Skip Navigation

HHS OCIO Policies, Standards and Charters

 

 

 

Policy is defined as the "what" and the "when" whereas Procedure is defined as the "how".

Oversight groups (the President; Congress; Office of Management and Budget (OMB); General Services Agency (GSA); Office of Personnel Management (OPM); etc.) set the standards, the goal, the expectations that all Cabinet-Level Departments and their equivalents are to meet.

The delta between where a Department is from that oversight-set goal, that expectation; that is the Department's Policy on "what" and "when" activities must occur in order to achieve progress towards that set goal.

The HTML links below will take you to the Policy, Standard, or Charter listed.  If you would like to view a summary of all the documents shown below, please click here:  OCIO Summary Page.


POLICIES [34 Total] 

Capital Planning and Investment Control [4 Policies]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
Policy for IT Performance Baseline Management2010-000711/22/2010HTML[DOC - 280KB]
HHS OCIO Policy for Information Technology (IT) Enterprise Performance Life Cycle (EPLC)2008-0004.00110/06/2008HTML[DOC - 206KB] 

HHS Policy for IT Capital Planning and Investment Control (CPIC)

See Procedures Section for CPIC Procedures Document and its related Appendices Document

2010-000202/26/2010HTML[DOC - 280KB]
HHS IRM Policy for Conducting Information Technology Alternatives Analysis2003-000206/13/2003HTML[DOC - 121KB]
Enterprise Architecture [11 Policies]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
Policy for Management of the Enterprise IT System Inventory2009-000407/28/2009HTML[DOC - 153KB]
HHS-OCIO IT Policy for Enterprise Architecture (EA)2008-0003.00108/07/2008HTML[DOC - 269 KB]
CIO Roles and Responsibilities – Circular No. IRM-101 03/1999HTML[DOC - 495KB]
HHS-OCIO IT Policy for Networx Program Designated Agency Representatives2010-000506/10/2010HTML[DOC - 310KB]
HHS-OCIO IT Policy for HHS Mail Change Management2006-000203/02/2006HTML [DOC - 700KB]
HHS IRM Policy for Government Emergency Telecommunication System Cards Ordering, Usage and Termination2002-000111/25/2002HTML[DOC- 146KB]
HHS IRM Policy for Directory Services Using LDAP2000-001201/08/2001HTML[DOC - 84KB]
HHS IRM Policy for Public Key Infrastructure (PKI); Certification Authority (CA)2000-001101/08/2001HTML[DOC - 92KB]
HHS IRM Policy for Active Directory2000-001001/08/2001HTML[DOC - 75KB]
Use of Broadcast Messages, Spamming and Targeted Audiences2000-000401/08/2001HTML[DOC - 103KB]

Policy for Electronic Stewardship

Appendix A

Appendix B

2011-0002.0016/15/2011

HTML

HTML Appendix A

HTML Appendix B

[DOC - 97.6KB]

[DOC Appendix A -58.5KB]

[DOC Appendix B - 53.5KB]

Information Collection [No Current Policies]
OCIO Policy Development and Review Process [5 Policies]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
HHS - OCIO Policy for Social Media Technologies2010-0003.13/07/2012HTML[DOC - 127KB]
HHS Policy for IT Policy Development2006-000411/28/2006HTML [DOC - 224KB]
HHS OCIO Policy for E-Gov. Forms2006-000306/07/2006HTML[DOC - 700KB]
HHS IRM Policy for Personal Use of Information Technology Resources2006-000102/17/2006HTML[DOC - 156KB]
HHS IRM Policy For Comments From And Responses To Operating Divisions On Newly Developed Policies and CIO Council and ITIRB Clearance Documents2003-000102/14/2003HTML[DOC - 92KB]
IT Security and Privacy [8 Policies]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
HHS - Policy for IT Security and Privacy Incident Reporting and Response2010-00044/05/2010HTML[DOC - 208KB]
HHS-OCIO-2010-0001 Policy for Machine-Readable Privacy2010-000101/28/2010HTML[DOC - 228 KB]
HHS - OCIO Policy for Information Systems Security and Privacy2011-000307/07/2011HTML[DOC - 483KB]
HHS Policy for Privacy Impact Assessments (PIA)2009-0002.00102/09/2009HTML[DOC - 258KB]
HHS Policy for Responding to Breaches of Personally Identifiable
Information (PII)
2008-0001.003 HTML[DOC - 181KB]
HHS IRM Policy for Prevention, Detection, Removal and Reporting of Malicious Software2000-000701/08/2001HTML[DOC - 125KB]
HHS IRM Policy for IT Security for Remote Access2000-000501/08/2001HTML[DOC - 96KB]
Implementation of OMB M-10-22 and M-10-23 12/21/2010HTML[DOC - 125KB]
Records Management [3 Policies]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
HHS Policy for Records Management for E-mails2008-0002.00105/15/2008HTML[DOC - 230KB]
HHS Policy for Records Management2007-0004.00101/30/2008HTML[DOC - 227KB]

