Who has the authority to appoint an Information Assurance Manager (IAM)/Information Security Security Manager?
An IAM (Information Assurance Manager) is now called an Information System Security Manager (ISSM). The program manager, system manager or component commanders appoints the Information security security manager in writing.
According to DoD 8510.01, Risk Management Framework it is the Program Manager/System Manager who appoints the ISSM for each assigned Information System or PIT system with the support, authority, and resources to satisfy the responsibilities established in this instruction.
In the Department of Navy, Information System Security Manager is appointed by Program Executive Offices, Systems Commands – According to SECNAV, 5239.2
The Army currently uses AR 25-2, Information Assurance (being replaced). The Information Assurance Program Manager (IAPM) appoints the IAM 3-2.
IAM. Appoint IAMs at all appropriate levels of command. This includes subordinate commands, posts, installations, and tactical units. Appoint an IAM as needed for those Army activities responsible for project development, deployment, and management of command-acquired software, operating systems, and networks. A contractor will not fill the MSC, installation, or post IAM positions and the person filling the position will be a U.S. citizen.