5 FAM 120
INFORMATION MANAGEMENT STAFFING ABROAD
(CT:IM-246; 11-20-2018)
(Office of Origin: IRM)
5 FAM 121 INFORMATION RESOURCE
MANAGEMENT ROLES AND RESPONSIBILITIES ABROAD
(CT:IM-246; 11-20-2018)
a. The purpose of these sections is to explain the
roles and responsibilities of the personnel working in the Information Resource
Management (IRM) sections abroad. IRM is used in 5 FAM 120 to
refer to the offices, programs, and personnel responsible for managing
information management resources, as well as non-technology responsibilities,
such as diplomatic pouch and mail operations and records management.
b. Information systems security officer (ISSO)
responsibilities will be designated at each post according to post capacities
and circumstances. ISSO roles and responsibilities are outlined in 5 FAH-2
H-128.5, Information Systems Security Officer (ISSO), and 12 FAM 600,
Information Security Technology.
c. The Information Programs Center (IPC) is primarily
responsible for all classified IRM communications and systems, while the
Information Systems Center (ISC) is primarily responsible for all unclassified
communications and systems. Despite these distinctions, all U.S. full-time,
direct-hire IRM employees assigned to either of these sections are expected to
perform system administration, cybersecurity, user support, and project support
duties on all networks and IT-based solutions under the Department's
authority. This includes supporting OpenNet, ClassNet, and any future IRM
solutions. As we strive to implement new technologies, support existing
solutions, and eliminate silos, interoperability is the way forward and IRM
personnel must proactively counter cyber threats and provide users with a
versatile, secure, and increasingly mobile operating environment regardless of
office affiliation.
d. The information management officer (IMO) (or
information programs officer (IPO), as appropriate), is strongly encouraged to
participate as an active member of the Emergency Action Committee (EAC). As
the principle IRM subject matter expert at post on communications and
information technology, the IMO/IPO provides oversight for critical post
infrastructure assets. It is essential that the IMO/IPO maintain a primary role
in the formulation of post emergency policies and procedures to ensure that
operational responsibility for all pertinent aspects are considered and
addressed. Crisis situations can develop rapidly. Consequently, the ability
to assess critical communication vulnerabilities as early as possible is
essential to formulating responses, mitigating risks, and ensuring that
responses are carried out effectively and efficiently so that communication is
possible during times of crisis.
5 FAM 121.1 INFORMATION MANAGEMENT
OFFICER (IMO)
(CT:IM-191; 04-25-2017)
a. The IMO is the senior IRM person at post. The IMO
supervises IRM services, operations, and the activities of post IRM personnel.
The IMO reports to the management officer.
b. IMO duties are not limited to the scope of these
sections and are coordinated with post management. It is understood that the
IMO at post has the ultimate responsibility for any decisions that the IRM
section makes, which may have been delegated to the IPO or information systems
officer (ISO):
(1) Budget: The IMO creates a
post-specific IRM budget plan that includes, but is not limited to, lifecycle
replacement costs for all post-funded IRM equipment and other assets (including
monitoring the lifecycle of IRM-funded equipment); current and future projects
as identified in the IRM component of the Mission Strategic and Resource Plan
(MSRP); and IRM services offered under International Cooperative Administrative
Support Services (ICASS); and
(2) Contacts and representation:
The IMO serves as the initial point of contact with the Regional Information
Management Center (RIMC), the geographic bureaus regional information
management officer (RIMO), the IRM Bureau, and other agencies for all IRM
matters;
(a) The IMO is the liaison to host-nation authorities
regarding telecommunications rights and services;
(b) The IMO represents IRM in post's
counter-intelligence working groups (CIWG); emergency action committees (EAC);
and the ICASS boards to promote using IRM assets, products, and services by
these groups;
(c) The IMO serves as the chairperson on the local
change control board (LCCB), which deals with post's IRM hardware and software
issues. The IMO also serves as the contact point for the corporate IT CCB; and
(d) The IMO serves as the Department of State
representative at post for telecommunications services provided to client
agencies.
(3) Human resources:
(a) The IMO rates the IPO and ISO and reviews employee
evaluation reports (EER) for personnel in the IRM section, as appropriate. The
IMO creates work requirements and conducts formal counseling for the rated
employees;
(b) The IMO promotes and supports leadership and
supervisory training for all IMSs and leadership and management training for
the IPO and ISO. The IMO must ensure post's ISSO(s), and alternate(s), attend
ISSO training and refresher courses (see 12 FAH-10 H-212.2
and 12 FAH-10
H-650);
(c) The IMO creates and/or updates position descriptions
for all IRM staff, including locally employed staff (LE staff), to include IPO and ISO capsule
descriptions used in the bidding process; and
(d) The IMO works with subordinates to develop an
individual development plan (IDP) that ensures that their training and
development needs are met;
(4) Internet and intranet:
The IMO ensures proper security configurations and service availability of
internet and intranet sites within the scope of the Department's guidelines,
which are provided by Diplomatic Security (DS) and IRM; and
(5) Logistics and infrastructure:
(a) Based on input from the IPO and ISO, or other IRM
staff when appropriate, the IMO finalizes lifecycle replacement costs and
schedules in keeping with the Department's general replacement cycles. These
schedules support funding requirements outlined in the post IRM budget plan and
in the MSRP and serve to ensure that all equipment is updated/replaced
periodically; and
(b) The IMO provides procurement guidance on IRM
equipment to other mission sections or agencies. This is especially true for
equipment used in controlled access areas (CAA);
(6) Management:
(a) The IMO, as the senior IRM officer, reports to the
post's management officer. The IMO oversees all IRM operations and personnel
at post;
(b) The embassy IMO, in coordination with RIMC, is the
first point of contact for all constituent posts for IRM issues and
assistance. The IMO periodically visits each constituent post to assess its
IRM operations, equipment, and infrastructure;
(c) The IMO advises post management when staffing levels
and workloads warrant requests for temporary duty (TDY) assistance. Similarly,
the IMO advises post management if staffing levels and workloads permit
rendering TDY assistance to constituent posts when requested; and
(d) For posts without an IPO and/or ISO, the IMO assumes
the IPO/ISO responsibility. The IMO at such a post may delegate elements of
those roles, as appropriate, to IMSs at post;
(7) Operations:
(a) The IMO is responsible for effective, efficient, and
secure IRM operations at post;
(b) As the focal point for all telecommunications
issues, the IMO oversees the planning of alternate routes and contingencies for
all IRM programs at post;
(c) The IMO is the post's accountable property officer
for IRM equipment and assets. Working closely with the general services office
(GSO), the IMO confirms the accuracy of the relevant inventories, including
Consular Affairs (CA) IRM assets, and ensures that all CAA equipment is ordered
and shipped in accordance with regulations; and
(d) All IRM projects, plans, and issues are reported to
the IMO;
(8) Planning and reporting:
(a) The IMO is responsible for the post's Information
Technology (IT) Contingency Plan and for ensuring that it is fully coordinated
with the post's Emergency Action Plan (EAP). In addition, the IMO assists post
with site contingency plans and contributes to the IRM component of the posts
MSRP development; and
(b) The IMO participates in relevant portions of the
post's reporting requirements and ensures that these requirements are
integrated with the Departments overall IT Strategic Plan; updates Annex A,
Communications, of post's EAP; and prepares quarterly ICASS reports for IRM
services; and
(9) Security:
(a) The IMO ensures that all personnel in the IRM
section are current on all security regulations, awareness, and guidelines as
they pertain to IRM operations, equipment, and infrastructure;
(b) The IMO serves as the post's alternate Top Secret
control officer or delegates that responsibility;
(c) The IMO is the post's communications security
(COMSEC) officer and, with the COMSEC custodian, maintains the integrity of all
COMSEC assets at post;
(d) The IMO ensures proper safekeeping of classified
materials and equipment in the IRM section in accordance with Department
security guidelines; and
(e) The IMO works closely with the ISSOs, system administrators,
and RSOs implementing the Department's Automated Information Systems (AIS)
security program on all classified and unclassified IRM networks at the mission and/or at
constituent posts (see 12 FAM 613,
Responsibilities).
5 FAM 121.2 INFORMATION PROGRAMS
OFFICER (IPO)
(CT:IM-191; 04-25-2017)
a. The IPO manages the IPC and is responsible for all
IPC systems, programs, and telecommunications operations.
b. The IPO supervises all personnel whose duties fall
under the IPC. The IPO reports to the IMO.
