1.2 target audience

This publication is intended to serve a diverse audience of information system and information security professionals including:

• Individuals with information system, security, and/or risk management and oversight responsibilities (e.g., authorizing officials, chief information officers, senior information security officers,^[13] information system managers, information security managers);</sup>
• Individuals with information system development responsibilities (e.g., program managers, system designers and developers, information security engineers, systems integrators);
• Individuals with information security implementation and operational responsibilities (e.g., mission/business owners, information system owners, common control providers, information owners/stewards, system administrators, information system security officers);
• Individuals with information security assessment and monitoring responsibilities (e.g., auditors, Inspectors General, system evaluators, assessors, independent verifiers/validators, analysts, information system owners); and
• Commercial companies producing information technology products and systems, creating information security-related technologies, or providing information security services.

¹³. At the agency level, this position is known as the Senior Agency Information Security Officer. Organizations may also refer to this position as the Senior Information Security Officer or the Chief Information Security Officer. ↩