Skip Navigation
  • Text Size: A A A
  • Print
  • Email
  • Facebook
  • Tweet
  • Share
  • Print
  • Email
  • Facebook
  • Tweet
  • Share

HHS OCIO Policies, Standards and Charters

Policy is defined as the "what" and the "when" whereas Procedure is defined as the "how".

Oversight groups (the President; Congress; Office of Management and Budget (OMB); General Services Agency (GSA); Office of Personnel Management (OPM); etc.) set the standards, the goal, the expectations that all Cabinet-Level Departments and their equivalents are to meet.

The delta between where a Department is from that oversight-set goal, that expectation; that is the Department's Policy on "what" and "when" activities must occur in order to achieve progress towards that set goal.

The HTML links below will take you to the Policy, Standard, or Charter listed.  If you would like to view a summary of all the documents shown below, please click here: OCIO Summary Page.


POLICIES [33 Total]

 

Capital Planning and Investment Control [4 Policies]
Document Description Document Number Issue Date HTML Format Word Document
HHS OCIO Policy for Information Technology (IT) Enterprise Performance Life Cycle (EPLC) 2008-0004.001 10/06/2008 HTML [DOC- 206KB] 

HHS Policy for IT Capital Planning and Investment Control (CPIC)

See Procedures Section for CPIC Procedures Document and its related Appendices Document

2010-0002 02/26/2010 HTML [DOC- 280KB]
HHS IRM Policy for Conducting Information Technology Alternatives Analysis 2003-0002 06/13/2003 HTML [DOC- 121KB]
Enterprise Architecture [11 Policies]
Document Description Document Number Issue Date HTML Format Word Document
Policy for Management of the Enterprise IT System Inventory 2009-0004 07/28/2009 HTML [DOC - 153KB]
HHS-OCIO IT Policy for Enterprise Architecture (EA) 2008-0003.001 08/07/2008 HTML [DOC - 269 KB]
CIO Roles and Responsibilities – Circular No. IRM-101   03/1999 HTML [DOC - 495KB]
HHS-OCIO IT Policy for Networx Program Designated Agency Representatives 2010-0005 06/10/2010 HTML [DOC - 310KB]
HHS-OCIO IT Policy for HHS Mail Change Management 2006-0002 03/02/2006 HTML  [DOC- 700KB]
HHS IRM Policy for Government Emergency Telecommunication System Cards Ordering, Usage and Termination 2002-0001 11/25/2002 HTML [DOC- 146KB]
HHS IRM Policy for Directory Services Using LDAP 2000-0012 01/08/2001 HTML [DOC- 84KB]
HHS IRM Policy for Public Key Infrastructure (PKI); Certification Authority (CA) 2000-0011 01/08/2001 HTML [DOC- 92KB]
HHS IRM Policy for Active Directory 2000-0010 01/08/2001 HTML [DOC- 75KB]
Use of Broadcast Messages, Spamming and Targeted Audiences 2000-0004 01/08/2001 HTML [DOC- 103KB]

Policy for Electronic Stewardship

Appendix A

Appendix B

2011-0002.001 6/15/2011

HTML

HTML Appendix A

HTML Appendix B

[DOC - 97.6KB]

[DOC Appendix A -58.5KB]

[DOC Appendix B - 53.5KB]

Information Collection [No Current Policies]
OCIO Policy Development and Review Process [5 Policies]
Document Description Document Number Issue Date HTML Format Word Document
HHS-OCIO Policy for Managing the Use of Third-Party Websites and Applications 2013-0001 4/10/2013 HTML [DOC - 89KB]
HHS Policy for IT Policy Development 2006-0004 11/28/2006 HTML [DOC - 224KB]
HHS OCIO Policy for E-Gov. Forms 2006-0003 06/07/2006 HTML [DOC- 700KB]
HHS IRM Policy For Comments From And Responses To Operating Divisions On Newly Developed Policies and CIO Council and ITIRB Clearance Documents 2003-0001 02/14/2003 HTML [DOC- 92KB]
IT Security and Privacy [8 Policies]
Document Description Document Number Issue Date HTML Format Word Document
HHS Policy for Personal Use of IT Resources 2013-0004 8/01/2013 HTML  
HHS Information Sharing Environment (ISE) Privacy Policy 2013-0002 5/29/2013   [PDF - 634KB]
HHS - Policy for IT Security and Privacy Incident Reporting and Response 2010-0004 4/05/2010 HTML [DOC - 208KB]
HHS-OCIO-2010-0001 Policy for Machine-Readable Privacy 2010-0001 1/28/2010 HTML [DOC - 228 KB]
HHS Policy for Privacy Impact Assessments (PIA) 2009-0002.001 2/09/2009 HTML [DOC - 258KB]
HHS Policy for Responding to Breaches of Personally Identifiable
Information (PII)
2008-0001.003   HTML [DOC - 181KB]
Implementation of OMB M-10-22 and M-10-23   12/21/2010 HTML [DOC - 125KB]

