NIH Office of Management Assessment
logo
About the OMA
News & Events
Internet Links
logo

What's NewContact Us!Site Index
Management Support

OMA Collage
Program IntegrityOutside Review and LiaisonQuality ManagementManagment Support
Management Support
Quicklinks Quicklinks
IC Privacy Coordinators Eye on Privacy News
PMC Meetings Privacy Brochure
PCG Meetings OCIO Website
Privacy Training NIH Encryption Web Page
PIA Training FAQs
Privacy Act SORNs Glossary
SORN Checklist References

Main Menu - Privacy Information Privacy Act PIAs Web Privacy HSPD-12 FISMA Incident Reporting Training Resources Policy and Memoranda

References

Privacy Act of 1974 (5 U.S.C. Section 552a, as amended)

Privacy Act of 1974 (5 U.S.C. Section 552a, as amended):
http://www.usdoj.gov/oip/privstat.htm
http://www.usdoj.gov/oip/04_7_1.html

Freedom of Information Act:
http://www.usdoj.gov/oip/foiastat.htm

OMB Instructions for Complying with the President’s Memorandum "Privacy and Personal Information in Federal Records":
http://www.whitehouse.gov/omb/memoranda/m99-05-b.html

Children's Online Privacy Protection Act o 1998:
http://www.ftc.gov/ogc/coppa1.htm

Circular No. A-130:
http://63.161.169.137/omb/circulars/a130/a130.html

HHS Secure One Privacy Website:
http://intranet.hhs.gov/infosec/privacy.html

HHS Privacy Act Regulations:
http://www.access.gpo.gov/nara/cfr/waisidx_99/45cfr5b_99.html

NIH, HHS, and Federal Privacy Act Systems of Records Notices (SORNs):
http://oma.od.nih.gov/ms/privacy/pa-files/read02systems.htm

SORN Checklist:
http://oma.od.nih.gov/ms/privacy/System of Records Notice Review Checklist.doc

NIH Privacy Act Notification - Criteria and Sample Statements to be considered for posting on NIH websites as well as paper and electronic forms used to collect information:
http://oma.od.nih.gov/ms/privacy/NSCriteria.doc

NIH Website Privacy Policy Statement:
http://www.nih.gov/about/privacy.htm


Privacy Impact Assessments (PIAs)

Privacy Act of 1974 (5 U.S.C. Section 552a, as amended):
http://www.usdoj.gov/oip/privstat.htm
http://www.usdoj.gov/oip/04_7_1.html

The E-Government Act of 2002 (see Title II, Section 208 for privacy provisions):
http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ347.107.pdf

Computer Matching and Privacy Act of 1988:
http://www.usdoj.gov/oip/1974compmatch.htm

Paperwork Reduction Act:
http://www.archives.gov/federal-register/laws/paperwork-reduction/

Circular No. A-130:
http://63.161.169.137/omb/circulars/a130/a130.html

Memorandum M-03-22 issued by OMB in September 2003:
http://www.whitehouse.gov/omb/memoranda/m03-22.html

Memorandum M-04-24 issued by OMB in August 2004:
http://www.whitehouse.gov/omb/memoranda/fy04/m04-24.html

Memorandum M-05-15 issued by OMB in June 2005:
http://www.whitehouse.gov/omb/memoranda/fy2005/m05-15.html

Memorandum M-07-16 issued by OMB in May 2007:
http://www.whitehouse.gov/omb/memoranda/fy2007/m07-16.pdf

Memorandum M-07-19 issued by OMB in July 2007:
http://www.whitehouse.gov/omb/memoranda/fy2007/m07-19.pdf

Memorandum M-08-09 issued by OMB in January 2008:
http://www.whitehouse.gov/omb/memoranda/fy2008/m08-09.pdf

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-60:
http://csrc.nist.gov/publications/nistpubs/800-60-rev1/SP800-60_Vol1-Rev1.pdf

NIH, HHS, and Federal Privacy Act Systems of Records Notices (SORNs):
http://oma.od.nih.gov/ms/privacy/pa-files/read02systems.htm

HHS Information Security Program Policy:
http://intranet.hhs.gov/infosec/docs/policies_guides/ISPP/Information_Security_Program_Policy.doc

Information Security Program Privacy Policy (Memorandum):
http://intranet.hhs.gov/infosec/docs/policies_guides/ISPPM/Infosec_Program_Privacy_Policy_memo.doc

