Title

An Information System Security Officer (ISSO) must be appointed in writing for each site. (Cat II impact)

Discussion

The PMO or local site command will document and ensure that an ISSO is designated to oversee the IA posture and security of each site, system, and facility. The ISSO will have the proper training and clearance level. The PMO will maintain documentation regarding ISSO assignments for all sites and systems in the inventory. The ISSO may have responsibility for systems other than DSN and may be responsible for remote sites attached to the main site or system. The local commander for DSN switch must appoint an ISSO to develop a security plan and manage its implementation.

Check Content

Review site documentation to confirm an ISSO is appointed in writing. If an ISSO is not appointed in writing, this is a finding.

Fix Text

The PMO or local site command must appoint an ISSO in writing. This individual is responsible for establishing, implementing, monitoring, and controlling the site telephone system security program, which ensures the evaluation of all sites telephone system components.

Additional Identifiers

Rule ID: SV-8465r2_rule

Vulnerability ID: V-7979

Group Title: ISSO appointment

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.