Skip Navigation

Frequent Questions A-Z Index

  
www.hhs.gov

Email Updates E-mail subscriptions envelope Font Size Reduce Text Size Enlarge Text Size     Print Print     Download Reader PDF

HHS Home > OCIO Home > Policy

OCIO Home

About the OCIO

Enterprise Architecture

Policy

Capital Planning & Budget

Enterprise Performance Life Cycle

Resource Management

IT Security & Privacy

Records Management

Information Collection / Paperwork Reduction Act

IT Infrastructure and Operations

HHSD IT PMO

E-Government & President's Management Agenda

Plans & Reports

OCIO Site Map

ASA Home

HHS OCIO Policies, Standards and Charters

Policies, Standards, and Charters - Categories

Link to Historical Policies, Standards, Charters

 

Policy is defined as the "what" and the "when" whereas Procedure is defined as the "how".

Oversight groups (the President; Congress; Office of Management and Budget (OMB); General Services Agency (GSA); Office of Personnel Management (OPM); etc.) set the standards, the goal, the expectations that all Cabinet-Level Departments and their equivalents are to meet.

The delta between where a Department is from that oversight-set goal, that expectation; that is the Department's Policy on "what" and "when" activities must occur in order to achieve progress towards that set goal.

The HTML links below will take you to the Policy, Standard, or Charter listed.  If you would like to view a summary of all the documents shown below, please click here:  OCIO Summary Page.


POLICIES [34 Total] 

DescriptionNumberDate IssuedHTML DocumentWord Document
Capital Planning and Investment Control [4 Policies]
Policy for IT Performance Baseline Management2010-000711/22/2010HTML[DOC - 280KB]
HHS OCIO Policy for Information Technology (IT) Enterprise Performance Life Cycle (EPLC)2008-0004.00110/06/2008HTML[DOC - 206KB] 

HHS Policy for IT Capital Planning and Investment Control (CPIC)

See Procedures Section for CPIC Procedures Document and its related Appendices Document

2010-000202/26/2010HTML[DOC - 280KB]
HHS IRM Policy for Conducting Information Technology Alternatives Analysis2003-000206/13/2003HTML[DOC - 121KB]
Enterprise Architecture [11 Policies]
Policy for Management of the Enterprise IT System Inventory2009-000407/28/2009HTML[DOC - 153KB]
HHS-OCIO IT Policy for Enterprise Architecture (EA)2008-0003.00108/07/2008HTML[DOC - 269 KB]
CIO Roles and Responsibilities – Circular No. IRM-101 03/1999HTML[DOC - 495KB]
HHS-OCIO IT Policy for Networx Program Designated Agency Representatives2010-000506/10/2010HTML[DOC - 310KB]
HHS-OCIO IT Policy for HHS Mail Change Management2006-000203/02/2006HTML [DOC - 700KB]
HHS IRM Policy for Government Emergency Telecommunication System Cards Ordering, Usage and Termination2002-000111/25/2002HTML[DOC- 146KB]
HHS IRM Policy for Directory Services Using LDAP2000-001201/08/2001HTML[DOC - 84KB]
HHS IRM Policy for Public Key Infrastructure (PKI); Certification Authority (CA)2000-001101/08/2001HTML[DOC - 92KB]
HHS IRM Policy for Active Directory2000-001001/08/2001HTML[DOC - 75KB]
Use of Broadcast Messages, Spamming and Targeted Audiences2000-000401/08/2001HTML[DOC - 103KB]

Policy for Electronic Stewardship

Appendix A

Appendix B

2011-0002.0016/15/2011

HTML

HTML Appendix A

HTML Appendix B

[DOC - 97.6KB]

[DOC Appendix A -58.5KB]

[DOC Appendix B - 53.5KB]

Information Collection
OCIO Policy Development and Review Process [5 Policies]
HHS - OCIO Policy for Social Media Technologies2010-00033/31/2010HTML[DOC - 127KB]
HHS Policy for IT Policy Development2006-000411/28/2006HTML [DOC - 224KB]
HHS OCIO Policy for E-Gov. Forms2006-000306/07/2006HTML[DOC - 700KB]
HHS IRM Policy for Personal Use of Information Technology Resources2006-000102/17/2006HTML[DOC - 156KB]
HHS IRM Policy For Comments From And Responses To Operating Divisions On Newly Developed Policies and CIO Council and ITIRB Clearance Documents2003-000102/14/2003HTML[DOC - 92KB]
IT Security and Privacy [8 Policies]
HHS - Policy for IT Security and Privacy Incident Reporting and Response2010-00044/05/2010HTML[DOC - 208KB]
HHS-OCIO-2010-0001 Policy for Machine-Readable Privacy2010-000101/28/2010HTML[DOC - 228 KB]
HHS - OCIO Policy for Information Systems Security and Privacy2011-000307/07/2011HTML[DOC - 483KB]
HHS Policy for Privacy Impact Assessments (PIA)2009-0002.00102/09/2009HTML[DOC - 258KB]
HHS Policy for Responding to Breaches of Personally Identifiable
Information (PII)		2008-0001.00311/17/2008HTML[DOC - 181KB]
HHS IRM Policy for Prevention, Detection, Removal and Reporting of Malicious Software2000-000701/08/2001HTML[DOC - 125KB]
HHS IRM Policy for IT Security for Remote Access2000-000501/08/2001HTML[DOC - 96KB]
Implementation of OMB M-10-22 and M-10-23 12/21/2010HTML[DOC - 125KB]
 
