PM-2: Information Security Program Leadership Role

Control Family:

Program Management

CSF v1.1 References:

CSF v2.0 References:

PF v1.0 References:


  • Low


  • Moderate


  • High


  • Privacy


Previous Version:

Control Statement

Appoint a senior agency information security officer with the mission and resources to coordinate, develop, implement, and maintain an organization-wide information security program.

Supplemental Guidance

The senior agency information security officer is an organizational official. For federal agencies (as defined by applicable laws, executive orders, regulations, directives, policies, and standards), this official is the senior agency information security officer. Organizations may also refer to this official as the senior information security officer or chief information security officer.