HHS IT Policy Archive

Disclaimer: Unlinked policies are deemed sensitive and not made available to the public.

View ZIP version of Agency IT Policy Archive

Policy NameEffective DatePolicy Number
HHS Policy for the Information Collection Clearance Process12/27/2024HHS-OCIO-OES-2024-12-008
HHS Policy for IT System Inventory Management11/22/2024HHS-OCIO-OES-2024-11-007
HHS Policy for Cybersecurity Access Control (AC)10/29/2024HHS-OCIO-OIS-2024-10-006
HHS Policy for Enterprise Architecture10/08/2024HHS-OCIO-OES-2024-10-005
HHS Policy for Risk-based Decisions07/12/2024HHS-OCIO-OIS-2024-07-004
HHS Policy for Internet and Email SecurityApril 2024HHS-OCIO-OIS-2024-04-003
HHS Policy for Cybersecurity Awareness and TrainingMarch 2024HHS-OCIO-OIS-2024-03-002
HHS Policy for Records ManagementFebruary 2024HHS-OCIO-CDO-2024-02-001
Policy for Privacy Impact AssessmentsSeptember 2023HHS-OCIO-OIS-2023-09-005
HHS Policy for Litigation HoldsAugust 2023HHS-OCIO-CDO-2023-08-004
HHS Policy For Data Loss PreventionMay 2023HHS-OCIO-OIS-2022-05-003
HHS Policy for Rules of Behavior for Use of Information and IT ResourcesFebruary 2023HHS-OCIO-OIS-2023-02-002
HHS IRM Policy for Comments from and Responses to Operating Divisions on Newly Developed policies and CIO Council and ITIRB Clearance DocumentsFebruary 2003HHS-IRM-2003-0001
HHS Policy for the Common Data Use Agreement (DUA) Structure and RepositoryJanuary 2023HHS-OCIO-CDO-2023-01-001
HHS Policy for Encryption of Computing Devices and InformationDecember 2022HHS-OCIO-OIS-2022-12-001
HHS Policy for Securing Artificial Intelligence (AI) TechnologyDecember 2021HHS-OCIO-OIS-2021-12-007
HHS Policy for Information Security and Privacy ProtectionNovember 2021HHS-OCIO-OIS-2021-11-006
HHS Policy for Information Technology Portfolio Management (PfM)September 2021HHS-OCIO-OES-2021-09-005
HHS Policy For The Transition To Internet Protocol Version 6 (Ipv6)August 2021HHS-OCIO-OES-2021-08-004
HHS Policy for the Implementation of DHS Directive on Vulnerability DisclosureMay 2021HHS-OCIO-OIS-2021-05-003
Complete Transition to IPv6 MemorandumApril 2021N/A
HHS Policy for the Implementation of Trusted Internet Connections (TIC)March 2021HHS-OCIO-OIS-2021-03-002
HHS Policy for Information Technology Procurements - Security And Privacy LanguageMarch 2021HHS-OCIO-OIS-2021-03-001
HHS Policy for Cyber Supply Chain Risk ManagementAugust 2020HHS-OCIO-OIS-2020-08-010
HHS Policy for Information Technology Asset Management (ITAM)August 2020HHS-OCIO-OCPO-2020-08-008
HHS Policy for Vulnerability ManagementAugust 2020HHS-OCIO-OIS-2020-08-009
HHS Policy for Section 508 Compliance and Accessibility of Information and Communications Technology (ICT)July 2020HHS-OCIO-OES-2020-07-007
HHS Policy for Information Technology Acquisition Reviews (ITAR)June 2020HHS-OCIO-OES-2020-06-006
HHS Policy for Preparing for and Responding to a Breach of Personally Identifiable Information (PII)May 2020HHS-OCIO-PIM-2020-05-003
HHS Policy for Domain Name System (DNS) and Domain Name System Security Extensions (DNSSEC) ServicesOctober 2019HHS-OCIO-OIS-2019-11-011
HHS OIS High Value Asset Program PolicyAugust 2019HHS-OCIO-OES-2018-09-006
HHS Policy for Mobile Devices and Removable MediaAugust 2019HHS-OCIO-OIS-2019-09-0005
HHS Policy for Software Development Secure Coding PracticesAugust 2019HHS-OCIO-OES-2019-08-005
HHS IT Policy for Enterprise Performance Life CycleNovember 2016HHS-OCIO-2008-004.002
HHS OCIO Policy for Information Technology Capital Planning and Investment ControlSeptember 2016HHS-OCIO-2016-CPIC-01
HHS OCIO Policy for Social Media TechnologiesMarch 2012HHS-OCIO-2010-0003.1
HHS Policy for Electronic StewardshipJune 2011HHS-OCIO-2011-0002.001
HHS OCIO Policy for Networx Program Designated Agency RepresentativesJune 2010HHS-OCIO-2010-0005
HHS OCIO Policy for Information Technology Policy DevelopmentNovember 2006HHS-OCIO-2006-0004
Content created by Office of the Chief Information Officer (OCIO)
Content last reviewed