CISO Handbook
Introduction
The CISO Handbook was created to educate and inform new and existing CISOs about their role in Federal cybersecurity. It provides resources to help CISOs responsibly apply risk management principles to help Federal agencies meet mission objectives, and makes CISOs aware of laws, policies, tools, and initiatives that can assist them as they develop or improve cybersecurity programs for their organizations.
The Handbook is a key document, coordinated through the CIO and CISO Councils, to improve the vital federal cybersecurity reskilling and workforce development efforts outlined in the President's Management Agenda.
Key Elements of the Handbook
- Overview of the CISO role (page 7) and key government-wide organizations (page 11).
- CISO Reference Sections with high-level information about important cybersecurity documents: Federal risk management publications (page 31) and Government-wide policy documents (page 50).
- Information on the Framework for Improving Critical Infrastructure Cybersecurity (also known as the NIST Cybersecurity Framework or the CSF) and how it can be leveraged in conjunction with other NIST risk management publications.
- Resources and links for workforce, contracting, and other government-wide services with which CISOs should be familiar.
- Extensive, searchable appendices that consolidate key statutory language, policy templates, government-wide services, and other previously disparate resources.
Download the Complete Handbook
Download the complete CISO Handbook for comprehensive guidance on federal cybersecurity responsibilities and resources.
Annual Reporting Schedule
| Quarter | Deadline | Reporting | Responsible Parties |
|---|---|---|---|
| FYQ1 | January | Q1 CIO FISMA Reporting, Annual HVA Reporting | CFO Act Agencies (Required), Small Agencies (Optional) |
| FYQ2 | April | Q2 CIO FISMA Report | All Civilian Agencies |
| FYQ3 | July | Q3 CIO FISMA Reporting | CFO Act Agencies (Required), Small Agencies (Optional) |
| FYQ4 | October | Annual CIO FISMA Reporting, Annual IG FISMA Reporting, Annual SAOP FISMA Reporting | All Civilian Agencies |
Latest News
AI Transparency Listening Session with the White House Office of Management and Budget
The White House Office of Management and Budget (OMB) is leading a series of listening sessions to learn more from industry about their approaches to AI transparency and auditable risk management.
AI in Action: 5 Essential Findings from the 2024 Federal AI Use Case Inventory
This year, agencies publicly reported more than 1,700 ways they are using Artificial Intelligence (AI) to advance their missions and deliver better experiences to the public.
CISO Council and CDO Council Release Joint Guide on Federal Zero Trust Data Security
Today, the CISO Council and CDO Council released the Federal Zero Trust (ZT) Data Security Guide, a first-of-its-kind document and key deliverable of OMB M-22-09, Moving the U.S. Government Towards Zero Trust Cybersecurity Principles. M-22-09 charged the Federal CDO Council and Federal CISO Council to convene a cross-agency working group of data and security experts to develop a data security guide for Federal agencies.