The Chief Information Security Officer (CISO), or designee is responsible for ensuring that the measures described in this Control are implemented.

It is the responsibility of the CISO, or designee, to ensure role-based security training is completed by information technology staff with assigned security roles and responsibilities:

• 1.1

  Before authorizing access to information resources or performing assigned duties;

• 1.2

  When required by information resource changes; and

• 1.3

  Annually, thereafter.