Skip Navigation

Incident Reporting, Policy and Incident Management Reference

In accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61 ((NIST), 2008), HHS defines a computer security incident as “a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices.” If you suspect an information security or privacy related incident, please contact your OPDIV Chief Information Security Officer or the HHS Computer Security Incident Response Center (CSIRC). The HHS CSIRC can be reached at or 866-646-7514.  


The following HHS OCIO Policies and Incident Management resources are listed for your convenience.


HHS OCIO Policies, Standards and Charters


National Institution of Standards and Technology (NIST)