HHS OCIO Policies, Standards and Charters
Policy is defined as the "what" and the "when" whereas Procedure is defined as the "how".
Oversight groups (the President; Congress; Office of Management and Budget (OMB); General Services Agency (GSA); Office of Personnel Management (OPM); etc.) set the standards, the goal, the expectations that all Cabinet-Level Departments and their equivalents are to meet.
The delta between where a Department is from that oversight-set goal, that expectation; that is the Department's Policy on "what" and "when" activities must occur in order to achieve progress towards that set goal.
The HTML links below will take you to the Policy, Standard, or Charter listed. If you would like to view a summary of all the documents shown below, please click here: OCIO Summary Page.
Capital Planning and Investment Control [4 Policies] |
---|
Document Description | Document Number | Issue Date | HTML Format | Word Document |
---|---|---|---|---|
Policy for IT Performance Baseline Management | 2010-0007 | 11/22/2010 | HTML | [DOC - 280KB] |
HHS OCIO Policy for Information Technology (IT) Enterprise Performance Life Cycle (EPLC) | 2008-0004.001 | 10/06/2008 | HTML | [DOC - 206KB] |
HHS Policy for IT Capital Planning and Investment Control (CPIC) See Procedures Section for CPIC Procedures Document and its related Appendices Document | 2010-0002 | 02/26/2010 | HTML | [DOC - 280KB] |
HHS IRM Policy for Conducting Information Technology Alternatives Analysis | 2003-0002 | 06/13/2003 | HTML | [DOC - 121KB] |
Enterprise Architecture [11 Policies] |
---|
Document Description | Document Number | Issue Date | HTML Format | Word Document |
---|---|---|---|---|
Policy for Management of the Enterprise IT System Inventory | 2009-0004 | 07/28/2009 | HTML | [DOC - 153KB] |
HHS-OCIO IT Policy for Enterprise Architecture (EA) | 2008-0003.001 | 08/07/2008 | HTML | [DOC - 269 KB] |
CIO Roles and Responsibilities – Circular No. IRM-101 | 03/1999 | HTML | [DOC - 495KB] | |
HHS-OCIO IT Policy for Networx Program Designated Agency Representatives | 2010-0005 | 06/10/2010 | HTML | [DOC - 310KB] |
HHS-OCIO IT Policy for HHS Mail Change Management | 2006-0002 | 03/02/2006 | HTML | [DOC - 700KB] |
HHS IRM Policy for Government Emergency Telecommunication System Cards Ordering, Usage and Termination | 2002-0001 | 11/25/2002 | HTML | [DOC- 146KB] |
HHS IRM Policy for Directory Services Using LDAP | 2000-0012 | 01/08/2001 | HTML | [DOC - 84KB] |
HHS IRM Policy for Public Key Infrastructure (PKI); Certification Authority (CA) | 2000-0011 | 01/08/2001 | HTML | [DOC - 92KB] |
HHS IRM Policy for Active Directory | 2000-0010 | 01/08/2001 | HTML | [DOC - 75KB] |
Use of Broadcast Messages, Spamming and Targeted Audiences | 2000-0004 | 01/08/2001 | HTML | [DOC - 103KB] |
Policy for Electronic Stewardship Appendix A Appendix B | 2011-0002.001 | 6/15/2011 | [DOC - 97.6KB] [DOC Appendix A -58.5KB] [DOC Appendix B - 53.5KB] |
Information Collection [No Current Policies] |
---|
