← Back to catalog
PM-2

Information Security Program Leadership Role

Program Management (PM)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Appoint a senior agency information security officer with the mission and resources to coordinate, develop, implement, and maintain an organization-wide information security program.

Discussion

The senior agency information security officer is an organizational official. For federal agencies (as defined by applicable laws, executive orders, regulations, directives, policies, and standards), this official is the senior agency information security officer. Organizations may also refer to this official as the senior information security officer or chief information security officer.

Implementation guidance

No content available.

CSF 2.0 crosswalk
GV.RR-01Organizational leadership is responsible and accountable for cybersecurity risk and fosters a culture that is risk-aware, ethical, and continually improvingGovern
GV.RR-02Roles, responsibilities, and authorities related to cybersecurity risk management are established, communicated, understood, and enforcedGovern