The IT Law Wiki

Definition[]

An Activity Security Manager (ASM) is

[t]he individual specifically designated in writing and responsible for the activity's information security program which ensures that classified and Controlled Unclassified Information (CUI) is properly handled during its entire life cycle. This includes ensuring classified information is appropriately identified, marked, stored, disseminated, disposed of, and accounted for, as well as providing guidance on the handling of security incidents to minimize adverse effects and ensure that appropriate corrective action is taken.[1]

Overview[]

"The Activity Security Manager (ASM) may be assigned responsibilities in other security disciplines, such as personnel or physical security."[2]

References[]