HHS IT Policy Archive

Disclaimer: Unlinked policies are deemed sensitive and not made available to the public.

View ZIP version of Agency IT Policy Archive

Policy Name Effective Date Policy Number
HHS Data Center Optimization Multi-Year Plan 2023-2026 October 31, 2023 N/A
Policy for Privacy Impact Assessments September 2023 HHS-OCIO-OIS-2023-09-005
HHS Policy for Litigation Holds August 2023 HHS-OCIO-CDO-2023-08-004
HHS Policy For Data Loss Prevention May 2023 HHS-OCIO-OIS-2022-05-003
HHS Policy for Rules of Behavior for Use of Information and IT Resources February 2023 HHS-OCIO-OIS-2023-02-002
HHS IRM Policy for Comments from and Responses to Operating Divisions on Newly Developed policies and CIO Council and ITIRB Clearance Documents February 2003 HHS-IRM-2003-0001
HHS Policy for the Common Data Use Agreement (DUA) Structure and Repository January 2023 HHS-OCIO-CDO-2023-01-001
HHS Policy for Encryption of Computing Devices and Information December 2022 HHS-OCIO-OIS-2022-12-001
HHS Policy for Securing Artificial Intelligence (AI) Technology December 2021 HHS-OCIO-OIS-2021-12-007
HHS Policy for Information Security and Privacy Protection November 2021 HHS-OCIO-OIS-2021-11-006
HHS Policy for Information Technology Portfolio Management (PfM) September 2021 HHS-OCIO-OES-2021-09-005
HHS Policy For The Transition To Internet Protocol Version 6 (Ipv6) August 2021 HHS-OCIO-OES-2021-08-004
HHS Policy for the Implementation of DHS Directive on Vulnerability Disclosure May 2021 HHS-OCIO-OIS-2021-05-003
Complete Transition to IPv6 Memorandum April 2021 N/A
HHS Policy for the Implementation of Trusted Internet Connections (TIC) March 2021 HHS-OCIO-OIS-2021-03-002
HHS Policy for Information Technology Procurements - Security And Privacy Language March 2021 HHS-OCIO-OIS-2021-03-001
HHS Policy for IT System Inventory Management December 2020 HHS-OCIO-OES-2020-12-011
HHS Policy for Cyber Supply Chain Risk Management August 2020 HHS-OCIO-OIS-2020-08-010
HHS Policy for Information Technology Asset Management (ITAM) August 2020 HHS-OCIO-OCPO-2020-08-008
HHS Policy for Vulnerability Management August 2020 HHS-OCIO-OIS-2020-08-009
HHS Policy for Section 508 Compliance and Accessibility of Information and Communications Technology (ICT) July 2020 HHS-OCIO-OES-2020-07-007
HHS Policy for Information Technology Acquisition Reviews (ITAR) June 2020 HHS-OCIO-OES-2020-06-006
HHS Policy for Implementing Electronic Mail (Email) Records Management May 2020 HHS-OCIO-PIM-2020-06-005
HHS Policy for Preparing for and Responding to a Breach of Personally Identifiable Information (PII) May 2020 HHS-OCIO-PIM-2020-05-003
HHS Policy for Records Management May 2020 HHS-OCIO-PIM-2020-06-004
HHS Policy for Domain Name System (DNS) and Domain Name System Security Extensions (DNSSEC) Services October 2019 HHS-OCIO-OIS-2019-11-011
HHS Policy for Internet and Email Security October 2019 HHS-OCIO-OIS-2019-10-009
HHS OIS High Value Asset Program Policy August 2019 HHS-OCIO-OES-2018-09-006
HHS Policy for Mobile Devices and Removable Media August 2019 HHS-OCIO-OIS-2019-09-0005
HHS Policy for Software Development Secure Coding Practices August 2019 HHS-OCIO-OES-2019-08-005
HHS Mobile Applications Privacy Policy September 2018 HHS-OCIO-PIM-2018-09-001
HHS IT Policy for Enterprise Performance Life Cycle November 2016 HHS-OCIO-2008-004.002
HHS OCIO Policy for Information Technology Capital Planning and Investment Control September 2016 HHS-OCIO-2016-CPIC-01
HHS OCIO Policy for Social Media Technologies March 2012 HHS-OCIO-2010-0003.1
HHS Policy for Electronic Stewardship June 2011 HHS-OCIO-2011-0002.001
HHS OCIO Policy for Networx Program Designated Agency Representatives June 2010 HHS-OCIO-2010-0005
HHS Policy for Enterprise Architecture August 2008 HHS-OCIO-2008-0003
HHS OCIO Policy for Information Technology Policy Development November 2006 HHS-OCIO-2006-0004
Content created by Office of the Chief Information Officer (OCIO)
Content last reviewed