PM-15: Contacts With Security Groups And Associations

Control Family:

Program Management

CSF v1.1 References:

PF v1.0 References:


  • Low


  • Moderate


  • High


Next Version:

Control Statement

The organization establishes and institutionalizes contact with selected groups and associations within the security community:

  1. To facilitate ongoing security education and training for organizational personnel;
  2. To maintain currency with recommended security practices, techniques, and technologies; and
  3. To share current security-related information including threats, vulnerabilities, and incidents.

Supplemental Guidance

Ongoing contact with security groups and associations is of paramount importance in an environment of rapidly changing technologies and threats. Security groups and associations include, for example, special interest groups, forums, professional associations, news groups, and/or peer groups of security professionals in similar organizations. Organizations select groups and associations based on organizational missions/business functions. Organizations share threat, vulnerability, and incident information consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.