A CISO Handbook was released recently by a group of federal CISO & CIO councils to help their peers navigate current government approaches to cybersecurity and risk management.

Available through the CIO.gov website, the CISO Handbook is designed to provide a “one stop shop” for new and emerging information security professionals looking to become future cybersecurity executives. Another goal is to drive workforce change and collaboration across agencies to address systemic cybersecurity challenges.

“The Handbook will help CISOs embrace risk management practices like the NIST Cybersecurity Framework in the context of legislation, policy and federal guidance,” says Emery Csulak, CISO at the Centers for Medicare & Medicaid Services. “Breaking the complex conversation of the CISO role and risk management into consumable pieces can only help the community succeed in bringing new talent onboard and meeting our mission needs.”

For CISOs dealing with frequent changes to federal cyber policy and requirements, the CISO Handbook features a chronological list of presidential directives, OMB memos, NIST guidance and a breakdown of responsibilities assigned by the Federal Information Security Modernization Act (FISMA) of 2014. The release says that the Handbook is the most complete collection of policies and templates pertaining to federal cybersecurity ever published in one place.

Designed to be useful for both new and seasoned professionals, sections in the handbook cover:

  • The CISO’s role within an agency and the federal government as a whole, key organizations and a summary of the many kinds of reporting the CISO must conduct to keep their agency accountable to government-wide authorities
  • Cybersecurity broken into managing risk and federal policies and initiatives
  • Managing their agency’s resources as well as available federal resources
  • Appendices with detailed information on the tools, policies and best practices presented earlier in the handbook.

The CISO Handbook is handbook is meant to provide CISOs with a foundational understanding of their role and will be updated as new policies and guidance are issued.


A blueprint to recovering from a network hack using out-of-band.To go along with the fed CISO Handbook, Uplogix has a blueprint for you. Check out the Blueprint for After the Hack for how Uplogix provides a response tool kit for that almost invevitable moment (and despite best efforts) after your network has been hacked.