Incident Reporting, Policy and Incident Management Reference
In accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Rev. 4, HHS defines a computer security incident as “a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices.” If you suspect an information security or privacy related incident, please contact your OPDIV Chief Information Security Officer or the HHS Computer Security Incident Response Center (CSIRC). The HHS CSIRC can be reached at firstname.lastname@example.org or 866-646-7514.
The following HHS OCIO Policies and Incident Management resources are listed for your convenience.
HHS OCIO Policies, Standards and Charters
National Institution of Standards and Technology (NIST)
- NIST SP 800-53 Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations
- NIST SP 800-61 Rev. 2, Computer Security Incident Handling Guide
- NIST SP 800-72, Guidelines on PDA Forensics
- NIST SP 800-83, Guide to Malware Incident Prevention and Handling
- NIST SP 800-86, Guide to Integrating Forensic Techniques into Incident Response