HHS OCIO Policies, Standards and Charters

OCIO Policy Categories

Capital Planning and Investment Control (CPIC)
Earned Value Management
E-Government
Enterprise Architecture
General

Information Collection
Information Quality Guidelines
IT Enterprise Solutions
IT Policy Development and Review Process
IT Security and Privacy

Mail Management
Personal Use of IT Resources
Printing Management
Records Management
Section 508
Web Policies

Description	Number	Date Issued	HTML Document	Word Document
Capital Planning and Investment Control
HHS Policy for IT Capital Planning and Investment Control (CPIC) See Procedures Section for CPIC Procedures Document and its related Appendices Document	2005-0005.001	12/30/2005	HTML	[ DOC - 153KB]
HHS IRM Policy for Conducting Information Technology Alternatives Analysis	2003-0002	06/13/2003	HTML	[ DOC - 121KB]
HHS IRM Policy for Conducting Information Technology Alternatives Analysis – superseded by Policy 2003-0002	2000-0002	01/08/2001	HTML	[ DOC - 86KB]
HHS IRM Policy for Capital Planning and Investment Control – superseded by Policy 2005-0005.001	2000-0001	01/08/2001	HTML	[ DOC - 276KB]
HHS IRM Guidelines for Capital Planning and Investment Control – superseded by Policy 2005-0005.001	2000-0001-GD	01/08/2001	HTML	[ DOC - 176KB]
Earned Value Management
HHS-OCIO Policy for IT Earned Value Management See Procedures Section for EVM Procedures Document	2007-0001	06/11/2007	HTML	[ DOC - 272 KB]
HHS-OCIO Policy for IT Earned Value Management – superseded by Policy 2007-0001	2005-0004.001	12/30/2005	HTML	[ DOC - 237 KB]
E-Government
HHS OCIO Policy for E-Gov Forms	2006-0003	06/07/2006	HTML	[ DOC - 700KB]
Enterprise Architecture
HHS-OCIO IT Policy for Enterprise Architecture (EA)	2008-0003.001	08/07/2008	HTML
HHS-OCIO IT Policy for Enterprise Architecture (EA) - superceded by by Policy 2008-0003.001	2005-0003.001	01/10/2006	HTML	[ DOC - 153KB]
General
CIO Council Charter	2007-0001.001C	06/27/2007	HTML	[ DOC - 463KB]
CIO Roles and Responsibilities – Circular No. IRM-101		03/1999	HTML	[ DOC - 495KB]
Information Collection
IT Enterprise Solutions
HHS-OCIO IT Policy for HHSMail Change Management	2006-0002	03/02/2006	HTML	[ DOC - 700KB]
HHS IRM Policy for Government Emergency Telecommunication System Cards Ordering, Usage and Termination	2002-0001	11/25/2002	HTML	[ DOC - 146KB]
HHS IRM Policy for Active Directory	2000-0010	01/08/2001	HTML	[ DOC - 75KB]
HHS IRM Policy for Public Key Infrastructure (PKI); Certification Authority (CA)	2000-0011	01/08/2001	HTML	[ DOC - 92KB]
HHS IRM Policy for Directory Services Using LDAP	2000-0012	01/08/2001	HTML	[ DOC - 84KB]
IT Policy Development and Review Process
HHS Policy for IT Policy Development	2006-0004	11/28/2006	HTML	[ DOC - 224KB]
HHS IRM Policy For Comments From And Responses To Operating Divisions On Newly Developed Policies and CIO Council and ITIRB Clearance Documents	2003-0001	02/14/2003	HTML	[ DOC - 92KB]
IT Security and Privacy
HHS Policy for Department-wide Information Security	2007-0002	09/24/2007	HTML	[ DOC - 168KB]
HHS Encryption Standard for Mobile Devices and Portable Media	2007-0001.001S	08/21/2007	HTML	[ DOC - 38KB]
HHS IRM Information Security Program Policy	2004-0002.001	12/15/2004	HTML	[ DOC - 461KB]
HHS IRM Policy for IT Security for Remote Access	2000-0005	01/08/2001	HTML	[ DOC - 96KB]
HHS IRM Policy for Establishing an Incident Response Capability	2000-0006	01/08/2001	HTML	[ DOC - 111KB]
HHS IRM Policy for Prevention, Detection, Removal and Reporting of Malicious Software	2000-0007	01/08/2001	HTML	[ DOC - 125KB]
HHS Rules of Behavior (For Use of Technology Resources and Information)	2008-0001.003S	02/12/2008	HTML
HHS Standard for Managing Outbound Web Traffic	2008-0002.002S	06/06/2008	HTML
HHS Policy for Responding to Breaches of Personally Identifiable Information (PII)	2008-0001.002	04/15/2008	HTML	[ DOC - 160KB]
HHS Standard for the Segregation of Development/Test Environments from Production	2008-0003.002S	08/07/2008	HTML
Mail Management
Personal Use of IT Resources
HHS IRM Policy for Personal Use of Information Technology Resources	2006-0001	02/17/2006	HTML	[ DOC - 156KB]
HHS IRM Policy for Personal Use Of Information Technology Resources – superseded by Policy 2006-0001	2004-0001	11/23/2004	HTML	[ DOC - 235KB]
Personal Use Of Information Technology Resources – superseded by Policy 2004-0001	2000-0003	01/08/2001	HTML	[ DOC 121KB]
Records Management

Section 508
HHS Policy for Records Management	2007-0004.001	01/30/2008	HTML
HHS Policy for Records Management for Emails	2008-0002.001	05/15/2008	HTML
HHS Policy for Electronic Records Management - superceded and obsolete by Policy 2007-0004.001	2005-0001	09/15/2005	HTML	[ DOC - 156KB]
HHS Policy for Records Management - superceded by Policy 2007-0004.001	2005-0002.002	09/15/2005	HTML
HHS Policy for Records Management Employee Departures - superceded and obsolete by Policy 2007-0004.001	2007-0003.002	09/24/2007	HTML
Web Policies
HHS Policy for Internet Domain Names	WEB-2005-01	06/13/2005	HTML
Use of Broadcast Messages, Spamming and Targeted Audiences	2000-0004	01/08/2001	HTML	[ DOC - 103KB]
Domain Names – superseded by Policy WEB-2005-01	2000-0008	01/08/2001	HTML	[ DOC - 79KB]
Usage of Persistent Cookies	2000-0009	01/08/2001	HTML	[ DOC - 79KB]

Procedures and Appendices

Description	Number	Date Issued	HTML Document	Word Document
Capital Planning and Investment Control
HHS-OCIO CPIC Procedures	2005-0005P	12/30/2005	HTML	[DOC - 153KB]
HHS-OCIO CPIC Procedure-Appendix	2005-0005P-A	12/30/2005		[DOC - 153KB]
Earned Value Management
HHS-OCIO EVM Procedures	2005-0004P	12/30/2005		[DOC - 1.2 MB]
Information Quality Guidelines

Charters

Description	Number	Date Issued	HTML Document	Word Document
Records Management

IT Security and Privacy
HHS Records Management Council Charter	2007.0002.001C	08/21/2007	HTML	[DOC - 158KB]
Personally Identifiable Information (PII) Breach Response Team (BRT) Charter	2008.0001.002C	04/15/2008	HTML	[DOC- 161 KB]
Enterprise Systems
HHS Trusted Internet Connection Access Provider (TICAP) Steering Committee Charter	2008.0002.001C	06/23/2008	HTML