Mission: To assure the effectiveness of the U.S. Air Force’s five core missions by increasing the cybersecurity and resiliency of systems and information.
Vision: To facilitate risk management decisions within the cyber domain, across the five core missions of the Air Force, by:
- Creating policy for enterprise cybersecurity risk management
- Overseeing the implementation of cybersecurity controls
- Enforcing compliance of US, DoD, and Air Force policies
- Advocating cybersecurity issues within the Air Force corporate process
The Office of the CISO (CNZ) is comprised of three divisions: Compliance (CNZA), Cybersecurity Programs and Protect Portfolio (CNZP), and Cybersecurity Risk Management (CNZR).
CNZ is tasked with transforming the Air Force from reactive to proactive cybersecurity through policy, processes, and strategic communications. CNZ implements and enables a cybersecurity governance structure to inform senior leaders of cybersecurity challenges leading to agile, effective, and informed decisions regarding cybersecurity risk mitigation.
The Compliance Division (CNZA) serves as the compliance function for Information Access programs and Information Technology processes such as Freedom of Information Act, Privacy and Civil Liberties, Records Management, Section 508, Information Collections, Federal Register, Clinger-Cohen Act, Deputy Air Force Chief Information Officer publications and forms, and Information Technology investments. CNZA is also the Air Force Executive Agent for Interoperability ensuring all warfighting platforms, business systems, and information technology programs are interoperable with Combatant Commands, DoD entities, and Services’ platforms/systems. CNZA strives to lessen the burden on stakeholders while ensuring the Department of the Air Force adheres to legal and statutory mandates while executing its mission.
The Cybersecurity Programs and Protect Portfolio Division (CNZP) serves as the central integrator for cybersecurity activities in weapons and mission systems across Information Technology, Operational Technology, and platforms. The Division serves as the HAF manager of cryptographic modernization initiatives and executes the Damage Assessment Management Office function. The Division implements innovative Air Force cybersecurity initiatives through internal and external stakeholder collaboration and the prioritization of tasks that increase resiliency and improve the identification and management of risk throughout the lifecycle of all Air Force IT systems.
The Cybersecurity Risk Management Division (CNZR) provides oversight and policy guidance using the Risk Management Framework to ensure Cybersecurity across the five Air Force core mission areas. CNZR partners with AF, DoD, Joint, and Federal agencies to support an integrated approach to Cybersecurity that effectively manages community risk while meeting AF needs. The Division hosts regular Authorizing Official summits, RMF training events, and Risk Management Council meetings to ensure a comprehensive approach to risk mitigation throughout the Department.