The assignment of roles and responsibilities for information
security within the federal government was clarified or reiterated within
FISMA to cover policy, procurement, standards, and incident response. Although
FISMA was the last major legislative framework, over the years the foundation
has been built upon by a series of Executive Orders, directives, policies,
regulations, standards and guidelines. Within FISMA, several specific roles
were identified:
• Director of the Office of
Management and Budget (OMB).
• National Institute of Standards
and Technology (NIST).
• Federal Agencies:
• Head of Agency or equivalent.
• Chief Information Officer (CIO).
• Senior Agency Information
Security Officer (SAISO).
• Secretary of Defense (SecDef).
• Director of the Central
Intelligence Agency (CIA).