Certified Information Systems Security Professional (CISSP) — Question 351

A project manager for a large software firm has acquired a government contract that generates large amounts of Controlled Unclassified Information (CUI). The organization's information security manager had received a request to transfer project-related CUI between systems of differing security classifications. What role provides the authoritative guidance for this transfer?

Answer options

• A. PM
• B. Information owner
• C. Data Custodian
• D. Mission/Business Owner

Correct answer: B

Explanation

The Information owner is responsible for the management and protection of CUI, making them the appropriate authority for providing guidance on transferring this information between systems of varying security classifications. The Project Manager (PM) focuses on project execution rather than information security, while the Data Custodian is more involved in handling and safeguarding the data rather than making policy decisions. The Mission/Business Owner has a broader role but lacks the specific authority over information classification and transfer protocols.