details). Keep in
mind that you only get 2 vouchers, so if you fail a second time,

you will have to pay for any additional attempts at certification.

However, GI Bill/VA reimbursement is available to eligible
soldiers.
o Retraining Procedures: to get your 2nd voucher, you
must complete the Retraining required by NETCOM. You
can find these requirements on the ATC website under
Compliance Information. NETCOM will NOT give you a
2nd voucher unless these requirements are met. Also,
please note that there is a waiting period of 30 days
before the 2nd voucher will be granted. And yes, while
youre retraining, your SA/IASO account will be disabled,
so please wait until youre ready to take this exam.
Reporting Certification: once youre certified, bring or email
a copy of your score reports or your certificate to the IAPM
office to be included in your packet. Also, be sure to report your
results on the ATC website within 30 days of receiving your
results.

9. PACKET COMPLETION:
Submission:
o Upload your SA/IASO/NIPR/SIPR orders to ATC
o Upload your Ft. Hood Computer User Agreement to ATC
in the Acceptable Use Policy space.
o Submit a Remedy ticket and attach the following in 2
separate files:
Your JPAS report, Ft. Hood ownership, with US
Secret Access granted. Before you scan this form in,
COMPLETELY BLACK OUT YOUR SOCIAL
SECURITY NUMBER, BIRTHDATE AND PLACE OF
BIRTH.
The digitally-signable voucher request form and
CompTIA preassessment score reports.

o The IAPM office will process your packet within 5-7

business days and will email you when it is complete.
Please do not call or drop by the office to check on the
status of your packet. Once it is complete and your
account has been created, you will be the first to know.
Keep a Copy!!!!: there may be times in the future when you
need a copy of your orders, privileged user agreement, etc.
Heres the solution: keep a copy of your packet. Dont expect
to be able to count on anyone else to keep a copy for you and
always have the information you need. Its your packet you

keep up with it. Remember, SA/IASO orders are inspectable

items!
Signing for Your Account: once you have received
notification that your account has been created, come in to the
IAPM office to sign for your password, which you will create.
Remember that the password must be strong, which means it
must contain 2 uppercase, 2 lowercase, 2 numbers and 2 special
characters, and it must contain at least 15 total characters.
Also, keep in mind that your SA/IASO password is private, and is
NOT to be shared, no matter how busy you are or how much you
trust the person youre giving it to. Sharing your password is a
security violation and will result in revocation of privileges.
SIPR Accounts: to qualify to be a SIPR SA, you must have the
following:
o SIPR SA orders uploaded to ATC
o Ft. Hood SIPR user account
o AKO-S account
Once you meet all requirements, submit a Remedy ticket
requesting that your SIPR SA account be created. You will be
notified when it has been created and when you may come to set
your password.
ATC Maintenance: the ATC website exists to keep track of all
required training which, as you may know, can change from
time to time. After you sign for your password, you must upload
your signed privileged user agreement into ATC.
ASCL Card: An ASCL Card allows you to login with your
privileged account using a special CAC. The only thing you have
to do to be eligible for an ASCL card is to keep your account
current, that is, dont let it lapse or disable through lack of use.
The IAPM office will submit your name to NETCOM to receive
an ASCL card, and you will be notified when your card has been
received and is ready to pick up. This card is an accountable
item that must be turned in when you leave your IASO/SA
position or depart from the installation.

10. NOW WHAT????

Now that you have your account, youre ready to begin your
duties. Really? Most new SAs/IASOs, even though they may
have the technical skills necessary to do their jobs, do NOT have
the information necessary to get what they need on Ft. Hood.
The next few sections are guides on how to get the information
you need, who can provide services for you, and who to call if
you need help.
11. THE NEC WEBSITE:

The NEC homepage (https://wwwmil.hood.army.mil/doim) is an

excellent reference point. You can find out which NEC
departments are responsible for providing specific services to
you; you can find and print out forms, policies and memos and
points of contact there as well.
Account Creation: the account creation tool is located on the
NEC homepage. This is where you can request that accounts be
created for your general computer users and where you can find
the documents necessary for requesting SIPR accounts
(https://hd.hood.army.mil/). Before you request the account,
make sure that the user meets all personnel security standards
(as verified with the unit S2/Security Manager), has completed
all necessary training, has signed the Ft. Hood computer user
agreement, has taken DOD IA Awareness Test (IASOs must keep
copies of test certificates!), and has a CAC (if authorized to have
one). To find the users EDIP number, use the EDIP lookup tool
when you request the users account. PLEASE make sure you
spell everything correctly when requesting the account, and
obtain the users AKO username to ensure that it matches the
Ft. Hood username you submit. If you do not, the user may
have future issues receiving email and signing into his/her
computer. If you have a problem with our Account Creation
tool, call the NEC Help Desk at 287-DOIM or submit a Service
Ticket (discussed below).
Ft. Hood Approved Software List: located on NEC website,
Information Assurance, Approved Products List, this is your first
stop to find out if you are allowed to use certain software on Ft.
Hood. Remember, just because software may be DoD-approved
or DoD-created or even Army-approved, THIS DOES NOT
MEAN THAT YOU CAN USE IT ON FT. HOOD!!! We have
procedures to get software approved see the FAQ section on
the NEC website for the procedures.
System Certification and Accreditation Packets: Whether
you need accreditation for SIPR, NIPR, Field Exercise or
STAMIS systems, you can find the forms you will need on the
NEC homepage, Information Assurance, Certification and
Accreditation Packets/Networthiness Information.
o SIPR: SIPR accreditation packets are necessary not only
when new SIPR systems or infrastructure is placed in your
units buildings, but also upon change of unit commander,
addition or deletion of inventory or change of building.
o NIPR: The Fort Hood backbone network is currently
undergoing reaccredidation under DIACAP. Once
completed, all units will have to complete their NIPRNet
administrative connectivity packet. More details to follow.

o FIELD EXERCISE: generally for training purposes, this

packet must be filled out and turned into NEC no later
than 30 days prior to the start of the exercise.
o STAMIS and/or ABCS: STAMIS (Standard Army
Management Information System) systems are logistics
systems that generally sit in the enclave, an isolated
section of the Ft. Hood NIPR network. STAMIS systems
require accreditation packets submitted to the IAPM office
before the systems can be connected to the network.
ABCS (Army Battle Command Systems) are tactical
systems, they can be classified or unclassified, and may
require special access.
Sharepoint Links: Each unit has its own Sharepoint area,
where you can find lots of
information and IAVA downloads.
(https://wwwmil.hood.army.mil/doim/IASO_SA_SharePoint_Links
.aspx)
Helpdesk Ticketing System: many SAs and IASOs find it
more pleasant to submit a service ticket online rather than wait
in the call queue, especially if the issue is not one that needs to
be resolved immediately. Access the portal at
https://helpdesk.hood.army.mil, using your email certificate
when prompted. Be sure to have all necessary information
handy when you submit your ticket, and remember that your
problem will be handled more quickly when you enter the
correct information the first time.
Training Information: Not only can you find basic IA training
requirements, but you can also read up on current policies and
responsibilities of users, privileged users and commanders.
Recommended resources are the Information Assurance
Working Group (IAWG) slide presentations
(https://wwwmil.hood.army.mil/doim/IA_Policy_Compliance.aspx)
. The IAM office hosts a quarterly IAWG, discussing many issues
integral to the duties of all IA personnel. Reading these concise,
yet informative presentations may answer many of your
questions regarding IA policy and procedure. Not outlined on
the NEC website but still of note is the NEC IMSC, a quarterly
meeting where all NEC departments discuss their latest
developments and projects. Keep a watch out for notifications
through the IASO/SA Email Distribution List.
Policies: many policies specific to Ft. Hood, including the SIPR
security policy and the Network Access policy, are located on
the NEC website, Fort Hood Policies. This section should be
your first stop in policy-related matters.

Link to Army Small Computer Program: here is the place to

purchase and/or download Army-approved software; you can
also find information on purchasing IT systems through the
Consolidated Buy program. https://chess.army.mil.
Frequently Asked Questions: most of the questions you might
have on a daily basis can be answered here. The FAQ site is
located on the NEC webpage, Information Assurance, FAQ, or
use the link below:
https://wwwmil.hood.army.mil/doim/FAQ.aspx?Ident=IA

