Audit Trails |
|
Sample Generic Policy and High Level Procedures for Audit Trails |
08/02/00 |
Authorize Processing (C&A) |
|
Certification and Accreditation Documentation Performance Work Summary |
07/30/02 |
Statement of Work: Certification and Accreditation Blanket Purchase Agreement - Department of Education |
02/12/02 |
Sample Generic Policy and High Level Procedures for Certification/Accreditation |
10/29/01 |
Certification and Accreditation - DLA * |
03/12/01 |
C&A of Core Financial System - USAID |
02/05/01 |
How to Accredit Information Systems for Operation - DOD/NSWC * |
02/01/01 |
Contingency Planning |
|
Contingency Planning Template Instructions - DOJ |
12/10/01 |
Sample Generic Policy and High Level Procedures for Contingency Plans |
8/21/01 |
Data Integrity |
|
How to Protect Against Viruses Using Attachment Blocking - National Endowment for the Humanities |
02/05/02 |
Sample Generic Policy and High Level Procedures for Data Integrity/Validation |
08/02/00 |
Documentation |
|
Memorandum of Understanding for System Interconnections |
09/13/02 |
Sample Generic Policy and High Level Procedures for System Documentation |
08/26/00 |
Interconnection Security Agreements - Customs * |
08/02/00 |
Hardware and System Software Maintenance |
|
Configuration Management Plan |
11/10/01 |
Interim Policy Document on Configuration Management |
11/10/01 |
Sample Generic Policy and High Level Procedures for Hardware and Application Software Security |
08/02/00 |
Identification and Authentication |
|
Password Cracking Information - National Labor Relations Board |
08/20/01 |
Password Management Standard - National Labor Relations Board |
08/13/01 |
Sample Generic Policy and High Level Procedures for Passwords and Access Forms |
08/02/00 |
Incident Response Capability |
|
Computer Incident Response Team Desk Reference - Federal Communications Commission |
07/30/02 |
Identification & Authentication on FCC Systems |
07/30/02 |
Computer Virus Incident Report Form |
01/10/02 |
FCC Computer Incident Response Guide |
12/30/01 |
Sample Generic Policy and High Level Procedures for Incident Response |
03/02/01 |
Developing an Agency Incident Response Process - SSA * |
02/20/01 |
Incident Handling - BMDO * |
05/22/00 |
Life Cycle |
|
Sample Generic Policy and High Level Procedures for Life Cycle Security |
01/02/01 |
Integrating Security into Systems Development Life Cycle - SSA * |
12/20/00 |
Logical Access Controls |
|
Decision Paper on Use of Screen Warning Banner |
12/13/01 |
Sample Warning Banner - National Labor Relations Board |
12/12/01 |
Network Security |
|
Network Perimeter Security Policy |
10/01/01 |
Securing POP Mail on Windows Clients - NASA * |
06/13/01 |
How to Deploy Firewalls - Carnegie Mellon * |
02/16/01 |
Configuration of Technical Safeguards - USAID * |
01/23/01 |
Network Security Management Policy |
01/08/01 |
How To Secure a Domain Name Server (DNS) - GSA * |
05/11/00 |
Personnel Security |
|
Email Policy - FCC |
11/14/02 |
Internet Use Policy - FCC |
11/14/02 |
Limited Personnel Use of Government Equipment |
11/14/02 |
Non-disclosure Form - FCC |
09/13/02 |
Guidelines for Evaluating Information on Public Web Sites |
10/19/01 |
Receipt of Proprietary Information |
10/01/01 |
Sample Generic Policy and High Level Procedures for Personnel Security |
12/18/00 |
Personal Use Policy - OPM * |
12/04/00 |
Limited Personal - VA * |
10/03/00 |
Physical and Environmental Protection |
|
Sample Generic Policy and High Level Procedures for Facility Protection |
08/02/00 |
Policy and Procedures |
|
Security Handbook - Glossary |
11/15/02 |
Security Handbook - Management Controls |
11/15/02 |
Security Handbook - Operational Controls |
11/14/02 |
Security Handbook - Technical Controls |
11/14/02 |
Telecommuting and Mobile Computer Security Policy |
01/08/02 |
Sample of XX Agency Large Service Application (LSA) Information Technology (IT) Security Program Policy |
08/02/00 |
Security Handbook and Standard Operating Procedures - GSA/PBS |
08/02/00 |
Production, Input/Output Controls |
|
Disk Sanitization Procedures - NIH * |
06/01/01 |
Remove all Data From Workstations & Servers - USAID * |
04/25/01 |
Sample Generic Policy and High Level Procedures for Marking, Handling, Processing, Storage and Disposal of Data |
08/02/00 |
Program Management |
|
IT Security Cost Estimation Guide - Department of Education |
11/28/02 |
A Summary Guide: Public Law, Executive Orders, and Policy Documents - Department of Treasury |
11/13/01 |
Position Description for Computer System Security Officer, GS-334-13 |
10/01/01 |
Position
Description for Information Security Officer, GS-334-15 |
10/01/01 |
Position Description for Computer Specialist, GS-334-14 |
10/01/01 |
Sample of an Information Technology (IT) Security Staffing Plan for a Large Service Application (LSA) |
11/15/99 |
Review of Security Controls |
|
PII Security Controls Assessment Plan Template - Department of Commerce |
07/28/06 |
Spreadsheet of SP 800-53 Controls - Commodity Futures Trading Commission |
06/21/06 |
Statement of Work for IT Security Review |
06/12/02 |
Statement of Work - Information Technology (IT) Security Program Assessment Review |
10/21/01 |
Mission Site Vulnerability Assessment - USAID * |
06/13/01 |
Overseas Computer Security Review - Department of State |
02/20/01 |
Modem Scan Process - USAID * |
01/23/01 |
Review of Information Technology (IT) Systems |
08/02/00 |
Risk Management |
|
General Support Systems and Major Applications Inventory Guide |
07/25/02 |
Sample Levels of Sensitivity |
03/11/02 |
Statement of Work: Risk Assessments - Department of Education |
02/12/02 |
Sample Generic Policy and High Level Procedures for Risk Assessment |
08/02/00 |
Security Awareness, Training and Education |
|
Short Security Awareness Briefing NIST |
12/10/01 |
Building an IT Security Awareness Program - NIST |
11/01/01 |
Certification of Information Security Awareness Training Form |
11/01/01 |
Security Training at Missions - USAID * |
01/23/01 |
Sample Generic Policy and High Level Procedures for Security Awareness, and Training |
08/02/00 |
Statement of Work - Computer Security Awareness and Training |
04/14/00 |
System Security Plan |
|
General Support Systems and Major Applications Inventory Guide |
07/25/02 |
Security Plan - USAID * |
01/23/01 |
Sample Generic Policy and High Level Procedures for Security Plans |
04/14/00 |