c. IPO duties are not limited to the scope of these
sections, are coordinated with the IMO, and include performing system
administration, cyber security, user support, and project support duties on all
networks and IT-based solutions under the Department's authority as required:
(1) Budget: The IPO assists
the IMO with the post's IRM budget plan and the IRM component of the MSRP
submission. The IPO provides the IMO with annual budget figures for lifecycle
costs of all post-funded IPC equipment. The IPO provides the IMO and the local
ICASS board with information on IPC's services on the ICASS service list;
(2) Contacts and representation:
The IPO serves as the initial point of contact with RIMC, the geographic
bureau, IRM, and other agencies for technical matters falling within the IPC's
responsibilities. The IPO maintains close contact with IRM vendors for
equipment and support. The IPO may serve on the Local Change Control Board
(CCB) dealing with IRM hardware and software issues at post. As the head of
the IPC, the IPO must meet regularly with users to assess customer needs and
satisfaction;
(3) Human resources:
(a) The IPO rates or reviews IPC personnel, including
Locally Employed Staff (LE staff), as appropriate. The IPO creates work
requirements and conducts periodic formal counseling for these personnel, as
appropriate;
(b) The IPO promotes and supports leadership and
supervisory training for all IMSs under his or her supervision;
(c) The IPO updates the position descriptions of all IPC
staff, including LE staff, to include IMS capsule descriptions used in the
bidding process; and
(d) The IPO works with subordinates to develop an IDP to
ensure that their training and development needs are met.
(4) Internet and Intranet:
The IPO ensures proper security configurations and service availability of
internet and intranet sites within the scope of the Department's guidelines
provided by DS and IRM;
(5) Logistics and infrastructure:
(a) The IPO determines the lifecycle schedule for all
post-funded IPC equipment and assets in accordance with Department guidance and
replaces equipment according to this schedule;
(b) The IPO monitors the IPC equipment lifecycle
replacement process to ensure projected equipment is delivered according to the
established lifecycle and in accordance with Diplomatic Security (DS) shipping
requirements for Controlled Access Area (CAA) equipment;
(c) The IPO is responsible for keeping mailrooms
furnished with the necessary expendable and non-expendable supplies in
conjunction with the GSO;
(d) The IPO ensures accurate inventory accounting and
records for IPC assets; and
(e) The IPO provides guidance to other agencies on the
purchasing of IRM equipment for CAAs.
(6) Management:
(a) The IPO manages all IPC operations, assets, and
personnel. These operations and personnel may include the mailroom and its
personnel; the telephone switchboard and the operators; receptionists; and LE
staff telephone and/or radio technicians;
(b) The IPO informs all IPC personnel, the ISO, and the
IMO of immediate plans, tasks, responsibilities, and pending items to encourage
effective two-way communication; and
(c) The IPO must schedule periodic technical and
operational support to constituent posts and support any emergency
telecommunication needs. The IPO should coordinate with appropriate Department
offices and other agencies to accomplish goals.
(7) Operations:
(a) The IPO oversees the IPC's data network operations,
administration, and maintenance. The IPO exercises control of
telecommunications circuits and related equipment and provides guidance on
alternate route testing and contingencies;
(b) The IPO provides oversight for the mission's
telegraphic system and classified network (ClassNet) in accordance with
Department policies and guidance;
(c) The IPO coordinates, with the regional security
officer (RSO) and post management, for testing and reporting of all post's
short-range VHF/UHF radio networks. The purpose of frequent testing is to
ensure the networks and radio equipment are functional and users are familiar
with radio operations;
(d) The IPO ensures that regularly scheduled high
frequency (HF) radio tests and follow-up procedures are performed in accordance
with their area net operating instructions;
(e) The IPO ensures that the telephone systems,
including secure phones, are operational at all times;
(f) The IPO confirms that COMSEC responsibilities are
correctly discharged;
(g) The IPO is responsible for ensuring that classified
pouch materials are properly stored and handled; and
(h) The IPO creates and maintains standard operating
procedures (SOPs) for all IPC operations and responsibilities.
(8) Planning and reporting:
(a) The IPO provides input for post's IT Contingency
Plan and the IT component of the MSRP;
(b) The IPO maintains a complete inventory of all
post-procured software for IPC, including all applicable licensing documents;
(c) The IPO should ensure that the IPC Emergency
Destruction Plan (EDP) is current and coordinate quarterly EDP drills with the
RSO and post management. The IPO, RSO, and post management must sign the
memorandum documenting that the drills were performed; and
(d) The IPO brings to the attention of the IMO new
programs and projects that will enhance customer relations and improve post
operations.
