The information security program management (PM) controls described are typically implemented at the organisation level and not directed at individual organisational information systems. The program management controls have been designed to facilitate compliance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.