Skip Navigation

Policy, Guidance, Legislation and Reports

The HHS-OCIO Policy for Information Systems Security and Privacy, signed July 7, 2011, establishes a baseline for security and privacy policies across the Department. The Policy includes a set of Department policies that apply to all Operating Division (OPDIV) and Staff Division (STAFFDIV) personnel, contractors, and other authorized users. OPDIVs can exceed these standards, but must consistently apply at least the minimum policies outlined by the Department.

Such policies support HHS compliance with the Federal Information and Security Management Act (FISMA) also known as Title III of the E-Government Act of 2002. HHS complies with the Office of Management and Budget (OMB) reporting regulations for FISMA and Agency Privacy Management requirements for annual review of the certification and accreditation status of contractor and government systems.

IT Security and Privacy Policy

U.S. Legislation

Office of Management and Budget Circulars

Security Reports