HHS Policy for Records Holds

 1/20/2011HTML[DOC - 182KB]
 
508 Policies [1 Policy]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
HHS Policy for Section 508 Electronic and Information Technology (EIT) January 2005HTML 
 
Web Policies [1 Policy]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
HHS Policy for Internet Domain NamesWEB-2005-0106/13/2005HTML 
Health and Human Services Domain IT PMO [1 Guidance Memo]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
Guidance for Purchasing Noncommercial Computer Software and “Open Source” Licenses 01/12/2012 HTML[DOC - 91.0KB]

 

 

 

 

 

PROCEDURES AND APPENDICES
Procedures and Appendices are available for CPIC and EVM at the HHS intranet site for authorized users.


STANDARDS [10 Total]

IT Security and Privacy [10 Standards]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
HHS-OCIO Standard for Security Content Automation Protocol (SCAP)-Compliant Tools

2010-0001.001S

6/8/2010

HTML[DOC - 42KB]
HHS-OCIO Standard for IEEE 802.11 WLAN2009-0003.001S07/27/2009HTML[DOC - 40KB]
HHS-OCIO Standard for Encryption Language in HHS Contracts2009-0002.001S01/30/2009HTML[DOC - 40KB]
HHS-OCIO Standard for Security Configurations Language in HHS Contracts2009-0001.001S01/30/2009HTML[DOC- 45KB]
HHS Standard for Encryption2008-0007.001S12/23/2008HTML[DOC - 41KB]
HHS Standard for FISMA Inventory Management 2008-0006.001S12/23/2008HTML[DOC - 54KB]
HHS Standard for Plan of Action and Milestones2011-0010.001S3/30/2011HTML[DOC - 56KB]
HHS Standard for the Segregation of Development/Test Environments from Production2008-0003.002S08/07/2008HTML[DOC - 40KB]
HHS Standard for Managing Outbound Web Traffic2008-0002.003S06/06/2008HTML[DOC - 37KB]
HHS Rules of Behavior (For Use of Technology Resources and Information)2010-0002.001S08/26/2010HTML[DOC - 122KB]

CHARTERS [9 Total]
DescriptionNumberDate IssuedHTML DocumentWord Document
Enterprise Architecture [3 Charter]
CIO Council Charter2007-0001.001C06/27/2007 HTML[DOC - 463KB]
HHS Trusted Internet Connection Access Provider (TICAP) Steering Committee Charter2008.0002.001C06/23/2008HTML 
Department of Health and Human Services Chief Technology Officer (CTO) Council Charter2011-0001.001C01/20/2011HTML [DOC - 144KB]
Records Management [1 Charter]
Records Management Council Charter2007-0002.001C08/21/2007HTML[DOC - 159KB]
 IT Security and Privacy[1 Charter]
Personally Identifiable Information (PII) Breach Response Team (BRT) Charter2008.0001.003C11/17/2008HTML[DOC - 161 KB]
 Privacy Incident Response Team (PIRT) Charter2010-0001.001C1/06/2011HTML[DOC - 160 KB]
Capital Planning and Investment Control [1 Charter]
Department of Health and Human Services Charter for the Enterprise Performance Life Cycle Change Control Board2010-002C04/22/2010 HTML[DOC - 204 KB]
Health and Human Services Domain IT PMO [1 Charter]
HHS Health and Human Services Domain IT Steering Committee Charter2011-0001.002C09/28/2011 HTML[DOC - 79.8KB]

 

 

Policy is defined as the "what" and the "when" whereas Procedure is defined as the "how".

