HHS Home > OCIO Home > IT Security & Privacy > Policy, Guidance, Legislation and Reports

Policy, Guidance, Legislation and Reports

The HHS-OCIO Policy for Information Systems Security and Privacy, signed July 7, 2011, establishes a baseline for security and privacy policies across the Department. The Policy includes a set of Department policies that apply to all Operating Division (OPDIV) and Staff Division (STAFFDIV) personnel, contractors, and other authorized users. OPDIVs can exceed these standards, but must consistently apply at least the minimum policies outlined by the Department.

Such policies support HHS compliance with the Federal Information and Security Management Act (FISMA) also known as Title III of the E-Government Act of 2002. HHS complies with the Office of Management and Budget (OMB) reporting regulations for FISMA and Agency Privacy Management requirements for annual review of the certification and accreditation status of contractor and government systems.

IT Security and Privacy Policy

HHS - OCIO Policy for Information Systems Security and Privacy

U.S. Legislation

E-Government Act of 2002 (U.S. Office of Management and Budget)
Clinger-Cohen Act of 1996 (Chief Information Officers Council)
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) (CMS)
Computer Fraud and Abuse Act of 1986 (PDF - 24.6 KB) (Department of Energy)
Electronic Communications Privacy Act of 1986 (TXT - 100 KB) (Department of Energy)
Overview of The Privacy Act of 1974, May 2004 (Department of Justice)

Office of Management and Budget Circulars

Circular A-130 (Office of Management and Budget)
Circular A-130, Appendix III (Office of Management and Budget)

Security Reports

OMB FISMA Annual Report to Congress (The White House)
GAO Security Report (Government Accountability Office)