← Back to catalog
PM-2
Information Security Program Leadership Role
Program Management (PM)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description
Appoint a senior agency information security officer with the mission and resources to coordinate, develop, implement, and maintain an organization-wide information security program.
Discussion
The senior agency information security officer is an organizational official. For federal agencies (as defined by applicable laws, executive orders, regulations, directives, policies, and standards), this official is the senior agency information security officer. Organizations may also refer to this official as the senior information security officer or chief information security officer.
Implementation guidance
No content available.
CSF 2.0 crosswalk
GV.RR-01Organizational leadership is responsible and accountable for cybersecurity risk and fosters a culture that is risk-aware, ethical, and continually improvingGovern
GV.RR-02Roles, responsibilities, and authorities related to cybersecurity risk management are established, communicated, understood, and enforcedGovern