Oversight groups (the President; Congress; Office of Management and Budget (OMB); General Services Agency (GSA); Office of Personnel Management (OPM); etc.) set the standards, the goal, the expectations that all Cabinet-Level Departments and their equivalents are to meet.

The delta between where a Department is from that oversight-set goal, that expectation; that is the Department's Policy on "what" and "when" activities must occur in order to achieve progress towards that set goal.

The HTML links below will take you to the Policy, Standard, or Charter listed.  If you would like to view a summary of all the documents shown below, please click here:  OCIO Summary Page.


POLICIES [34 Total] 

Capital Planning and Investment Control [4 Policies]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
Policy for IT Performance Baseline Management2010-000711/22/2010HTML[DOC - 280KB]
HHS OCIO Policy for Information Technology (IT) Enterprise Performance Life Cycle (EPLC)2008-0004.00110/06/2008HTML[DOC - 206KB] 

HHS Policy for IT Capital Planning and Investment Control (CPIC)

See Procedures Section for CPIC Procedures Document and its related Appendices Document

2010-000202/26/2010HTML[DOC - 280KB]
HHS IRM Policy for Conducting Information Technology Alternatives Analysis2003-000206/13/2003HTML[DOC - 121KB]
Enterprise Architecture [11 Policies]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
Policy for Management of the Enterprise IT System Inventory2009-000407/28/2009HTML[DOC - 153KB]
HHS-OCIO IT Policy for Enterprise Architecture (EA)2008-0003.00108/07/2008HTML[DOC - 269 KB]
CIO Roles and Responsibilities – Circular No. IRM-101 03/1999HTML[DOC - 495KB]
HHS-OCIO IT Policy for Networx Program Designated Agency Representatives2010-000506/10/2010HTML[DOC - 310KB]
HHS-OCIO IT Policy for HHS Mail Change Management2006-000203/02/2006HTML [DOC - 700KB]
HHS IRM Policy for Government Emergency Telecommunication System Cards Ordering, Usage and Termination2002-000111/25/2002HTML[DOC- 146KB]
HHS IRM Policy for Directory Services Using LDAP2000-001201/08/2001HTML[DOC - 84KB]
HHS IRM Policy for Public Key Infrastructure (PKI); Certification Authority (CA)2000-001101/08/2001HTML[DOC - 92KB]
HHS IRM Policy for Active Directory2000-001001/08/2001HTML[DOC - 75KB]
Use of Broadcast Messages, Spamming and Targeted Audiences2000-000401/08/2001HTML[DOC - 103KB]

Policy for Electronic Stewardship

Appendix A

Appendix B

2011-0002.0016/15/2011

HTML

HTML Appendix A

HTML Appendix B

[DOC - 97.6KB]

[DOC Appendix A -58.5KB]

[DOC Appendix B - 53.5KB]

Information Collection [No Current Policies]
OCIO Policy Development and Review Process [5 Policies]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
HHS - OCIO Policy for Social Media Technologies2010-0003.13/07/2012HTML[DOC - 127KB]
HHS Policy for IT Policy Development2006-000411/28/2006HTML [DOC - 224KB]
HHS OCIO Policy for E-Gov. Forms2006-000306/07/2006HTML[DOC - 700KB]
HHS IRM Policy for Personal Use of Information Technology Resources2006-000102/17/2006HTML[DOC - 156KB]
HHS IRM Policy For Comments From And Responses To Operating Divisions On Newly Developed Policies and CIO Council and ITIRB Clearance Documents2003-000102/14/2003HTML[DOC - 92KB]
IT Security and Privacy [8 Policies]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
HHS - Policy for IT Security and Privacy Incident Reporting and Response2010-00044/05/2010HTML[DOC - 208KB]
HHS-OCIO-2010-0001 Policy for Machine-Readable Privacy2010-000101/28/2010HTML[DOC - 228 KB]
HHS - OCIO Policy for Information Systems Security and Privacy2011-000307/07/2011HTML[DOC - 483KB]
HHS Policy for Privacy Impact Assessments (PIA)2009-0002.00102/09/2009HTML[DOC - 258KB]
HHS Policy for Responding to Breaches of Personally Identifiable
Information (PII)
2008-0001.003 HTML[DOC - 181KB]
HHS IRM Policy for Prevention, Detection, Removal and Reporting of Malicious Software2000-000701/08/2001HTML[DOC - 125KB]
HHS IRM Policy for IT Security for Remote Access2000-000501/08/2001HTML[DOC - 96KB]
Implementation of OMB M-10-22 and M-10-23 12/21/2010HTML[DOC - 125KB]
Records Management [3 Policies]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
HHS Policy for Records Management for E-mails2008-0002.00105/15/2008HTML[DOC - 230KB]
HHS Policy for Records Management2007-0004.00101/30/2008HTML[DOC - 227KB]

