CCI-000078

Appoint a Senior Information Security Officer with the mission and resources to coordinate, develop, implement, and maintain an organization-wide information security program.

Implementation Guidance

Determine if: - a senior agency information security officer is appointed. - the senior agency information security officer is provided with the mission and resources to coordinate an organization-wide information security program. - the senior agency information security officer is provided with the mission and resources to develop an organization-wide information security program. - the senior agency information security officer is provided with the mission and resources to implement an organization-wide information security program. - the senior agency information security officer is provided with the mission and resources to maintain an organization-wide information security program.

Validation Procedures

Examine: [SELECT FROM: Information security program plan; procedures addressing program plan development and implementation; procedures addressing program plan reviews and updates; procedures addressing coordination of the program plan with relevant entities; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with information security program planning and plan implementation responsibilities; senior information security officer; organizational personnel with information security responsibilities].

The controls below (if any) were marked by NIST as being related to CCI-000078.