Information Security and Identity Management Committee
The Information Security and Identity Management Committee (ISIMC) provides a consensus based forum to support the Federal CIO Council (FCIOC) that enables Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) to collaborate on: (1) identifying high priority security and identity management initiatives; and (2) developing recommendations for policies, procedures, and standards to address those initiatives that enhance the security posture and protection afforded to Federal Government networks, information, and information systems.
The ISIMC shall be the principal interagency forum for identifying and recommending strategic high priority IT security and identity management initiatives to the FCIOC and OMB that enable Federal Government's information systems security programs and agencies' mission objectives through a comprehensive and consistently implemented set of risk-based, cost-effective controls and measures. The committee will recommend standard organization structures for information security committees across the Federal government; and ensure the tools, metrics and measures will lead to defensive operational capabilities and protections of the Federal networks, systems and applications. The Committee shall establish and oversee appropriate subcommittees, working groups, and/or task forces to perform the following functions:
- a. Develop strategies to coordinate and facilitate the execution of the Comprehensive National Cybersecurity Initiative (CNCI) (National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/HSPD-23)).
- b. Identify and recommend information security and identity management enhancements to policies, processes, and solutions, that address the strategies in (A) above and improve upon identification management solutions.
- c. Provide oversight of the ISIMC subcommittees, working groups, and task forces. Coordinate with and provide advice to other Federal committees to improve collaboration, identify complimentary activities, and reduce duplication in security and identity management related areas. Review and concur on common security management requirements, performance measures, and Federal Enterprise Architecture (FEA) updates, program management plan, fiscal budget and funding strategy for security management service areas.
- d. Promote the development and use of standard performance measures for agency information security.
- e. Share experiences and innovative approaches related to information sharing and information security best practices that span both defensive operational security such as penetration testing regimes, and incident response mitigation, and span security policies compliance, such as FISMA or PMA achievement.
- f. Identify common Computer Information Security Officer (CISO) and information assurance professional qualifications in coordination with the FCIOC IT Workforce Committee.
The co-chairs of the ISIMC establish subcommittees, working groups, and task forces as necessary. The four standing subcommittees, established by the ISIMC co-chairs, are as follows: