5 FAH-11 H-100
Information Systems Security Officer (ISSO) Program
5 FAH-11 H-110
GENERAL
(CT: IAH-13; 11-07-2018)
(Office of Origin: IRM/IA)
5 FAH-11 H-111 introduction
(CT: IAH-7; 03-18-2016)
This chapter contains procedures to supplement the policies
delegated to information systems security officers (ISSO) established in the 5
FAM / 5 FAH and 12 FAM / 12 FAH. The 5 FAH-11 aligns with the Federal
Information Security Modernization Act of 2014 (FISMA) requirements for the
Chief Information Officer (CIO) and agency program officials, and establishes cyber-security
roles and responsibilities to manage the security of the Departments
information and information systems.
5 FAH-11 H-112 purpose
(CT: IAH-7; 03-18-2016)
a. This chapter provides guidelines and procedures for
implementing policies and directives contained in the 5 FAM / 5 FAH and 12 FAM
/12 FAH. The standards and procedures established are for Department ISSOs. The
ISSO program is managed by the Directorate of Information Assurance (IRM/IA).
b. Direct questions and suggestions regarding the ISSO
Program to AskISSO@state.gov.
5 FAH-11 H-113 Scope and applicability
(CT: IAH-13; 11-07-2018)
a. These procedures apply to all Department entities
with information systems.
b. Within the context of this policy, the use of the
term information security applies to the security of all Department
information processed or stored in electronic form on behalf of the Department
or processed or stored on a Department information system.
c. This chapter includes guidance and procedures for
ISSOs in regard to information systems security for other entities (e.g.,
contractors, other agencies, and organizations) that exchange or process
Department information on their systems through interconnections with the
Department or are linked to the Department via extensions of Department
networks. Network extension requirements are outlined in 12 FAM 623.1, 5 FAM 1060, and
5 FAH 11 H-830.
d. The procedures in this chapter are not applicable to
sensitive compartmented information (SCI) systems. Contact the Special
Security Operations Division (DS/IS/SSO) for questions regarding SCI systems.
5 FAH-11 H-114 AUTHORITIES
(CT: IAH-7; 03-18-2016)
Authorities
that govern the ISSO Program are found in 5 FAM 1062.
5 FAH-11 H-115 INDIVIDUAL AUTHORITY AND
RESPONSIBILITIES
(CT: IAH-7; 03-18-2016)
a. The Chief Information Security Officer (CISO) is
responsible for the information security posture of the Department. ISSOs
support the CISO with oversight and guidance from IRM/IA/ISSO.
b. This chapter encompasses the Department-wide
information security program duties and responsibilities for ISSOs who
implement the Departments information security program.
5 FAH-11 H-116 isso checklist
(CT: IAH-7; 03-18-2016)
a. The ISSO Checklist is a compilation of all ISSO
duties and references from the 5 FAM / 5 FAH and 12 FAM / 12 FAH. It is composed
of two sections:
(1) The ISSO Checklist provides the minimum
requirements and procedures for the Departments ISSO Program;
(2) The ISSO Checklist for high and critical threat
posts must be used by high and critical threat posts in addition to the ISSO
Checklist;
b. Direct questions and suggestions regarding the ISSO
Checklist to AskISSO@state.gov.
5 FAH-11 H-117 THROUGH H-119 UNASSIGNED