Page History

The role descriptions below, which can be used to identify appropriate staff to fulfill key roles, are based on definitions found in NIST Special Publication 800-37 rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy.

Information Owner (also known as the Federal Business Owner)

The Information Owner (also synonymous with Federal Business Owner), is a Federal official with the statutory, management, or operational authority to safeguard specified information and the responsibility for establishing the policies and procedures governing its generation, collection, processing, dissemination, and disposal. A single information system may contain data from multiple information owners, who also can provide input to IT system owners regarding security requirements and controls. The Information Owner has a governance role to ensure Information System Owner(s) working on their behalf are meeting the operational interests of the user community and maintaining compliance with security requirements.  The role of Information Owner is an inherently governmental one and cannot be delegated to non-government staff.

...