PM-2: Senior Information Security Officer

Control Family:

Program Management

CSF v1.1 References:

PF v1.0 References:


  • Low


  • Moderate


  • High


Next Version:

Control Statement

The organization appoints a senior information security officer with the mission and resources to coordinate, develop, implement, and maintain an organization-wide information security program.

Supplemental Guidance

The security officer described in this control is an organizational official. For a federal agency (as defined in applicable federal laws, Executive Orders, directives, policies, or regulations) this official is the Senior Agency Information Security Officer. Organizations may also refer to this official as the Senior Information Security Officer or Chief Information Security Officer.