References
Privacy Act of 1974 (5 U.S.C. Section 552a, as amended)
Privacy Act of 1974 (5 U.S.C. Section 552a, as amended):
http://www.usdoj.gov/foia/privstat.htm
OMB Instructions for Complying with the President’s Memorandum "Privacy and Personal Information in Federal Records":
http://www.whitehouse.gov/omb/memoranda/m99-05-b.html
HHS Secure One Privacy Website:
http://intranet.hhs.gov/infosec/privacy.html
HHS Privacy Act Regulations:
http://www.access.gpo.gov/nara/cfr/waisidx_99/45cfr5b_99.html
NIH, HHS, and Federal Privacy Act Systems of Records Notices (SORNs):
http://oma.od.nih.gov/ms/privacy/pa-files/read02systems.htm
NIH Privacy Act Notification - Criteria and Sample Statements to be considered for posting on NIH websites as well as paper and electronic forms used to collect information:
http://oma.od.nih.gov/ms/privacy/NSCriteria.doc
NIH Website Privacy Policy Statement:
http://www.nih.gov/about/privacy.htm
Privacy Impact Assessments (PIAs)
The Privacy Act of 1974:
http://www.usdoj.gov/oip/privstat.htm
About the E-Government Act:
www.whitehouse.gov/omb/egov/g-4-act.html (please see bottom of linked page for full text option)
Section 208 of the E-Government Act 2002:
http://aspe.hhs.gov/datacncl/privacy/titleV.pdf
Computer Matching and Privacy Act of 1988:
http://www.usdoj.gov/oip/1974compmatch.htm
Freedom of Information Act:
http://www.usdoj.gov/oip/foiastat.htm
Paperwork Reduction Act:
http://www.archives.gov/federal-register/laws/paperwork-reduction/
Circular No. A-130:
http://63.161.169.137/omb/circulars/a130/a130.html
Memorandum M-03-22 issued by OMB in September 2003:
http://www.whitehouse.gov/omb/memoranda/m03-22.html
Memorandum M-04-24 issued by OMB in August 2004:
http://www.whitehouse.gov/omb/memoranda/fy04/m04-24.html
Memorandum M-05-15 issued by OMB in June 2005:
http://www.whitehouse.gov/omb/memoranda/fy2005/m05-15.html
Memorandum M-07-16 issued by OMB in May 2007:
http://www.whitehouse.gov/omb/memoranda/fy2007/m07-16.pdf
Memorandum M-07-19 issued by OMB in July 2007:
http://www.whitehouse.gov/omb/memoranda/fy2007/m07-19.pdf
Memorandum M-08-09 issued by OMB in January 2008:
http://www.whitehouse.gov/omb/memoranda/fy2008/m08-09.pdf
NIH, HHS, and Federal Privacy Act Systems of Records Notices (SORNs)
http://oma.od.nih.gov/ms/privacy/pa-files/read02systems.htm
HHS Information Security Program Policy:
http://intranet.hhs.gov/infosec/docs/policies_guides/ISPP/Information_Security_Program_Policy.doc
Information Security Program Privacy Policy (Memorandum):
http://intranet.hhs.gov/infosec/docs/policies_guides/ISPPM/Infosec_Program_Privacy_Policy_memo.doc
Plan of Action and Milestones (POA&M) Guide:
http://intranet.hhs.gov/infosec/docs/policies_guides/POAM/POAMGuide.doc
The HHS PIA Guide:
http://intranet.hhs.gov/infosec/docs/policies_guides/PIA/PIA_TOC.htm
NIH PIA Guide:
http://oma.od.nih.gov/ms/privacy/NIHPIAGuide.doc
NIH PIA Training Presentation:
Color - http://oma.od.nih.gov/ms/privacy/Training2008.ppt
Black and White - http://oma.od.nih.gov/ms/privacy/Training2008bw.ppt
NIH Manual 1745-1 - NIH Privacy Impact Assessments:
http://www3.od.nih.gov/oma/manualchapters/management/1745-1/
SPORT Tool Information and Links:
http://ocio.nih.gov/nihonly/ProSight-FISMA-info.htm
Web Privacy
Section 208 of the E-Government Act 2002:
http://aspe.hhs.gov/datacncl/privacy/titleV.pdf
Children’s Online Privacy Protection Act (COPPA) of 1998:
http://www.ftc.gov/ogc/coppa1.htm
NIH Manual Chapter 2805 – NIH Web Page Privacy Policy:
http://www3.od.nih.gov/oma/manualchapters/management/2805/
NIH Manual Chapter 1825 – Information Collection From the Public:
http://www.1.od.nih.gov/oma/manualchapters/management/1825
NIH Privacy Act Notification - Criteria and Sample Statements:
http://oma.od.nih.gov/ms/privacy/NSCriteria.doc
NIH Information Technology General Rules of Behavior:
http://irm.cit.nih.gov/security/nihitrob.html
NIH Office of the Chief Information Officer:
http://ocio.nih.gov/
Homeland Security Presidential Directive (HSPD) - 12
Homeland Security Presidential Directive-12:
http://www.whitehouse.gov/news/releases/2004/08/20040827-8.html
Federal Information Processing Standards Publication 201-1 (FIPS 201):
http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf
NIH HSPD-12 Website:
http://enterprisearchitecture.nih.gov/About/Approach/HSPD12TechnicalCoordination.htm
http://enterprisearchitecture.nih.gov/About/NewsEvents/News/HSPD12April07.htm
Office of Research Services - Division of Personnel Security and Access Control:
http://ser.ors.od.nih.gov/div_personnelAccess.htm
Office of Research Services - Division of Physical Security Management:
http://ser.ors.od.nih.gov/physical_security.htm
Personal Identification Verification Process:
http://www.idbadge.nih.gov/
Federal Information Security Management Act and Agency Privacy Management (FISMA)
White House E-Government Act Website:
http://www.whitehouse.gov/omb/egov/
About the E-Government Act:
http://www.whitehouse.gov/omb/egov/g-4-act.html
(please see bottom of linked page for full text option)
Section 208 of the E-Government Act of 2002:
http://aspe.hhs.gov/datacncl/privacy/titleV.pdf
Federal Information Security Management Act 2002, Title III, the full text:
http://csrc.nist.gov/policies/FISMA-final.pdf
Report to Congress on the Benefits of the E-Government Initiatives:
http://www.whitehouse.gov/omb/egov/g-10-Section_841.html
OMB Memorandum M-03-22 issued by OMB in September 2003:
http://www.whitehouse.gov/omb/memoranda/m03-22.html
OMB Memorandum M-05-15 issued by OMB in June 2005:
http://www.whitehouse.gov/omb/memoranda/fy2005/m05-15.html
OMB Memorandum M-06-15 issued in May 2006:
http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-15.pdf
OMB Memorandum M-07-19 issued in July 2007:
http://www.whitehouse.gov/omb/memoranda/fy2007/m07-19.pdf
NIH, HHS, and Federal Privacy Act Systems of Records Notices (SORNs):
http://oma.od.nih.gov/ms/privacy/pa-files/read02systems.htm
NIH Manual 1745 - Information Technology (IT) Privacy Program:
https://www3.od.nih.gov/oma/manualchapters/management/1745/
Breach Response
Privacy Act of 1974 as amended, 5 U.S.C. § 552a:
http://www.usdoj.gov/foia/privstat.htm
OMB Memorandum M-05-08, "Designation of Senior Agency Officials for Privacy,":
http://www.whitehouse.gov/omb/memoranda/fy2005/m05-08.pdf
OMB M-06-15 issued in May 2006:
http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-15.pdf
OMB M-06-16 issued in June 2006:
http://www.whitehouse.gov/omb/memoranda/fy2006/m06-16.pdf
OMB Memorandum, "Recommendations for Identity Theft Related Data Breach Notification,":
http://www.whitehouse.gov/omb/memoranda/fy2006/task_force_theft_memo.pdf
OMB M-06-19 issued in July 2006:
http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-19.pdf
OMB M-07-16 issued in May 2006:
http://www.whitehouse.gov/omb/memoranda/fy2007/m07-16.pdf
OMB M-08-09 issued in January 2008:
http://www.whitehouse.gov/omb/memoranda/fy2008/m08-09.pdf
US-CERT:
http://www.us-cert.gov/
National Institute of Standards and Technology (NIST) Special Publication (SP) 800-30, "Risk Management Guide for Information Technology Systems,":
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, "Recommended Security Controls for Federal Information Systems,":
http://csrc.nist.gov/publications/nistpubs/800-53-Rev1/800-53-rev1-final-clean-sz.pdf
National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61, "Computer Security Incident Handling Guide,":
http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf
HHS Incident Management and Response Website:
http://www.hhs.gov/ocio/securityprivacy/incidentmanagement/incidentresp.html
HHS Secure One Incident Management Website:
http://intranet.hhs.gov/infosec/incident_management.html
HHS Policy for Responding to Breaches of Personally Identifiable Information (PII):
http://www.hhs.gov/ocio/policy/2008-0001.003.html
HHS: Breach Response Team Charter:
http://intranet.hhs.gov/infosec/docs/incident_mgmt/Breach_Response_Team_Charter/Breach_Response_Team_Charter_toc.htm
HHS IRM Policy for Establishing an Incident Response Capability:
http://www.hhs.gov/ocio/policy/2000-0006.html
HHS Information Security Program Policy:
http://intranet.hhs.gov/infosec/docs/policies_guides/ISPP/isp_toc.htm
HHS Response to OMB M-07-16:
http://www.hhs.gov/ocio/securityprivacy/hhs_response_plan_to_m0716_070919_new.pdf
HHS Memorandum ISP-2007-005, “Departmental Standard for the Definition of Sensitive Information,”:
http://intranet.hhs.gov/infosec/policies_memos.html
NIH ISSO Corner:
http://irm.cit.nih.gov/security/security-isso.htm#Contact_Information
NIH IT Incident Response and Prevention:
http://ocio.nih.gov/security/security-isso.htm
NIH OMA Privacy Website:
http://oma.od.nih.gov/ms/privacy/
Training Resources
OMB Memorandum M-07-19 issued in July 2007:
http://www.whitehouse.gov/omb/memoranda/fy2007/m07-19.pdf
HHS Security Education and Awareness Website:
http://intranet.hhs.gov/infosec/education.html
Federal Trade Commission Identity Theft Website:
http://www.ftc.gov/idtheft
Return to the top
|