Office of the Chief Information Officer

United States Department of Agriculture

Policy and Directives (PD)

Ensuring USDA Information and Systems Remain Secure

 

Policy and Directives (PD) provides a portfolio of services that help USDA agencies maintain compliance with their security requirements. 

What We Do

PD improves the USDA’s security posture by assuring the protection, confidentiality, integrity, and availability of information and information systems with:

Security Assessment and Authorization (SA&A) Process Management—PD administers the process for authorizing USDA systems to operate. This process incorporates guidance from NIST Special Publication 800-37 (Revision 1), mandatory FIPS requirements (from Publications 199 and 200), and enhancements that address the unique characteristics of the USDA environment.

Each USDA system must complete the SA&A process every three years (or sooner if major upgrades or changes are implemented). Once systems are authorized to operate, they must maintain and continually assess a prescribed set of security controls as part of the continuous monitoring  efforts, per OMB (M-11-33), DHS/FNS, and NIST.

Cyber Security Policy—PD maintains and administers USDA’s Cyber Security Policy—a detailed set of standards, specifications, and other requirements for protecting the Department’s information, systems, and networks. The policy defines comprehensive, integrated security criteria for authorizing USDA systems and ensuring they operate within an acceptable level of risk.

The implementation of management, operational, and technical policies supports the Cyber Security Policy Program in protecting the confidentiality, integrity, and availability of the Department’s information as it is collected, processed, transmitted, stored, or disseminated.

Security Compliance and Risk Management—PD is responsible for supporting and enhancing agency compliance with federal security requirements. It facilitates an aggressive compliance with strategy, training for IT professionals, automated compliance tools, and reporting capabilities.

Contingency Planning Compliance—PD supports and strengthens compliance with federal security contingency planning requirements. It maintains an aggressive strategy for ensuring the recoverability of USDA systems, data centers, and network infrastructure. PD strongly recommends that all agencies develop and periodically test their contingency plans to ensure the continuity of critical missions and business functions. 

Security Awareness Training and Education—This program ensures that all USDA employees and contractors complete Information Security Awareness Training (ISA) on an annual basis.  Employees and contractors who have Significant Information Security Responsibilities (SISR) are required to receive role-based training. This advanced, role-based training function ensures that USDA has the trained professionals it needs to combat emerging security trends and threats.

Recent Accomplishment

5th Annual USDA Cyber Security 2012 Expo

Contact Information

Contact us at Cyber.Communication@ocio.usda.gov, if you have any questions.