| Rec # | Recommendation | Implementation / Status |
| JSC_061 | Joint investigative service establish fee for | The concept of a Joint Investigative Service was rejected by DoD. DSS adopted |
| service background investigations | a "fee-for-service" concept in FY 99 for DoD and those DSS supports. Other |
| agencies conducting their own investigations will continue their present practice. |
| CIA rejects the concept of fee-for-service for investigations. |
| JSC_062 | Joint investigative service to perform | The concept of a Joint Investigative Service was rejected by DoD. |
| industrial security services for DoD and |
| the IC |
| JSC_063 | Joint investigative service be established | The concept of a Joint Investigative Service was rejected by DoD. |
| and draw resources from existing security |
| organizations. |
| JSC_064 | Consolidate AIS policy formulation under | Recommendation not implemented. NSD-42, dated 5 July 1990, (as limited by |
| the joint executive security committee, | section 10.d), created the NSTISSC, a national level body responsible for |
| and have it oversee development of a | issuing national security information systems security policy for the entire |
| coherent policy for DoD and the IC that | Government. |
| also could serve the entire government. |
| JSC_065 | Develop an information systems security | Not implemented. |
| investment strategy using 5-10% of |
| infrastructure costs |
| JSC_066A | Give high priority to Information systems | NSD-42, 6.a.(4) and 7.c. authorize the Executive Agent and National Manager |
| security research and development | to conduct, approve, or endorse research and development of techniques and |
| programs. | equipment to secure national security systems. NSA, in conjunction with |
| DARPA, is conducting research and long/short-term development of Information |
| Systems Security solutions. |
| JSC_066B | Assign NSA as the executive agent for | NSD-42 designates NSA as Executive Agent for national security systems. PL |
| both classified and unclassified infosec | 100-235 designates NIST responsible for unclassified systems with NSA in |
| R&D | support role to NIST. National Information Assurance Program (NIAP), a |
| partnership between NSA and NIST. |
| JSC_067 | Assign DISA as the executive agent for | Not implemented, but will be realized at the FBI's National Infrastructure |
| providing infosec tools and capabilities. | Protection Center in coordination with GSA's Federal Computer Incident |
| Response Capability, NSA's National Security Incident Response Center, |
| Carnegie-Mellon's Computer Emergency Response Team and DOE's Computer |
| Incident Analysis Center. |
| JSC_068 | Establish an information systems security | NSA makes this information available to DoD, IC, and selected industry through |
| threat and vulnerability database, available | its all-source analysis center. |
| to all DoD, IC, and industry. |
| JSC_069 | Appoint DISA's ASSIST program as | Although DISA's ASSIST program was not appointed Executive Agent for |
| executive agent for emergency response | emergency response functions, the policy and directive issuances that were |
| functions | intended to make this appointment (NSTISSP 5 and NSTISSD 503) were |
| ultimately used to implement the National Security Incident Response Center |
| (NSIRC) at NSA. |
| JSC_070 | Establish an information systems security | Under NSD-42, NSTISSC established the Education, Training and Awareness |
| professional development program. | Issue Group to develop INFOSEC training standards and to assist development |
| of an Information Systems Security Masters Degree Program at James Madison |
| University. Also under NSD-42, NSA assisted NIST in developing INFOSEC |
| training standards for use in protecting unclassified sensitive systems. |
| JSC_071 | Create ad hoc panel to develop common | A comprehensive framework for capturing estimated costs by security |
| approach and budget framework for | functionality was developed. An abridged version of framework is used to |
| defining and tracking security costs. | capture annual cost estimates for safeguarding classified information IAW E.O. |
| 12958. ISOO gathers and reports to the President and Congress the costs to |
| safeguard classified information IAW E.O. 12958. |
| 23 Aug 1999 |