SAMHSA.gov
The Substance Abuse & Mental Health Services Administration


SAMHSA IT Page

IT Resources for Contractors

Information Technology Security

Information Security Program Policy

The HHS Information Security Program Policy provides a baseline of security policies for the Department. These policies apply to the Department, which includes Operating Division (OPDIV) and Staff Division (STAFFDIV) personnel, contractors, and other authorized users. OPDIVs can exceed these standards, but must consistently apply at least the minimum that are outlined in the Policy. Click here to download this document.

Information Security Program Handbook

The HHS Information Security Program Handbook provides the procedures and guidance necessary to meet or exceed the policies and standards set in the HHS IT Security Policy. The handbook applies to all Depart mental personnel, contractors, and authorized users who access departmental information systems and is also applicable to all departmental information systems used to process, store, transmit, or receive departmental data of any sensitivity or classification, regardless of when or how they were acquired or where they are operated. Click here to download this document.

Guide for Developing Security Plans for Federal Information Systems [February 2006]

As mandatated by OMB, SAMHSA conforms to NIST standards as guidance in implementing its Security Program. Contractors shall use the NIST Special Publication 800-18 Rev.1 “Guide for Developing Security Plans for Federal Information Systems [February 2006] as a guideline for preparing the IT Security Plan. For your information, Appendix A of this NIST Special Publication has a useful Sample Information System Security Plan Template. Click here to visit this site.


Last Update: 9/24/2008