Plan of Action and Milestones (POA&M) Guide:
http://intranet.hhs.gov/infosec/docs/policies_guides/POAM/poam_toc.html

HHS PIA Policy:
http://www.hhs.gov/ocio/policy/20090001.001.html

The HHS PIA Guide:
http://intranet.hhs.gov/infosec/docs/policies_guides/PIA/PIA_TOC.htm

NIH PIA Guide:
http://oma.od.nih.gov/ms/privacy/NIHPIAGuide.doc

NIH PIA Training Presentation:
Color - http://oma.od.nih.gov/ms/privacy/Training2008.ppt
Black and White - http://oma.od.nih.gov/ms/privacy/Training2008bw.ppt

NIH Manual 1745-1 - NIH Privacy Impact Assessments:
http://www3.od.nih.gov/oma/manualchapters/management/1745-1/

SPORT Tool Information and Links:
https://ocio.nih.gov/nihonly/security/ProSight-FISMA-info.htm


Web Privacy

Privacy Act of 1974 (5 U.S.C. Section 552a, as amended):
http://www.usdoj.gov/oip/privstat.htm
http://www.usdoj.gov/oip/04_7_1.html

The E-Government Act of 2002 (see Title II, Section 208 for privacy provisions):
http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ347.107.pdf

Children’s Online Privacy Protection Act (COPPA) of 1998:
http://www.ftc.gov/ogc/coppa1.htm

NIH Manual Chapter 2805 – NIH Web Page Privacy Policy
http://www3.od.nih.gov/oma/manualchapters/management/2805/

NIH Manual Chapter 1825 – Information Collection From the Public
http://www1.od.nih.gov/oma/manualchapters/management/1825

NIH Privacy Act Notification - Criteria and Sample Statements:
http://oma.od.nih.gov/ms/privacy/NSCriteria.doc

NIH Information Technology General Rules of Behavior:
http://ocio.nih.gov/security/nihitrob.html

NIH Office of the Chief Information Officer:
http://ocio.nih.gov

NIH Encryption Web Page:
http://ocio.nih.gov/security/HHS_Encrypt_Policy_Guidance_Tools.html


Homeland Security Presidential Directive (HSPD) - 12

Homeland Security Presidential Directive-12:
http://www.whitehouse.gov/news/releases/2004/08/20040827-8.html

Federal Information Processing Standards Publication 201-1 (FIPS 201):
http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf

NIH HSPD-12 Website:
http://enterprisearchitecture.nih.gov/About/Approach/HSPD12TechnicalCoordination.htm http://enterprisearchitecture.nih.gov/About/NewsEvents/News/HSPD12April07.htm

Office of Research Services - Division of Personnel Security and Access Control:
http://ser.ors.od.nih.gov/div_personnelAccess.htm

Office of Research Services - Division of Physical Security Management:
http://ser.ors.od.nih.gov/physical_security.htm

Personal Identification Verification Process:
http://security.nih.gov/PIV/index.htm


Federal Information Security Management Act and Agency Privacy Management (FISMA)

White House E-Government Act Website:
http://www.whitehouse.gov/omb/egov/

The E-Government Act of 2002 (see Title III):
http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ347.107.pdf

Federal Information Security Management Act 2002, Title III, the full text:
http://csrc.nist.gov/drivers/documents/FISMA-final.pdf

Privacy Act of 1974 (5 U.S.C. Section 552a, as amended):
http://www.usdoj.gov/oip/privstat.htm
http://www.usdoj.gov/oip/04_7_1.html

Report to Congress on the Benefits of the E-Government Initiatives:
http://www.whitehouse.gov/omb/egov/g-10-Section_841.html

OMB Memorandum M-03-22 issued in September 2003:
http://www.whitehouse.gov/omb/memoranda/m03-22.html

OMB Memorandum M-05-15 issued in June 2005:
http://www.whitehouse.gov/omb/memoranda/fy2005/m05-15.html

OMB Memorandum M-06-15 issued in May 2006:
http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-15.pdf

OMB Memorandum M-07-19 issued in July 2007:
http://www.whitehouse.gov/omb/memoranda/fy2007/m07-19.pdf

NIH, HHS, and Federal Privacy Act Systems of Records Notices (SORNs):
http://oma.od.nih.gov/ms/privacy/pa-files/read02systems.htm

NIH Manual 1745 - Information Technology (IT) Privacy Program:
https://www3.od.nih.gov/oma/manualchapters/management/1745/