(9) Security:
(a) The IPO ensures that IPC security procedures are in
place and followed;
(b) The IPO coordinates with the ISSO to ensure that
adherence to Department-mandated security settings are implemented, documented,
and available for OIG and DS inspections. In the event that a mandate cannot
be implemented, the IPO ensures that any requests for exceptions to policy are
sent to the chief information officer (CIO), who in turn would defer the waiver
request to either DS or IRM/IA;
(c) The IPO develops and implements a policy for user
access to and deletion from IPC systems. The ISSO, or his or her designee,
must provide security awareness training before an appropriately cleared new
user is given access to the system; and
(d) The IPO ensures proper safekeeping of classified IPC
materials and equipment in accordance with Department security guidelines.
5 FAM 121.3 INFORMATION SYSTEMS
OFFICER (ISO)
(CT:IM-191; 04-25-2017)
a. The ISO manages the Information Systems Center (ISC)
and is responsible for all unclassified IRM equipment and systems. See 5 FAM 800,
Information Systems Management; 12 FAM 500,
Information Security; and 12 FAM 600,
Information Security Technology, for more specific guidance and policies
governing unclassified data processing and the ISC.
b. The ISO supervises all personnel whose duties fall
under the ISC. The ISO reports to the IMO.
c. ISO duties are not limited to the scope of these
sections, are coordinated with the IMO, and include performing system
administration, cyber security, user support, and project support duties on all
networks and IT-based solutions under the Department's authority as required:
(1) Budget: The ISO assists
the IMO with the post's IRM budget plan and the IRM component of the MSRP
submission. The ISO provides the IMO with annual budget figures for lifecycle
costs of all post-funded ISC equipment. The ISO provides the IMO and the local
ICASS board with information on ISC's services on the ICASS service list;
(2) Contacts and representation:
The ISO, at the IMO's direction, serves as the post's initial point of contact
with RIMC, the Geographic Bureaus, IRM, and other agencies for technical
matters falling within the ISC's responsibilities. The ISO maintains close
contacts with local and stateside IRM vendors for equipment and support. The
ISO may serve on the Local Change Control Board (LCCB). As the head of ISC,
the ISO meets regularly with users to assess customer needs and satisfaction;
(3) Human resources:
(a) The ISO rates and reviews ISC personnel, including
LE staff, as required. The ISO creates work requirements and conducts periodic
formal counseling for these employees;
(b) The ISO supports leadership and management training
for all IMS under his or her supervision;
(c) The ISO updates position descriptions for all ISC
staff, including LE staff, to include IMS capsule descriptions used in the
bidding process; and
(d) The ISO works with subordinates to develop an IDP to
ensure their training and development needs are met.
(4) Intranet and Internet
responsibilities: The ISO ensures the proper security configurations
and service availability of internet and intranet sites within the scope of the
Department's guidelines provided by DS and IRM;
(5) Logistics and infrastructure:
(a) The ISO determines the lifecycle schedule for all
post-funded ISC equipment and assets in accordance with Department guidance and
replaces equipment according to this schedule;
(b) The ISO monitors the ISC equipment lifecycle
replacement process to ensure projected equipment is delivered according to the
established lifecycle and in accordance with Diplomatic Security (DS) shipping
requirements for Controlled Access Area (CAA) equipment;
(c) The ISO ensures accurate inventory accounting and
records for ISC assets. This includes an inventory of all other hardware and
software installed on ISC assets; and
(d) The ISO provides guidance to other agencies on
purchasing IRM equipment for the non-CAA spaces.
(6) Management:
(a) The ISO manages all ISC operations, assets, and
personnel;
(b) The ISO informs all ISC personnel, the IPO, and IMO
of immediate plans, tasks, responsibilities, and pending items to encourage
effective two-way communication; and
(c) The ISO schedules periodic technical and operational
support to constituent posts and supports any emergency telecommunication
needs. The ISO coordinates with appropriate Department offices and other
agencies to accomplish goals.
(7) Operations:
(a) The ISO exercises control of unclassified data
network operations, administration, and maintenance, providing guidance on
alternate route testing and contingencies;
(b) The ISO provides oversight for the mission's
unclassified LANs in accordance with Department policies and guidance; and
(c) The ISO creates and maintains SOPs for all ISC
operations and tasks.
(8) Planning and reporting:
(a) The ISO provides input for post's IT Contingency
Plan and the IT component of the MSRP;
(b) The ISO maintains a complete inventory of all
post-procured software and hardware for the ISC, including all applicable
licensing documents;
(c) The ISO ensures that all reporting requirements for
IRM systems, as indicated in 5 FAM 800,
Information Systems Management, are submitted; and
(d) The ISO brings to the attention of the IMO new
programs and projects that will enhance customer relations and improve post
operations.
