Types of CNSS Issuances: Implementation and Prescription Methods

B.

CNSS (Committee on National Security Systems) issuances are documents that provide guidance, direction, or requirements related to national security systems. These issuances are used to establish policies, procedures, and guidelines for securing national security systems.

The types of CNSS issuances include Advisory memoranda, Instructions, Policies, and Directives.

Advisory memoranda provide recommendations and best practices related to national security systems but do not prescribe any mandatory actions. These are typically used to inform organizations about new threats, vulnerabilities, or technologies that may affect their security posture.

Instructions are similar to advisory memoranda but provide more specific guidance and may include mandatory actions that organizations must take to comply with the instructions.

Policies provide a framework for securing national security systems and define the principles, rules, and procedures that organizations must follow to ensure the security of these systems. Policies do not prescribe specific implementation details, but they describe the goals and objectives that organizations must meet.

Directives are the most prescriptive of all CNSS issuances and prescribe specific implementation details for securing national security systems. Directives are binding on organizations and require them to implement specific security controls, technologies, or procedures to meet the requirements of the directive.

In summary, the type of CNSS issuance that describes how to implement a policy or prescribes the manner of a policy is a Directive.