OCIO Policy Development and Review Process [5 Policies] |
---|
Document Description | Document Number | Issue Date | HTML Format | Word Document |
---|---|---|---|---|
HHS - OCIO Policy for Social Media Technologies | 2010-0003.1 | 3/07/2012 | HTML | [DOC - 127KB] |
HHS Policy for IT Policy Development | 2006-0004 | 11/28/2006 | HTML | [DOC - 224KB] |
HHS OCIO Policy for E-Gov. Forms | 2006-0003 | 06/07/2006 | HTML | [DOC - 700KB] |
HHS IRM Policy for Personal Use of Information Technology Resources | 2006-0001 | 02/17/2006 | HTML | [DOC - 156KB] |
HHS IRM Policy For Comments From And Responses To Operating Divisions On Newly Developed Policies and CIO Council and ITIRB Clearance Documents | 2003-0001 | 02/14/2003 | HTML | [DOC - 92KB] |
IT Security and Privacy [8 Policies] |
---|
Document Description | Document Number | Issue Date | HTML Format | Word Document |
---|---|---|---|---|
HHS - Policy for IT Security and Privacy Incident Reporting and Response | 2010-0004 | 4/05/2010 | HTML | [DOC - 208KB] |
HHS-OCIO-2010-0001 Policy for Machine-Readable Privacy | 2010-0001 | 01/28/2010 | HTML | [DOC - 228 KB] |
HHS - OCIO Policy for Information Systems Security and Privacy | 2011-0003 | 07/07/2011 | HTML | [DOC - 483KB] |
HHS Policy for Privacy Impact Assessments (PIA) | 2009-0002.001 | 02/09/2009 | HTML | [DOC - 258KB] |
HHS Policy for Responding to Breaches of Personally Identifiable Information (PII) | 2008-0001.003 | HTML | [DOC - 181KB] | |
HHS IRM Policy for Prevention, Detection, Removal and Reporting of Malicious Software | 2000-0007 | 01/08/2001 | HTML | [DOC - 125KB] |
HHS IRM Policy for IT Security for Remote Access | 2000-0005 | 01/08/2001 | HTML | [DOC - 96KB] |
Implementation of OMB M-10-22 and M-10-23 | 12/21/2010 | HTML | [DOC - 125KB] |
Records Management [3 Policies] |
---|
Document Description | Document Number | Issue Date | HTML Format | Word Document |
---|---|---|---|---|
HHS Policy for Records Management for E-mails | 2008-0002.001 | 05/15/2008 | HTML | [DOC - 230KB] |
HHS Policy for Records Management | 2007-0004.001 | 01/30/2008 | HTML | [DOC - 227KB] |
HHS Policy for Records Holds | 1/20/2011 | HTML | [DOC - 182KB] |
508 Policies [1 Policy] |
---|
Document Description | Document Number | Issue Date | HTML Format | Word Document |
---|---|---|---|---|
HHS Policy for Section 508 Electronic and Information Technology (EIT) | January 2005 | HTML |
Web Policies [1 Policy] |
---|
Document Description | Document Number | Issue Date | HTML Format | Word Document |
---|---|---|---|---|
HHS Policy for Internet Domain Names | WEB-2005-01 | 06/13/2005 | HTML |
Health and Human Services Domain IT PMO [1 Guidance Memo] |
---|
Document Description | Document Number | Issue Date | HTML Format | Word Document |
---|---|---|---|---|
Guidance for Purchasing Noncommercial Computer Software and “Open Source” Licenses | 01/12/2012 | HTML | [DOC - 91.0KB] |
PROCEDURES AND APPENDICES
Procedures and Appendices are available for CPIC and EVM at the HHS intranet site for authorized users.
