Skip Navigation

HHS OCIO Policies, Standards and Charters

Policies, Standards, and Charters - Categories

Link to Historical Policies, Standards, Charters

Policy is defined as the "what" and the "when" whereas Procedure is defined as the "how".

Oversight groups (the President; Congress; Office of Management and Budget (OMB); General Services Agency (GSA); Office of Personnel Management (OPM); etc.) set the standards, the goal, the expectations that all Cabinet-Level Departments and their equivalents are to meet.

The delta between where a Department is from that oversight-set goal, that expectation; that is the Department's Policy on "what" and "when" activities must occur in order to achieve progress towards that set that goal.

The HTML links below will take you to the Policy, Standard, or Charter listed.  If you would like to view a summary of all the documents shown below, please click here:  OCIO Summary Page.


POLICIES [28 Total]

Description

Number

Date Issued

HTML

Capital Planning and Investment Control [4 Policies]

HHS OCIO Policy for Information Technology (IT) Enterprise Performance Life Cycle (EPLC)

2008-0004.001

10/06/2008

HTML

HHS-OCIO Policy for IT Earned Value Management

See Procedures Section for EVM Procedures Document

2007-0001

 

06/11/2007

 

HTML

HHS Policy for IT Capital Planning and Investment Control (CPIC)

See Procedures Section for CPIC Procedures Document and its related Appendices Document

2005-0005.001

12/30/2005

HTML

HHS IRM Policy for Conducting Information Technology Alternatives Analysis

2003-0002

06/13/2003

HTML

Enterprise Architecture [2 Policies]

HHS-OCIO IT Policy for Enterprise Architecture (EA)

2008-0003.001

08/07/2008

HTML
CIO Roles and Responsibilities – Circular No. IRM-101 03/1999HTML

Information Collection

IT Enterprise Solutions [7 Policies]

HHS-OCIO IT Policy for Networx Program Designated Agency Representatives

2009-0001

01/14/2009

HTML

HHS-OCIO IT Policy for HHS Mail Change Management

2006-0002

03/02/2006

HTML 

HHS IRM Policy for Government Emergency Telecommunication System Cards Ordering, Usage and Termination

2002-0001

11/25/2002

HTML

HHS IRM Policy for Directory Services Using LDAP

2000-0012

01/08/2001

HTML

HHS IRM Policy for Public Key Infrastructure (PKI); Certification Authority (CA)

2000-0011

01/08/2001

HTML

HHS IRM Policy for Active Directory

2000-0010

01/08/2001

HTML

Use of Broadcast Messages, Spamming and Targeted Audiences

2000-0004

01/08/2001

HTML

IT Policy Development and Review Process [4 Policies]

HHS Policy for IT Policy Development

2006-0004

11/28/2006

HTML 

HHS OCIO Policy for E-Gov. Forms

2006-0003

06/07/2006

HTML

HHS IRM Policy for Personal Use of Information Technology Resources

2006-0001

02/17/2006

HTML

HHS IRM Policy For Comments From And Responses To Operating Divisions On Newly Developed Policies and CIO Council and ITIRB Clearance Documents

2003-0001

02/14/2003

HTML

IT Security and Privacy [8 Policies]

HHS Policy for Privacy Impact Assessments (PIA)2009-0002.00102/09/2009HTML
HHS Policy for Responding to Breaches of Personally Identifiable
Information (PII)
2008-0001.00311/17/2008HTML
HHS Policy for Department-wide Information Security2007-000209/24/2007HTML

HHS IRM Information Security Program Policy

2004-0002.001

12/15/2004

HTML

Usage of Persistent Cookies

2000-0009

01/08/2001

HTML

HHS IRM Policy for Prevention, Detection, Removal and Reporting of Malicious Software

2000-0007

01/08/2001

HTML

HHS IRM Policy for Establishing an Incident Response Capability

2000-0006

01/08/2001

HTML

HHS IRM Policy for IT Security for Remote Access

2000-0005

01/08/2001

HTML

Mail Management

Printing Management

Records Management [2 Policies]

HHS Policy for Records Management for E-mails2008-0002.00105/15/2008HTML

HHS Policy for Records Management

2007-0004.001

01/30/2008

HTML

Section 508

Web Policies [1 Policy]

HHS Policy for Internet Domain Names

WEB-2005-01

06/13/2005

HTML


PROCEDURES AND APPENDICES
Procedures and Appendices are available for CPIC and EVM at the HHS intranet site for authorized users.


STANDARDS [8 Total]

Description

Number

Date Issued

HTML Document

IT Security and Privacy [8 Standards]

HHS-OCIO Standard for Encryption Language in HHS Contracts

2009-0002.001S01/30/2008HTML

HHS-OCIO Standard for Security Configurations Language in HHS Contracts

2009-0001.001S01/30/2008HTML
HHS Standard for Encryption2008-0007.001S12/23/2008HTML
HHS Standard for FISMA Inventory Management 2008-0006.001S12/23/2008HTML
HHS Standard for Plan of Action and Milestones2008-0005.001S12/23/2008HTML
HHS Standard for the Segregation of Development/Test Environments from Production2008-0003.002S08/07/2008HTML
HHS Standard for Managing Outbound Web Traffic2008-0002.003S06/06/2008HTML
HHS Rules of Behavior (For Use of Technology Resources and Information)2008-0001.003S02/12/2008HTML
Enterprise Systems


CHARTERS [4 Total]

Description

Number

Date Issued

HTML Document

Enterprise Architecture [1 Charter]

CIO Council Charter

2007-0001.001C

  06/27/2007

 HTML
Records Management [1 Charter]
Records Management Council Charter2007-0002.001C08/21/2007HTML
IT Security and Privacy[1 Charter]
Personally Identifiable Information (PII) Breach Response Team (BRT) Charter2008.0001.003C11/17/2008HTML
Enterprise Systems [1 Charter]
HHS Trusted Internet Connection Access Provider (TICAP) Steering Committee Charter2008.0002.001C 06/23/2008HTML