Who is the individual appointed by a contractor with oversight responsibility for the facility's classified information system security program, and must be trained to a level commensurate with the facility's IS complexity?

The Information System Security Manager is the individual appointed by the contractor who has oversight responsibility for the facility’s classified information system security program. This role carries the duty to direct and govern the security program, ensuring that policies are implemented, controls are in place, risks are managed, and the program stays aligned with applicable standards and regulations. Because the facility’s information system complexity can vary, the ISSM must be trained to a level that matches that complexity so they can effectively oversee the program, interpret requirements, and communicate risk and status to leadership. The Information System Security Officer handles day-to-day implementation of security controls, while the Security Control Assessor conducts independent assessments; the term Inside Director isn’t applicable here.