Information Assurance (IA) is one of the most overlooked yet critical aspects of any Information Technology (IT) system. Although IA applies to every IT system, we will focus on its application to simulators and any IT powered training device connecting to a DoD network. IA is the overarching process consisting of Computer/Network/Data/Information Security. If IA is built into every training and education system, and maintained throughout its life cycle, it is guaranteed to lower compromising threats to DoD assets.

This paper will take the mystery out of IA, system security engineering, and the security Certification and Accreditation (C&A) process from both government and industry perspectives. It will provide proven solutions to achieve C&A on any system under differing conditions and time frames, and document the process of IA using proven systems security engineering processes, the DoD Information Technology Security Certification and Accreditation Process (DITSCAP), and the documentation strategy of using the System Security Authorization Agreement (SSAA) and the System Security Plan (SSP). This paper will also provide examples of Information Assurance Vulnerability Alerts (IAVAs), including how they work and greatly reduce the risk to all IT systems. It will present the best practices for new systems, blended certification approaches, how to certify legacy systems, and the proper end of life disposal.

The 21st century force is moving more toward a net-centric, real time, and IT-based integrated operational and training environment. To achieve war-fighting excellence, IA of computer systems and networks should be a major focus of all new system designs for protection of national defense information and assets.