IT Security and Privacy [10 Standards] |
---|
Document Description | Document Number | Issue Date | HTML Format | Word Document |
---|---|---|---|---|
HHS-OCIO Standard for Security Content Automation Protocol (SCAP)-Compliant Tools | 2010-0001.001S | 6/8/2010 | HTML | [DOC - 42KB] |
HHS-OCIO Standard for IEEE 802.11 WLAN | 2009-0003.001S | 07/27/2009 | HTML | [DOC - 40KB] |
HHS-OCIO Standard for Encryption Language in HHS Contracts | 2009-0002.001S | 01/30/2009 | HTML | [DOC - 40KB] |
HHS-OCIO Standard for Security Configurations Language in HHS Contracts | 2009-0001.001S | 01/30/2009 | HTML | [DOC- 45KB] |
HHS Standard for Encryption | 2008-0007.001S | 12/23/2008 | HTML | [DOC - 41KB] |
HHS Standard for FISMA Inventory Management | 2008-0006.001S | 12/23/2008 | HTML | [DOC - 54KB] |
HHS Standard for Plan of Action and Milestones | 2011-0010.001S | 3/30/2011 | HTML | [DOC - 56KB] |
HHS Standard for the Segregation of Development/Test Environments from Production | 2008-0003.002S | 08/07/2008 | HTML | [DOC - 40KB] |
HHS Standard for Managing Outbound Web Traffic | 2008-0002.003S | 06/06/2008 | HTML | [DOC - 37KB] |
HHS Rules of Behavior (For Use of Technology Resources and Information) | 2010-0002.001S | 08/26/2010 | HTML | [DOC - 122KB] |
CHARTERS [9 Total]
Description | Number | Date Issued | HTML Document | Word Document | ||
---|---|---|---|---|---|---|
Enterprise Architecture [3 Charter] | ||||||
CIO Council Charter | 2007-0001.001C | 06/27/2007 | HTML | [DOC - 463KB] | ||
HHS Trusted Internet Connection Access Provider (TICAP) Steering Committee Charter | 2008.0002.001C | 06/23/2008 | HTML | |||
Department of Health and Human Services Chief Technology Officer (CTO) Council Charter | 2011-0001.001C | 01/20/2011 | HTML | [DOC - 144KB] | ||
Records Management [1 Charter] | ||||||
Records Management Council Charter | 2007-0002.001C | 08/21/2007 | HTML | [DOC - 159KB] | ||
IT Security and Privacy[1 Charter] | ||||||
Personally Identifiable Information (PII) Breach Response Team (BRT) Charter | 2008.0001.003C | 11/17/2008 | HTML | [DOC - 161 KB] | ||
Privacy Incident Response Team (PIRT) Charter | 2010-0001.001C | 1/06/2011 | HTML | [DOC - 160 KB] | ||
Capital Planning and Investment Control [1 Charter] | ||||||
Department of Health and Human Services Charter for the Enterprise Performance Life Cycle Change Control Board | 2010-002C | 04/22/2010 | HTML | [DOC - 204 KB] | ||
Health and Human Services Domain IT PMO [1 Charter] | ||||||
HHS Health and Human Services Domain IT Steering Committee Charter | 2011-0001.002C | 09/28/2011 | HTML | [DOC - 79.8KB] | ||
|
|
Policy is defined as the "what" and the "when" whereas Procedure is defined as the "how".
Oversight groups (the President; Congress; Office of Management and Budget (OMB); General Services Agency (GSA); Office of Personnel Management (OPM); etc.) set the standards, the goal, the expectations that all Cabinet-Level Departments and their equivalents are to meet.
The delta between where a Department is from that oversight-set goal, that expectation; that is the Department's Policy on "what" and "when" activities must occur in order to achieve progress towards that set goal.
The HTML links below will take you to the Policy, Standard, or Charter listed. If you would like to view a summary of all the documents shown below, please click here: OCIO Summary Page.
Capital Planning and Investment Control [4 Policies] |
---|
Document Description | Document Number | Issue Date | HTML Format | Word Document |
---|---|---|---|---|
Policy for IT Performance Baseline Management | 2010-0007 | 11/22/2010 | HTML | [DOC - 280KB] |