NIH IT General Rules of Behavior:
http://ocio.nih.gov/security/nihitrob.html


Breach Response

Privacy Act of 1974 (5 U.S.C. Section 552a, as amended):
http://www.usdoj.gov/oip/privstat.htm
http://www.usdoj.gov/oip/04_7_1.html

OMB Memorandum M-05-08, "Designation of Senior Agency Officials for Privacy,":
http://www.whitehouse.gov/omb/memoranda/fy2005/m05-08.pdf

OMB M-06-15 issued in May 2006:
http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-15.pdf

OMB M-06-16 issued in June 2006:
http://www.whitehouse.gov/omb/memoranda/fy2006/m06-16.pdf

OMB Memorandum, "Recommendations for Identity Theft Related Data Breach Notification,":
http://www.whitehouse.gov/omb/memoranda/fy2006/task_force_theft_memo.pdf

OMB M-06-19 issued in July 2006:
http://www.whitehouse.gov/omb/memoranda/fy2006/m-06-19.pdf

OMB M-07-16 issued in May 2006:
http://www.whitehouse.gov/omb/memoranda/fy2007/m07-16.pdf

OMB M-08-09 issued in January 2008:
http://www.whitehouse.gov/omb/memoranda/fy2008/m08-09.pdf

US-CERT:
http://www.us-cert.gov/

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-30, "Risk Management Guide for Information Technology Systems,":
http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, "Recommended Security Controls for Federal Information Systems,":
http://csrc.nist.gov/publications/nistpubs/800-53-Rev1/800-53-rev1-final-clean-sz.pdf

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-60:
http://csrc.nist.gov/publications/nistpubs/800-60-rev1/SP800-60_Vol1-Rev1.pdf

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61, "Computer Security Incident Handling Guide,":
http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf

HHS Incident Management and Response Website:
http://www.hhs.gov/ocio/securityprivacy/incidentmanagement/incidentresp.html

HHS Secure One Incident Management Website:
http://intranet.hhs.gov/infosec/incident_management.html

HHS Policy for Responding to Breaches of Personally Identifiable Information (PII):
http://www.hhs.gov/ocio/policy/2008-0001.003.html

HHS: Breach Response Team Charter:
http://intranet.hhs.gov/infosec/docs/incident_mgmt/Breach_Response_Team_Charter/Breach_Response_Team_Charter_toc.htm

HHS IRM Policy for Establishing an Incident Response Capability:
http://www.hhs.gov/ocio/policy/2000-0006.html

HHS Information Security Program Policy:
http://intranet.hhs.gov/infosec/docs/policies_guides/ISPP/isp_toc.htm

HHS Response to OMB M-07-16:
http://www.hhs.gov/ocio/securityprivacy/hhs_response_plan_to_m0716_070919_new.pdf

HHS Memorandum ISP-2007-005, “Departmental Standard for the Definition of Sensitive Information,”:
http://intranet.hhs.gov/infosec/policies_memos.html

NIH Office of the Chief Information Officer:
http://ocio.nih.gov

NIH Encryption Web Page:
http://ocio.nih.gov/security/HHS_Encrypt_Policy_Guidance_Tools.html

NIH ISSO Corner:
http://ocio.nih.gov/security/security-isso.htm

NIH IT Incident Response and Prevention:
http://ocio.nih.gov/security/security-isso.htm


Training Resources

OMB Memorandum M-07-19 issued in July 2007:
http://www.whitehouse.gov/omb/memoranda/fy2007/m07-19.pdf

HHS Security Education and Awareness Website:
http://intranet.hhs.gov/infosec/education.html

Federal Trade Commission Identity Theft Website:
http://www.ftc.gov/idtheft

Mandatory Online NIH Informatoin Security and Privacy Awareness Training:
http://irtsectraining.nih.gov

NIH PIA Training Presentation:
Color - http://oma.od.nih.gov/ms/privacy/Training2008.ppt
Black and White - http://oma.od.nih.gov/ms/privacy/Training2008bw.ppt

NIH Office of the Chief Information Officer:
http://ocio.nih.gov

NIH Encryption Web Page:
http://ocio.nih.gov/security/HHS_Encrypt_Policy_Guidance_Tools.html

Return to the top

 

 

National Institutes of Health OMA Home

Last updated on:
March 24, 2009

National Institutes of Health
OMA Disclaimer & Privacy Notice