HHS Information Security and Privacy Policy (IS2P) – 2014 Edition. If you are having a problem obtaining a copy of this document, please email fisma@hhs.gov.

Records Management [3 Policies]
Document Description Document Number Issue Date HTML Format Word Document
HHS Policy for Records Management for E-mails 2008-0002.001 05/15/2008 HTML [DOC - 230KB]
HHS Policy for Records Management 2015-0004-002 11/25/2015 HTML  

HHS Policy for Records Holds

  1/20/2011 HTML [DOC - 182KB]

 

508 Policies [1 Policy]
Document Description Document Number Issue Date HTML Format Word Document
HHS Policy for Section 508 Electronic and Information Technology (EIT)   January 2005 HTML  

 

Web Policies [1 Policy]
Document Description Document Number Issue Date HTML Format Word Document
HHS Policy for Internet Domain Names WEB-2005-01 06/13/2005 HTML  
Health and Human Services Domain IT PMO [1 Guidance Memo]
Document Description Document Number Issue Date HTML Format Word Document
Guidance for Purchasing Noncommercial Computer Software and “Open Source” Licenses   01/12/2012  HTML [DOC - 91.0KB]

PROCEDURES AND APPENDICES
Procedures and Appendices are available for CPIC and EVM at the HHS intranet site for authorized users.


STANDARDS [10 Total]

IT Security and Privacy [10 Standards]
Document Description Document Number Issue Date HTML Format Word Document
HHS Standard for Plans of Action and Milestones 2012-0001.001S 11/28/12 HTML DOC
HHS-OCIO Standard for Security Content Automation Protocol (SCAP)-Compliant Tools

2010-0001.001S

6/8/2010

HTML [DOC - 42KB]
HHS-OCIO Standard for IEEE 802.11 WLAN 2009-0003.001S 07/27/2009 HTML [DOC - 40KB]
HHS-OCIO Standard for Encryption Language in HHS Contracts 2009-0002.001S 01/30/2009 HTML [DOC - 40KB]
HHS-OCIO Standard for Security Configurations Language in HHS Contracts 2009-0001.001S 01/30/2009 HTML [DOC- 45KB]
HHS Standard for FISMA Inventory Management  2008-0006.001S 12/23/2008 HTML [DOC - 54KB]
HHS Standard for the Segregation of Development/Test Environments from Production 2008-0003.002S 08/07/2008 HTML [DOC - 40KB]
HHS Standard for Managing Outbound Web Traffic 2008-0002.003S 06/06/2008 HTML [DOC - 37KB]
Rules of Behavior for Use of HHS Information Resources 2013-0003.003S 07/24/2013 HTML [DOC - 73KB]


CHARTERS [9 Total]

Description Number Date Issued HTML Document Word Document
Enterprise Architecture [3 Charter]
CIO Council Charter 2007-0001.001C 06/27/2007  HTML [DOC - 463KB]
HHS Trusted Internet Connection Access Provider (TICAP) Steering Committee Charter 2008.0002.001C 06/23/2008 HTML  
Department of Health and Human Services Chief Technology Officer (CTO) Council Charter 2011-0001.001C 01/20/2011 HTML  [DOC - 144KB]
Records Management[1 Charter]
Records Management Council Charter 2007-0002.001C 08/21/2007 HTML [DOC - 159KB]
 IT Security and Privacy[1 Charter]
 Privacy Incident Response Team (PIRT) Charter 2010-0001.001C 1/06/2011 HTML [DOC - 160 KB]
Capital Planning and Investment Control[1 Charter]
Department of Health and Human Services Charter for the Enterprise Performance Life Cycle Change Control Board 2010-002C 04/22/2010  HTML [DOC - 204 KB]
Health and Human Services Domain IT PMO [1 Charter]
HHS Health and Human Services Domain IT Steering Committee Charter 2011-0001.002C 09/28/2011  HTML [DOC - 79.8KB]

Content last reviewed on December 21, 2015