HHS Policy for Records Holds

 1/20/2011HTML[DOC - 182KB]
Web Policies [1 Policy]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
HHS Policy for Internet Domain NamesWEB-2005-0106/13/2005HTML 
Health and Human Services Domain IT PMO [1 Guidance Memo]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
Guidance for Purchasing Noncommercial Computer Software and “Open Source” Licenses 01/12/2012 HTML[DOC - 91.0KB]

PROCEDURES AND APPENDICES
Procedures and Appendices are available for CPIC and EVM at the HHS intranet site for authorized users.


STANDARDS [10 Total]

IT Security and Privacy [10 Standards]
Document DescriptionDocument NumberIssue DateHTML FormatWord Document
HHS-OCIO Standard for Security Content Automation Protocol (SCAP)-Compliant Tools

2010-0001.001S

6/8/2010

HTML[DOC - 42KB]
HHS-OCIO Standard for IEEE 802.11 WLAN2009-0003.001S07/27/2009HTML[DOC - 40KB]
HHS-OCIO Standard for Encryption Language in HHS Contracts2009-0002.001S01/30/2009HTML[DOC - 40KB]
HHS-OCIO Standard for Security Configurations Language in HHS Contracts2009-0001.001S01/30/2009HTML[DOC- 45KB]
HHS Standard for Encryption2008-0007.001S12/23/2008HTML[DOC - 41KB]
HHS Standard for FISMA Inventory Management 2008-0006.001S12/23/2008HTML[DOC - 54KB]
HHS Standard for Plan of Action and Milestones2011-0010.001S3/30/2011HTML[DOC - 56KB]
HHS Standard for the Segregation of Development/Test Environments from Production2008-0003.002S08/07/2008HTML[DOC - 40KB]
HHS Standard for Managing Outbound Web Traffic2008-0002.003S06/06/2008HTML[DOC - 37KB]
HHS Rules of Behavior (For Use of Technology Resources and Information)2010-0002.001S08/26/2010HTML[DOC - 122KB]

CHARTERS [9 Total]
DescriptionNumberDate IssuedHTML DocumentWord Document
Enterprise Architecture [3 Charter]
CIO Council Charter2007-0001.001C06/27/2007 HTML[DOC - 463KB]
HHS Trusted Internet Connection Access Provider (TICAP) Steering Committee Charter2008.0002.001C06/23/2008HTML 
Department of Health and Human Services Chief Technology Officer (CTO) Council Charter2011-0001.001C01/20/2011HTML [DOC - 144KB]
Records Management [1 Charter]
Records Management Council Charter2007-0002.001C08/21/2007HTML[DOC - 159KB]
 IT Security and Privacy[1 Charter]
Personally Identifiable Information (PII) Breach Response Team (BRT) Charter2008.0001.003C11/17/2008HTML[DOC - 161 KB]
 Privacy Incident Response Team (PIRT) Charter2010-0001.001C1/06/2011HTML[DOC - 160 KB]
Capital Planning and Investment Control [1 Charter]
Department of Health and Human Services Charter for the Enterprise Performance Life Cycle Change Control Board2010-002C04/22/2010 HTML[DOC - 204 KB]
Health and Human Services Domain IT PMO [1 Charter]
HHS Health and Human Services Domain IT Steering Committee Charter2011-0001.002C09/28/2011 HTML[DOC - 79.8KB]