5 FAH-11 H-100
Information Systems Security Officer (ISSO) Program
5 FAH-11 H-110
GENERAL
(CT: IAH-24; 06-29-2023)
(Office of Origin: IRM/CO)
5 FAH-11 H-111 introduction
(CT: IAH-24; 06-29-2023)
This chapter contains procedures to supplement the policies delegated to information systems security officers (ISSO) established in 5 FAM/FAH and 12 FAMFAH. The 5 FAH-11 aligns with the Federal Information Security Modernization Act (FISMA) of 2014 requirements for the Chief Information Officer (CIO) and agency program officials, and establishes cybersecurity roles and responsibilities to manage the security of the Department’s information and information systems.
5 FAH-11 H-112 purpose
(CT: IAH-24; 06-29-2023)
a. This chapter provides guidelines and procedures for implementing policies and directives contained in the 5 FAM/FAH and 12 FAM/FAH. The standards and procedures established are for Department ISSOs. The ISSO program is managed by the Directorate of Cyber Operations (IRM/CO).
b. Direct questions and suggestions regarding the ISSO Program to AskISSO@state.gov.
5 FAH-11 H-113 Scope and applicability
(CT: IAH-24; 06-29-2023)
a. These procedures apply to all Department entities with information systems.
b. Within the context of this policy, the use of the term “information security” applies to the security of all Department information processed or stored in electronic form on behalf of the Department or processed or stored on a Department information system.
c. This chapter includes guidance and procedures for ISSOs regarding information system security for other entities (e.g., contractors, other agencies, and organizations) that exchange or process Department information on their systems through interconnections with the Department or are linked to the Department via extensions of Department networks. Network extension requirements are outlined in 12 FAM 623.1, 5 FAM 1060, and 5 FAH 11 H-830.
d. The procedures in this chapter are not applicable to sensitive compartmented information (SCI) systems. Contact the Special Security Operations Division (DS/IS/SSO) for questions regarding SCI systems.
5 FAH-11 H-114 AUTHORITIES
(CT: IAH-7; 03-18-2016)
Authorities that govern the ISSO Program are found in 5 FAM 1062.
5 FAH-11 H-115 INDIVIDUAL AUTHORITY AND RESPONSIBILITIES
(CT: IAH-24; 06-29-2023)
a. The Enterprise Chief Information Security Officer (E-CISO) is responsible for the information security posture of the Department. ISSOs support the E-CISO with oversight and guidance from IRM/CO/ISSO.
b. This chapter encompasses the Department-wide information security program duties and responsibilities for ISSOs who implement the Department’s information security program.
5 FAH-11 H-116 isso checklist
(CT: IAH-24; 06-29-2023)
a. The ISSO Checklist is a compilation of all ISSO duties and references from the 5 FAM/FAH and 12 FAM/FAH. The ISSO Checklist provides the minimum requirements and procedures for the Department’s ISSO Program. The ISSO Checklist for high and critical threat posts must be used by such posts in addition to the ISSO Checklist.
b. Direct questions and suggestions regarding the ISSO Checklist to AskISSO@state.gov.
5 FAH-11 H-117 THROUGH H-119 UNASSIGNED