PM-13: INFORMATION SECURITY WORKFORCE
PROGRAM MANAGEMENT & INDUSTRIAL CONTROL SYSTEMS
ICS Control Baselines:
- Program Management is baseline independent.
The organization establishes an information security workforce development and improvement program.
SUPPLEMENTAL GUIDANCE
Information security workforce development and improvement programs include, for example: (i) defining the knowledge and skill levels needed to perform information security duties and tasks; (ii) developing role-based training programs for individuals assigned information security roles and responsibilities; and (iii) providing standards for measuring and building individual qualifications for incumbents and applicants for information security-related positions. Such workforce programs can also include associated information security career paths to encourage: (i) information security professionals to advance in the field and fill positions with greater responsibility; and (ii) organizations to fill information security-related positions with qualified personnel. Information security workforce development and improvement programs are complementary to organizational security awareness and training programs. Information security workforce development and improvement programs focus on developing and institutionalizing core information security capabilities of selected personnel needed to protect organizational operations, assets, and individuals.
ICS SUPPLEMENTAL GUIDANCE
All aspects of information security workforce development and improvement programs include knowledge and skill levels in both computational and physical ICS components.
RELATED CONTROLS: PM-13
CONTROL ENHANCEMENTS
NO CONTROL ENHANCEMENTS
REFERENCES:
- NIST Special Publication 800-82 | GUIDE TO INDUSTRIAL CONTROL SYSTEMS (ICS) SECURITY