Records Management [3 Policies]
HHS Policy for Records Management for E-mails2008-0002.00105/15/2008HTML[DOC - 230KB]

HHS Policy for Records Management

2007-0004.001

01/30/2008

HTML

[DOC - 227KB]

HHS Policy for Records Holds

 1/20/2011HTML[DOC - 182KB]
Section 508
Web Policies [1 Policy]
HHS Policy for Internet Domain NamesWEB-2005-0106/13/2005HTML 
Health and Human Services Domain IT PMO [1 Guidance Memo]
Guidance for Purchasing Noncommercial Computer Software and “Open Source” Licenses 01/12/2012 HTML[DOC - 91.0KB]


PROCEDURES AND APPENDICES
Procedures and Appendices are available for CPIC and EVM at the HHS intranet site for authorized users.


STANDARDS [10 Total]

DescriptionNumberDate IssuedHTML DocumentWord Document
IT Security and Privacy [10 Standards]
HHS-OCIO Standard for Security Content Automation Protocol (SCAP)-Compliant Tools

2010-0001.001S

6/8/2010

HTML[DOC - 42KB]
HHS-OCIO Standard for IEEE 802.11 WLAN2009-0003.001S07/27/2009HTML[DOC - 40KB]
HHS-OCIO Standard for Encryption Language in HHS Contracts2009-0002.001S01/30/2009HTML[DOC - 40KB]
HHS-OCIO Standard for Security Configurations Language in HHS Contracts2009-0001.001S01/30/2009HTML[DOC- 45KB]
HHS Standard for Encryption2008-0007.001S12/23/2008HTML[DOC - 41KB]
HHS Standard for FISMA Inventory Management 2008-0006.001S12/23/2008HTML[DOC - 54KB]
HHS Standard for Plan of Action and Milestones2011-0010.001S3/30/2011HTML[DOC - 56KB]
HHS Standard for the Segregation of Development/Test Environments from Production2008-0003.002S08/07/2008HTML[DOC - 40KB]
HHS Standard for Managing Outbound Web Traffic2008-0002.003S06/06/2008HTML[DOC - 37KB]
HHS Rules of Behavior (For Use of Technology Resources and Information)2010-0002.001S08/26/2010HTML[DOC - 122KB]
Enterprise Systems

CHARTERS [9 Total]
DescriptionNumberDate IssuedHTML DocumentWord Document
Enterprise Architecture [3 Charter]
CIO Council Charter2007-0001.001C06/27/2007 HTML[DOC - 463KB]
HHS Trusted Internet Connection Access Provider (TICAP) Steering Committee Charter2008.0002.001C06/23/2008HTML 
Department of Health and Human Services Chief Technology Officer (CTO) Council Charter2011-0001.001C01/20/2011HTML [DOC - 144KB]
Records Management [1 Charter]
Records Management Council Charter2007-0002.001C08/21/2007HTML[DOC - 159KB]
 IT Security and Privacy[1 Charter]
Personally Identifiable Information (PII) Breach Response Team (BRT) Charter2008.0001.003C11/17/2008HTML[DOC - 161 KB]
 Privacy Incident Response Team (PIRT) Charter2010-0001.001C1/06/2011HTML[DOC - 160 KB]
Capital Planning and Investment Control [1 Charter]
Department of Health and Human Services Charter for the Enterprise Performance Life Cycle Change Control Board2010-002C04/22/2010 HTML[DOC - 204 KB]
Health and Human Services Domain IT PMO [1 Charter]
HHS Health and Human Services Domain IT Steering Committee Charter2011-0001.002C09/28/2011 HTML[DOC - 79.8KB]

HHS Home | Questions? | Contacting HHS | Accessibility | Privacy Policy | FOIA | Disclaimers | Plain Writing Act | No FEAR Act | Viewers & Players
The White House | USA.gov | Inspector General | PaymentAccuracy.gov | HHS Archive | Environmental Justice

U.S. Department of Health & Human Services - 200 Independence Avenue, S.W. - Washington, D.C. 20201