← Controls / PM

PM-02 Information Security Program Leadership Role

Program Management

Description

Appoint a senior information security official with the mission and resources to coordinate, develop, implement, and maintain an organization-wide information security program.

Supplemental Guidance

The senior information security official is an organizational official. For federal agencies, this official is the senior agency information security officer (SAISO) or chief information security officer (CISO) with the mission and resources to coordinate, develop, implement, and maintain an organization-wide information security program. The security official is an inherent United States Government authority and is assigned to or created by the organization, not the information system.

Changes from Rev 4

Title changed from 'Senior Information Security Officer' to 'Information Security Program Leadership Role'. Broadened to emphasize mission and resources.

Compliance Mappings

ISO 27001:2022

4.45.15.3A.5.2A.5.4

ISO 27002:2022

5.25.4

COBIT 2019

APO01APO13EDM01EDM05

CIS Controls v8

CIS 17.1CIS 17.5

NIST CSF 2.0

GV.RR-01GV.RR-02

CSA CCM v4

GRC-01GRC-05GRC-06HRS-09STA-04

CSA AICM v1

GRC-01GRC-05GRC-06GRC-10GRC-13HRS-09HRS-14HRS-15STA-04

IEC 62443

2-1 4.2

PRA Operational Resilience

SS1/21-3.2SS2/21-17.1

MAS TRM

3

APRA CPS 234

Para 16-17Para 18

BSI IT-Grundschutz

ISMS.1ORP.1

ANSSI

Hygiene.4

EU DORA

Art.5(1)

BIO2

5.25.4

RBI CSF

ITGRCA.8ITGRCA.24

FISC Security Guidelines

FISC.O1

LGPD + BCB 4893

BCB.Art.17BCB.Art.17-SuppLGPD.Art.41

HKMA TM-E-1

TME1.2.1TME1.2.4TME1.7.1

MLPS 2.0

8.1.7.1

DNB Good Practice

DNB.5.1DNB.5.2

SAMA CSF

1.11.5

NCA ECC

1-21-4

UAE IA

T1

CBB TM

TM-1TM-3

Qatar NIA

GV

CBUAE

CR-1

CBE CSF

GOV-1GOV-2

SA JS2

JS2-4

CBN CSF

Part1.1Part1.2

BoG CISD

CISD-ICISD-IICISD-ISMS

POPIA

s55s8

BoM CTRM

1.11.2

IOSCO Cyber Resilience

GOV-2GOV-4PFMI-2

BCBS 239

Principle 1

CPMI-IOSCO PFMI

CG.GOVPFMI.P2

FFIEC IS

I.AI.B

NYDFS 500

500.10500.2500.4

HIPAA Security Rule

§164.308(a)(2)

ECB CROE

CROE.2.1.1CROE.2.1.2

EBA ICT Guidelines

3.2.13.3.1

SEBI CSCRF

GV.RR

BOT Cyber Resilience

Ch1.1

NERC CIP

CIP-003-9

10 CFR 73.54

73.54(b)

TSA Pipeline SD

SD-1 Sec 1

FERC CIP Orders

Order 706

DOE C2M2 v2.1

PROGRAM

AWIA

AWWA Sec 1

IAEA NSS 17-T

Sec 3

CBEST

CBEST.1

TIBER-EU

TIBER.PREP

PCI HSM

1

Common Criteria

CC Part 2 — FMT

Solvency II

Art.41(1)DR.258DR.260EIOPA-ICT-4.1

Lloyd's Minimum Standards

CRM.1GOV.1MS8.1

NAIC Insurance Data Security

44-personnel4C

PRA SS1/23

P2.1P2.2

FCA SYSC 13

SYSC 13.1-2SYSC 13.6.3SYSC 13.G.1

HITRUST CSF v11

00.a04.a05.a13.a

ISO 27799

6.16.2

NHS DSPT

NDG-1.2

MiCA

Art.34(1)Art.54(1)Art.59(1)

Basel SCO60

SCO60.3SCO60.60

BSSC Standards

GSP-01

SEC Custody (Digital Assets)

SEC-CD-01SEC-CD-17SEC-CD-19