HHS OCIO Policy for Information Technology (IT) Enterprise Performance Life Cycle (EPLC) | 2008-0004.001 | 10/06/2008 | HTML | [DOC - 206KB] |
HHS Policy for IT Capital Planning and Investment Control (CPIC) See Procedures Section for CPIC Procedures Document and its related Appendices Document | 2010-0002 | 02/26/2010 | HTML | [DOC - 280KB] |
HHS IRM Policy for Conducting Information Technology Alternatives Analysis | 2003-0002 | 06/13/2003 | HTML | [DOC - 121KB] |
Enterprise Architecture [11 Policies] |
---|
Document Description | Document Number | Issue Date | HTML Format | Word Document |
---|---|---|---|---|
Policy for Management of the Enterprise IT System Inventory | 2009-0004 | 07/28/2009 | HTML | [DOC - 153KB] |
HHS-OCIO IT Policy for Enterprise Architecture (EA) | 2008-0003.001 | 08/07/2008 | HTML | [DOC - 269 KB] |
CIO Roles and Responsibilities – Circular No. IRM-101 | 03/1999 | HTML | [DOC - 495KB] | |
HHS-OCIO IT Policy for Networx Program Designated Agency Representatives | 2010-0005 | 06/10/2010 | HTML | [DOC - 310KB] |
HHS-OCIO IT Policy for HHS Mail Change Management | 2006-0002 | 03/02/2006 | HTML | [DOC - 700KB] |
HHS IRM Policy for Government Emergency Telecommunication System Cards Ordering, Usage and Termination | 2002-0001 | 11/25/2002 | HTML | [DOC- 146KB] |
HHS IRM Policy for Directory Services Using LDAP | 2000-0012 | 01/08/2001 | HTML | [DOC - 84KB] |
HHS IRM Policy for Public Key Infrastructure (PKI); Certification Authority (CA) | 2000-0011 | 01/08/2001 | HTML | [DOC - 92KB] |
HHS IRM Policy for Active Directory | 2000-0010 | 01/08/2001 | HTML | [DOC - 75KB] |
Use of Broadcast Messages, Spamming and Targeted Audiences | 2000-0004 | 01/08/2001 | HTML | [DOC - 103KB] |
Policy for Electronic Stewardship Appendix A Appendix B | 2011-0002.001 | 6/15/2011 | [DOC - 97.6KB] [DOC Appendix A -58.5KB] [DOC Appendix B - 53.5KB] |
Information Collection [No Current Policies] |
---|
OCIO Policy Development and Review Process [5 Policies] |
---|
Document Description | Document Number | Issue Date | HTML Format | Word Document |
---|---|---|---|---|
HHS - OCIO Policy for Social Media Technologies | 2010-0003.1 | 3/07/2012 | HTML | [DOC - 127KB] |
HHS Policy for IT Policy Development | 2006-0004 | 11/28/2006 | HTML | [DOC - 224KB] |
HHS OCIO Policy for E-Gov. Forms | 2006-0003 | 06/07/2006 | HTML | [DOC - 700KB] |
HHS IRM Policy for Personal Use of Information Technology Resources | 2006-0001 | 02/17/2006 | HTML | [DOC - 156KB] |
HHS IRM Policy For Comments From And Responses To Operating Divisions On Newly Developed Policies and CIO Council and ITIRB Clearance Documents | 2003-0001 | 02/14/2003 | HTML | [DOC - 92KB] |
IT Security and Privacy [8 Policies] |
---|
Document Description | Document Number | Issue Date | HTML Format | Word Document |
---|---|---|---|---|
HHS - Policy for IT Security and Privacy Incident Reporting and Response | 2010-0004 | 4/05/2010 | HTML | [DOC - 208KB] |
HHS-OCIO-2010-0001 Policy for Machine-Readable Privacy | 2010-0001 | 01/28/2010 | HTML | [DOC - 228 KB] |
HHS - OCIO Policy for Information Systems Security and Privacy | 2011-0003 | 07/07/2011 | HTML | [DOC - 483KB] |
HHS Policy for Privacy Impact Assessments (PIA) | 2009-0002.001 | 02/09/2009 | HTML | [DOC - 258KB] |
HHS Policy for Responding to Breaches of Personally Identifiable Information (PII) | 2008-0001.003 | HTML | [DOC - 181KB] | |
HHS IRM Policy for Prevention, Detection, Removal and Reporting of Malicious Software | 2000-0007 | 01/08/2001 | HTML | [DOC - 125KB] |
HHS IRM Policy for IT Security for Remote Access | 2000-0005 | 01/08/2001 | HTML | [DOC - 96KB] |
