ASEC Information Systems Security Managers (ISSM) serve as a principal advisor on all matters, technical and otherwise, involving the security of information systems under their purview. They ensure the correct implementation, assessment, and testing of all security controls established in the Authority to Operate; controls implemented through either the Risk Management Framework (RMF/NIST 800-37) or the Joint SAP Implementation Guide to the RMF (JSIG). They manage all Information Systems Security Officers, Network Administrators, and System Administrators for their system.
ASEC Information Systems Security Officers (ISSO) support classified computing environments, interface with the Information Systems Security Manager (ISSM) to ensure adherence to all relevant RMF or JSIG policies. They are responsible for system compliance, auditing, security plan development and delivering information systems security education and awareness. They coordinate any changes or modifications to the system with the ISSM and formally notify the ISSM when required changes occur that affect system authorization. They direct the actions of Network Administrators and System Administrators in system patching, malicious code protection, system backup, and system recovery.