Define and assign the Facility Security Officer's roles and responsibilities.

Back

CONTROL ID
01887

CONTROL TYPE
Establish Roles

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Establish, implement, and maintain high level operational roles and responsibilities., CC ID: 00806

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

The Area Security Officer is responsible for all the security issues relating to business processes, applications and IT systems in his/her area (e.g. department or remote office). Depending on the size of the business unit, the task of Area Security Officer can be assumed by somebody who is already… (§ 4.6 Subsection 1 ¶ 1, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
The contractor must appoint an IT installation security officer. (¶ 6.d, Security Requirements for List X Contractors, Version 5.0 October 2010)
The facilities manager is responsible for the operation and maintenance of the facilities and the premises. (Pg 12-IV-7, Protection of Assets Manual, ASIS International)
A Facilities Security Officer (FSO) must be appointed by each organization. The FSO must be a U.S. citizen. He/she directs and supervises all the necessary measures required by this Manual. (§ 1-201, NISPOM - National Industrial Security Program Operating Manual (DoD 5220.22-M) February 26, 2006, February 28, 2006)
An individual must be appointed to be responsible for the facility's security and compliance with all regulations. (§ 27.230(a)(17), 6 CFR Part 27, Chemical Facility Anti-Terrorism Standards (CFATS), Department of Homeland Security)
Facilities management should have ownership and accountability for testing the recovery of the physical facility and the environmental controls. (Pg H-2, FFIEC IT Examination Handbook - Business Continuity Planning, March 2008)