Implementation of OMB M-10-22 and M-10-23 | 12/21/2010 | HTML | [DOC - 125KB] |
Records Management [3 Policies] |
---|
Document Description | Document Number | Issue Date | HTML Format | Word Document |
---|---|---|---|---|
HHS Policy for Records Management for E-mails | 2008-0002.001 | 05/15/2008 | HTML | [DOC - 230KB] |
HHS Policy for Records Management | 2007-0004.001 | 01/30/2008 | HTML | [DOC - 227KB] |
HHS Policy for Records Holds | 1/20/2011 | HTML | [DOC - 182KB] |
Web Policies [1 Policy] |
---|
Document Description | Document Number | Issue Date | HTML Format | Word Document |
---|---|---|---|---|
HHS Policy for Internet Domain Names | WEB-2005-01 | 06/13/2005 | HTML |
Health and Human Services Domain IT PMO [1 Guidance Memo] | ||||
---|---|---|---|---|
Document Description | Document Number | Issue Date | HTML Format | Word Document |
Guidance for Purchasing Noncommercial Computer Software and “Open Source” Licenses | 01/12/2012 | HTML | [DOC - 91.0KB] |
PROCEDURES AND APPENDICES Procedures and Appendices are available for CPIC and EVM at the HHS intranet site for authorized users. |
IT Security and Privacy [10 Standards] |
---|
Document Description | Document Number | Issue Date | HTML Format | Word Document |
---|---|---|---|---|
HHS-OCIO Standard for Security Content Automation Protocol (SCAP)-Compliant Tools | 2010-0001.001S | 6/8/2010 | HTML | [DOC - 42KB] |
HHS-OCIO Standard for IEEE 802.11 WLAN | 2009-0003.001S | 07/27/2009 | HTML | [DOC - 40KB] |
HHS-OCIO Standard for Encryption Language in HHS Contracts | 2009-0002.001S | 01/30/2009 | HTML | [DOC - 40KB] |
HHS-OCIO Standard for Security Configurations Language in HHS Contracts | 2009-0001.001S | 01/30/2009 | HTML | [DOC- 45KB] |
HHS Standard for Encryption | 2008-0007.001S | 12/23/2008 | HTML | [DOC - 41KB] |
HHS Standard for FISMA Inventory Management | 2008-0006.001S | 12/23/2008 | HTML | [DOC - 54KB] |
HHS Standard for Plan of Action and Milestones | 2011-0010.001S | 3/30/2011 | HTML | [DOC - 56KB] |
HHS Standard for the Segregation of Development/Test Environments from Production | 2008-0003.002S | 08/07/2008 | HTML | [DOC - 40KB] |
HHS Standard for Managing Outbound Web Traffic | 2008-0002.003S | 06/06/2008 | HTML | [DOC - 37KB] |
HHS Rules of Behavior (For Use of Technology Resources and Information) | 2010-0002.001S | 08/26/2010 | HTML | [DOC - 122KB] |
CHARTERS [9 Total]
Description | Number | Date Issued | HTML Document | Word Document |
---|---|---|---|---|
Enterprise Architecture [3 Charter] | ||||
CIO Council Charter | 2007-0001.001C | 06/27/2007 | HTML | [DOC - 463KB] |
HHS Trusted Internet Connection Access Provider (TICAP) Steering Committee Charter | 2008.0002.001C | 06/23/2008 | HTML | |
Department of Health and Human Services Chief Technology Officer (CTO) Council Charter | 2011-0001.001C | 01/20/2011 | HTML | [DOC - 144KB] |
Records Management [1 Charter] | ||||
Records Management Council Charter | 2007-0002.001C | 08/21/2007 | HTML | [DOC - 159KB] |
IT Security and Privacy[1 Charter] | ||||
Personally Identifiable Information (PII) Breach Response Team (BRT) Charter | 2008.0001.003C | 11/17/2008 | HTML | [DOC - 161 KB] |
Privacy Incident Response Team (PIRT) Charter | 2010-0001.001C | 1/06/2011 | HTML | [DOC - 160 KB] |
Capital Planning and Investment Control [1 Charter] | ||||
Department of Health and Human Services Charter for the Enterprise Performance Life Cycle Change Control Board | 2010-002C | 04/22/2010 | HTML | [DOC - 204 KB] |
Health and Human Services Domain IT PMO [1 Charter] | ||||
HHS Health and Human Services Domain IT Steering Committee Charter | 2011-0001.002C | 09/28/2011 | HTML | [DOC - 79.8KB] |