(9) Security:
(a) The ISO ensures that ISC security procedures are in
place and followed. The ISO is responsible for implementing the necessary
security procedures in the ISC;
(b) The ISO coordinates with the ISSO to ensure that
adherence to Department-mandated security settings are implemented, documented,
and available for OIG and DS inspections. In the event that a mandate cannot
be implemented, the ISO ensures that any requests for exceptions to policy are
sent to the CIO who, in turn, would defer the waiver request to either DS or
IRM/IA;
(c) The ISO develops and implements a policy for user
access to and deletion from ISC systems. The ISSO, or his or her designee,
must provide security awareness training before an appropriately cleared new user
is given access to the system;
(d) The ISO coordinates with CA and ISSO to ensure that
security standards are maintained on CA systems; and
(e) The ISO ensures proper safekeeping of classified ISC
materials and equipment in accordance with Department security guidelines.
5 FAM 121.4 INFORMATION MANAGEMENT
SPECIALIST (IMS)
(CT:IM-191; 04-25-2017)
a. IMS refers to all IRM employees within the 2880
skill code. For this subsection, IMS generally refers to those IRM personnel
without supervisory responsibilities.
b. IMSs typically have no supervisory responsibilities
unless otherwise directed, although some posts permit IMS the managerial
responsibility of an office of LE staff, e.g., the mailroom, for managerial
experience. IMSs report to the IPO, or ISO, or IMO as appropriate.
c. The following subsections explain IMS roles and
responsibilities in generic terms, but specific job duties are at the
discretion of the IPO, or ISO, and IMO. IMS duties are not limited to the
scope of these subsections, are coordinated with post's IRM management, and
include performing system administration, cyber security, user support, and
project support duties on all networks and IRM-based solutions under the
Department's authority as required:
(1) Budget: Not applicable;
(2) Contacts and representation:
(a) IMSs serve as the first point of contact for users
in the unclassified and classified sections of the post. IMSs may also meet
with LE staff to ensure problem-free operations; and
(b) IMSs report any daily requirement to IRM management.
(3) Human resources:
(a) IMSs develop an IDP to ensure that training and
development needs are met; and
(b) IMSs who are assigned managerial responsibility of
an LE staff unit should be familiar with 3 FAH-2
H-100, Supervision of Foreign Service National Personnel.
(4) Internet and Intranets:
IMSs ensure that the proper security configurations and service availability of
internet and intranet sites within the scope of the Department's guidelines
provided by DS and IRM;
(5) Logistics and infrastructure:
(a) IMSs maintain adequate spares and supplies for
equipment and notify IRM management of equipment shortages;
(b) IMSs provide inventory information to management
when equipment is replaced;
(c) IMSs dispose of defective equipment in accordance
with Department guidelines; and
(d) IMSs assist with property accounting, inventories,
reconciliations, and reporting.
(6) Management: Not applicable;
(7) Operations:
(a) IMSs process daily telegraphic traffic;
(b) In accordance with mission SOPs, IMSs administer and
maintain systems;
(c) IMSs test backup systems for usability and
accessibility;
(d) IMSs maintain user accounts in accordance with the
policies and procedures established by the IPO and ISO (5 FAM 121.2 paragraph
c (9)(c), Information Program Officer, and 5 FAM 121.3 paragraph
c (9)(c), Information Systems Officer;
(e) IMSs install and configure new IRM equipment in
accordance with mission and Department guidelines as directed or required;
(f) IMSs perform radio tests according to established
standard operating procedures and 5 FAM 540, Voice
Radio Systems, and 5 FAH-2
H-700, Managing Radio Networks;
(g) IMSs prepare and process classified pouch material
as directed in accordance with SOPs and 14 FAH-4, Pouch and Mail Handbook; and
(h) IMSs provide assistance to users as required or
requested.
(8) Reporting:
(a) IMSs record and report to IRM management any
anomalies with the system infrastructure; and
(b) IMSs record and draft outage reports for IRM
management in accordance with the mission's escalation procedure.
(9) Security:
(a) IMSs configure and maintain all systems in
accordance with Department security guidelines;
(b) IMSs ensure proper safekeeping of classified IRM
materials and equipment in accordance with Department security guidelines;
(c) IMSs attend all mandated security training courses
in accordance with Department guidance; and
(d) IMSs attend ISSO training when appropriate to assume
lead or alternate ISSO duties as required.
5 FAM 122 THROUGH 129 UNASSIGNED