12. THE NEC PUBLIC FOLDER:

This is one of the most useful resources for SAs. In this folder
youll find Blackberry setup software and instructions, Outlook
Web Access (OWA) instructions, VPN software and PureEdge
software, as well as commonly-used drivers and other useful
items. To access this folder, click the Start button on your
taskbar, click Run, type in \\Hooda7doimsr149\hood_public
and click OK.
There are also programs youll find extremely handy, such as
ActivClient and Tumbleweed updates.
CAC reader drivers for several different models are also located
in this folder.
Remember, you must be an SA to download and install any of
these programs.
13. THE NEC HELPDESK:
The NEC Customer Support helpdesk located at building 2204 is
the Branch that IASOs and SAs are most familiar with.
Everything from remote assistance to imaging services happens
here.
Contacts: you can contact the helpdesk via the phone queue
(287-DOIM) or log in to the helpdesk web portal
(https://helpdesk.hood.army.mil).
Hours of Operation: phone and window service is available
from 0700-1800 Monday through Friday, excluding holidays, of
course.
Imaging: Imaging appointments for NIPR computers are
scheduled online. See the NEC website, under Service Desk
Imaging Services for the appointment link and for all imaging
requirements. If you cannot access this resource, please submit
a Helpdesk ticket and we will make sure your credentials are in
our database. SIPR imaging is coordinated through the IAPM
office.
VPN Accounts: if one of your users has justification to access
the Ft. Hood network off post via his/her government computer,

you can request a VPN account for that user. Instructions for
requesting VPN accounts may be found at
http://www.hood.army.mil/doim/remote_access.aspx.
The helpdesk does NOT handle hardware issues. If you know
that you are having a hardware-related problem with your
computer, the correct answer is to call Tobyhanna at 288.5079
or 288.0905.
SIPR Helpdesk:
o Contacts: The SIPR Helpdesk telephone number is 287DOIM, select Option #2.
o Office Hours: The SIPR Helpdesk is located in Building
#2204, and is open from 0730- 1130 and 1230-1630
Monday Friday.

14. TELEPHONE SERVICES:

We wont go into too much detail about telephones, as they are
NOT part of an SAs responsibilities. To request telephone
services, you must be appointed as TCO. If you are a TCO,
remember that wired telephone service requests are NOT
processed through the NEC helpdesk web portal, but through
another system called CAIRS
(http://150.114.200.30/WWO/SignIn.aspx?ReturnUrl=%2fWWO
%2fdefault.aspx).
Blackberries: the only exception to the telephones are NOT
part of an SAs responsibilities rule is the Blackberry. While
you may not request Blackberry services if not a TCO, SAs ARE
expected to troubleshoot and sync Blackberries. If you need
help with this, there are several knowledgeable folks at the NEC
helpdesk that can assist you. Please note, only governmentpurchased Blackberries authorized for purchase (see the TWEDs
list, https://informationassurance.us.army.mil, for
authorized Two-Way Email Devices) may be synced with
government computers.
15. ACTIVE DIRECTORY:
Use this link to download the Admin Pack, which includes Active
Directory. http://www.microsoft.com/downloads/details.aspx?
FamilyID=C16AE515-C8F4-47EF-A1E4A8DCBACFF8E3&displaylang=en
Remember, you can only administer computers that are in your
own OU. And not only must they be in your OU, they must be
set up to be administered by the SAs in your OU. So, if a
computer tells you that you dont have enough privileges to
administer, check to see if the computer is actually part of your
OU. If so, check to see if the SA admin group for your OU is

actually on the computer. If its not, attempt a gpupdate/force

and reboot. If this doesnt work, submit a trouble ticket to get
the admin group added.
IASO Admin Rights: like we stated above, the IASO position is
largely managerial, so there are very few rights IASOs have that
general users dont have in Active Directory. Basically, IASOs
can unlock users accounts and do NOT have admin privileges
on computers beyond those of a general user.
SA Admin Rights: SAs can load Army and Ft. Hood approved
hardware and software on systems in their own OUs; in Active
Directory, they can create and modify groups in their OUs, and
modify attributes of computers in their OUs.
NEW COMPUTERS OU: after computers are imaged, they are
put in the new computers OU for approximately 7 business days
to allow SAs to add software and hardware using the default
admin login. See the NEC helpdesk for the password. When
computers are in the new computers OU, they are NOT in YOUR
OU, which means that you cant use your SA login/password to
administer these systems.

