Skip Navigation
  • Text Size: A A A
  • Print
  • Email
  • Facebook
  • Tweet
  • Share

HHS OCIO Policies, Standards and Charters

 

 

 

Policy is defined as the "what" and the "when" whereas Procedure is defined as the "how".

Oversight groups (the President; Congress; Office of Management and Budget (OMB); General Services Agency (GSA); Office of Personnel Management (OPM); etc.) set the standards, the goal, the expectations that all Cabinet-Level Departments and their equivalents are to meet.

The delta between where a Department is from that oversight-set goal, that expectation; that is the Department's Policy on "what" and "when" activities must occur in order to achieve progress towards that set goal.

The HTML links below will take you to the Policy, Standard, or Charter listed.  If you would like to view a summary of all the documents shown below, please click here: OCIO Summary Page.


POLICIES [33 Total]

 

Capital Planning and Investment Control [4 Policies]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
HHS OCIO Policy for Information Technology (IT) Enterprise Performance Life Cycle (EPLC)2008-0004.00110/06/2008HTML[DOC- 206KB] 

HHS Policy for IT Capital Planning and Investment Control (CPIC)

See Procedures Section for CPIC Procedures Document and its related Appendices Document

2010-000202/26/2010HTML[DOC- 280KB]
HHS IRM Policy for Conducting Information Technology Alternatives Analysis2003-000206/13/2003HTML[DOC- 121KB]
Enterprise Architecture [10 Policies]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
Policy for Management of the Enterprise IT System Inventory2009-000407/28/2009HTML[DOC - 153KB]
HHS-OCIO IT Policy for Enterprise Architecture (EA)2008-0003.00108/07/2008HTML[DOC - 269 KB]
CIO Roles and Responsibilities – Circular No. IRM-101 03/1999HTML[DOC - 495KB]
HHS-OCIO IT Policy for Networx Program Designated Agency Representatives2010-000506/10/2010HTML[DOC - 310KB]
HHS-OCIO IT Policy for HHS Mail Change Management2006-000203/02/2006HTML [DOC- 700KB]
HHS IRM Policy for Government Emergency Telecommunication System Cards Ordering, Usage and Termination2002-000111/25/2002HTML[DOC- 146KB]
HHS IRM Policy for Directory Services Using LDAP2000-001201/08/2001HTML[DOC- 84KB]
HHS IRM Policy for Active Directory2000-001001/08/2001HTML[DOC- 75KB]
Use of Broadcast Messages, Spamming and Targeted Audiences2000-000401/08/2001HTML[DOC- 103KB]

Policy for Electronic Stewardship

Appendix A

Appendix B

2011-0002.0016/15/2011

HTML

HTML Appendix A

HTML Appendix B

[DOC - 97.6KB]

[DOC Appendix A -58.5KB]

[DOC Appendix B - 53.5KB]

Information Collection [No Current Policies]
OCIO Policy Development and Review Process [5 Policies]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
HHS-OCIO Policy for Managing the Use of Third-Party Websites and Applications2013-00014/10/2013HTML[DOC - 89KB]
HHS Policy for IT Policy Development2006-000411/28/2006HTML[DOC - 224KB]
HHS OCIO Policy for E-Gov. Forms2006-000306/07/2006HTML[DOC- 700KB]
HHS IRM Policy For Comments From And Responses To Operating Divisions On Newly Developed Policies and CIO Council and ITIRB Clearance Documents2003-000102/14/2003HTML[DOC- 92KB]
IT Security and Privacy [8 Policies]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
HHS Policy for Personal Use of IT Resources2013-00048/01/2013HTML 
HHS Information Sharing Environment (ISE) Privacy Policy2013-00025/29/2013 [PDF - 634KB]
HHS - Policy for IT Security and Privacy Incident Reporting and Response2010-00044/05/2010HTML[DOC - 208KB]
HHS-OCIO-2010-0001 Policy for Machine-Readable Privacy2010-00011/28/2010HTML[DOC - 228 KB]
HHS - OCIO Policy for Information Systems Security and Privacy2011-00037/07/2011HTML[DOC - 483KB]
HHS Policy for Privacy Impact Assessments (PIA)2009-0002.0012/09/2009HTML[DOC - 258KB]
HHS Policy for Responding to Breaches of Personally Identifiable
Information (PII)
2008-0001.003 HTML[DOC - 181KB]
HHS IRM Policy for Prevention, Detection, Removal and Reporting of Malicious Software2000-000701/08/2001HTML[DOC- 125KB]
HHS IRM Policy for IT Security for Remote Access2000-000501/08/2001HTML[DOC- 96KB]
Implementation of OMB M-10-22 and M-10-23 12/21/2010HTML[DOC - 125KB]
Records Management [3 Policies]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
HHS Policy for Records Management for E-mails2008-0002.00105/15/2008HTML[DOC - 230KB]
HHS Policy for Records Management2007-0004.00101/30/2008HTML[DOC - 227KB]

