Cybersecurity

Information Security and Privacy Program

IT Security and Privacy Policies

• 2013-0002: HHS Information Sharing Environment (ISE) Privacy Policy (5/29/2013)
• 2010-0004: HHS - Policy for IT Security and Privacy Incident Reporting and Response (4/5/2010)
• 2009-0002.001: Policy for Privacy Impact Assessments (PIA) 
• Implementation of OMB M-10-22 and M-10-23 (2/21/2010) (HTML)
• Incident Reporting, Policy and Incident Management Reference
• HHS Information Security and Privacy Policy (IS2P) – 2014 Edition. If you are having a problem obtaining a copy of this document, please email fisma@hhs.gov
• Privacy Impact Assessments (PIAs) & Resources
• HHS-OCIO Policy for Social Media Technologies
• Personally Identifiable Information (PII) Breach Response Team (BRT) Policy

Standards

• 2009-0003.001S: HHS-OCIO Standard for IEEE 802.11 WLAN (7/27/2009) - DOC
• 2008-0006.001S: HHS Standard for FISMA Inventory Management (12/23/2008) - DOC
• Rules of Behavior for Use of HHS Information Resources

Charters

• 2010-0001.001C: Privacy Incident Response Team (PIRT) Charter (1/6/2011) (HTML)

Resources

• Cybersecurity Awareness Training Resources:
  1. Security Awareness and Training

• Role-Based Trainings Resources:
  RBT- IT Administrators
  1. Transcript Document for the Role Based for IT Administrators
  2. Incident Handling Checklist for IT Administrators
  3. Role-Based Training Reference list