16. ARMY KNOWLEDGE ONLINE (AKO):

Approved Products List: Visit the Networthiness Info
Knowledge Center (https://www.us.army.mil/suite/kc/6655214).
The Valid CoNs (Certificate of Networthiness) List is out there,
which includes all software approved to operate on government
systems. HOWEVER, remember that just because the product is
listed here does not mean that you can simply load it on
whatever system you like. You must first check the Ft. Hood
Approved Software List on the DOIM website, IA
Policy/Compliance Home. If the software is on that list, you may
purchase it and load it on your systems as long as you follow
instructions in the CoN, and all correct purchasing/licensing
guidelines. If the software is NOT on the Ft. Hood Approved
List, but IS on the Army Approved Products list, submit a ticket
to bring your request before the Configuration Control Board
(CCB) before purchase.
LOGIAC (Tactical Logistical Systems Information Assurance
Community): this page
(https://www.us.army.mil/suite/page/101760) is an invaluable
resource, especially for SAs of units fond of STAMIS systems.
Just add yourself to the group membership, and you can view all
C&A documents and the latest information for most STAMIS
packets.
17. IASO/SA DISTRO:

Many Army policy statements and deadlines go out over email,

through the IASO/SA Distro, of which you will be a member
once your packet is processed. Dont simply delete these
messages. Read them and archive them, because you never
know when you will need them to answer a question you might
have.

18. https://informationassurance.us.army.mil
This is an invaluable website that provides access to Best
Business Practices (BBPs), policies and other guidance,
information on the latest internet hoaxes/scams, links to
downloadable IA tools, current Two Way Email Device (TWEDs)
lists, and more.
19. TIPS, TRICKS & THINGS YOU SHOULD KNOW
CAC Enforcement: computers in your OU are CAC-enforced,
which means you CANNOT log in to your computers using your
SA/IASO userid and password without getting a one-time nonCAC login from the NEC helpdesk. To administer your
computers, you need to use the run-as command. Instructions
for using the run-as command are located on the NEC website.
Scanning: SAs are able to scan their own systems for
vulnerabilities using Retina software. To obtain a license for
Retina, SAs must complete the Retina training course at
https://iatraining.us.army.mil/ usermgmt/login.htm. Next, go to
the ACERT site at https://www.acert.1stiocmd.army.mil/index.jsp
and follow the instructions at Tools > Downloads> Retina. After
submitting a soft copy of your certificate and Retina license
application to the IAPM office, you will receive a license key and
will be able to complete Retina installation.
IAVM Reporting: IASOs and SAs have a shared responsibility in
making sure that all systems are IAVM (Information Assurance
Vulnerability Management) Compliant. IAVA Compliance
Spreadsheets (including system compliance and user training
compliance) will be emailed to the SA/IASO Distro each time
there is an update. IASOs are responsible for compliance
management, basically, making sure that each system is
scanned and patched as necessary and that each user has
received the appropriate training. SAs are responsible for
physically scanning, patching each system and reporting
completion to the IASO. IAVM reporting is a weekly
responsibility for both NIPR and SIPR systems.
Port Security: most buildings on Ft. Hood have port security
enabled, which basically means that one port works with one
specific MAC address. If a computer is unplugged from one port

and plugged into another port, that port will be disabled and no
computers will work in that port until it is re-enabled. This
means that you cannot move computers around in your
buildings without requesting that port security be lifted
temporarily until you get your equipment situated. This request
is initiated through a helpdesk ticket. Be sure to list as much
information as possible, including a good point of contact name,
number and email address.
Troubleshooting: SAs are expected to perform basic
troubleshooting on their computers before calling the helpdesk.
For example, if a user is having connectivity issues, check to see
if their link lights are lit, whether or not their cables are in
working order, whether the port is physically damaged or not,
whether the computer has been disabled (you can check for this
in Active Directory!). Can the user log in to the computer? If
the user can log in, can he/she access the internet and Outlook?
No matter what the problem, when you call the helpdesk, the
technicians will ask questions to help define the users problem,
so its best to have the answers from the beginning.

20. INFORMATION ASSURANCE POLICY MANAGEMENT

BRANCH
Office Hours:
o Monday, Wednesday, Thursday: 0730-1630
o Tuesday & Friday: 1300-1630. We are closed from
0730-1300.
Contact Information:
o Kim Benton, IAM: Kimberly.Benton@us.army.mil.
o Ronata Staten: Ronata.Staten@us.army.mil
o Heather Henry: Heather.Henry1@us.army.mil.
o Misha Lott: Misha.Lott@us.army.mil
o Nicole Torrez: Nicole.Torrez@us.army.mil

We at the NEC take pride in our service to you, and are

always looking for ways to improve. Visit the Interactive
Customer Evaluation (ICE) site (http://ice.disa.mil/index.cfm?
fa=site&site_id=73) to provide us with comments,
compliments and suggestions for improvement. Remember,
specific comments are more useful, so provide all the
information you can!