HHS Policy for Records Holds

 1/20/2011HTML[DOC - 182KB]
 
508 Policies [1 Policy]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
HHS Policy for Section 508 Electronic and Information Technology (EIT) January 2005HTML 
 
Web Policies [1 Policy]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
HHS Policy for Internet Domain NamesWEB-2005-0106/13/2005HTML 
Health and Human Services Domain IT PMO [1 Guidance Memo]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
Guidance for Purchasing Noncommercial Computer Software and “Open Source” Licenses 01/12/2012 HTML[DOC - 91.0KB]

PROCEDURES AND APPENDICES
Procedures and Appendices are available for CPIC and EVM at the HHS intranet site for authorized users.


STANDARDS [10 Total]

IT Security and Privacy [10 Standards]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
HHS Standard for Plans of Action and Milestones2012-0001.001S11/28/12HTMLDOC
HHS-OCIO Standard for Security Content Automation Protocol (SCAP)-Compliant Tools

2010-0001.001S

6/8/2010

HTML[DOC - 42KB]
HHS-OCIO Standard for IEEE 802.11 WLAN2009-0003.001S07/27/2009HTML[DOC - 40KB]
HHS-OCIO Standard for Encryption Language in HHS Contracts2009-0002.001S01/30/2009HTML[DOC - 40KB]
HHS-OCIO Standard for Security Configurations Language in HHS Contracts2009-0001.001S01/30/2009HTML[DOC- 45KB]
HHS Standard for FISMA Inventory Management 2008-0006.001S12/23/2008HTML[DOC - 54KB]
HHS Standard for the Segregation of Development/Test Environments from Production2008-0003.002S08/07/2008HTML[DOC - 40KB]
HHS Standard for Managing Outbound Web Traffic2008-0002.003S06/06/2008HTML[DOC - 37KB]
Rules of Behavior for Use of HHS Information Resources2013-0003.003S07/24/2013HTML[DOC - 73KB]

CHARTERS [9 Total]
DescriptionNumberDate IssuedHTML DocumentWord Document
Enterprise Architecture [3 Charter]
CIO Council Charter2007-0001.001C06/27/2007 HTML[DOC - 463KB]
HHS Trusted Internet Connection Access Provider (TICAP) Steering Committee Charter2008.0002.001C06/23/2008HTML 
Department of Health and Human Services Chief Technology Officer (CTO) Council Charter2011-0001.001C01/20/2011HTML [DOC - 144KB]
Records Management[1 Charter]
Records Management Council Charter2007-0002.001C08/21/2007HTML[DOC - 159KB]
 IT Security and Privacy[1 Charter]
 Privacy Incident Response Team (PIRT) Charter2010-0001.001C1/06/2011HTML[DOC - 160 KB]
Capital Planning and Investment Control[1 Charter]
Department of Health and Human Services Charter for the Enterprise Performance Life Cycle Change Control Board2010-002C04/22/2010 HTML[DOC - 204 KB]
Health and Human Services Domain IT PMO [1 Charter]
HHS Health and Human Services Domain IT Steering Committee Charter2011-0001.002C09/28/2011 HTML[DOC - 79.8KB]

Content last reviewed on February 17, 2014