The DHS Chief Information Officer oversees the Department-wide IT security program, ensure proper computer security incident response, and provide consulting assistance to all DHS offices for their individual programs. The DHS CIO provides management direction for the DHS Security Operations Center (SOC) and overall direction for Component SOCs. The DHS CIO, or designated representative, has the sole responsibility for public release of information concerning computer security incidents. The CIO consults with the DHS Privacy Office and Public Affairs Office prior to releasing any information.
The DHS CIO:
- Appoints a federal employee in writing to serve as the DHS Chief Information Security Officer (CISO).
- Serves as the Designated Accrediting Authority (DAA) for DHS enterprise IT systems. This responsibility may be delegated in writing as appropriate.
- Participates in developing DHS performance plans, including descriptions of the time periods and budget, staffing, and training resources required to implement the Department-wide security program.
- Ensures that all IT systems acquisition documents, including existing contracts, include appropriate IT security requirements and comply with DHS IT security policies.
- Ensures that DHS security programs integrate fully into the DHS enterprise architecture and capital planning and investment control processes.
- Ensures that system owners understand and appropriately address risks, including interconnectivity with other programs and systems outside their control.
- Reviews and evaluates the IT security program annually.
- Ensures that an IT security performance metrics program is developed, implemented, and funded.
- Reports to the Under Secretary for Management on matters relating to the security of DHS IT systems.