NOAA / OCIO / IT Security Office / Policies, Regulations and Laws

Policies, Regulations and Laws

= External Link
= Link to document on this server
= Needs Acrobat Reader - click here

NOAA Policies

NAO 212-13, Information Technology Security Policy
NOAA 212-1300, (Final) IT Security Manual (3 parts) ( HTML)
NOAA's Rules of Behavior (HTML | | )
Personal Digital Assistant (PDA) Policy
NOAA Enterprise Messaging Guidelines
NOAA Web Policies
NOAA's IT Security Incident Reporting Form #47-43

Spam E-Mail Guidelines
Warning Banner Requirements

Federal Links

Department of Homeland Security
GAO Special Publications and Software
Chief Information Officers Council
NIST Computer Security Resource Center Special Publications
Implementation of HSPD-12 Policy for a Common Identification Stanard for Federal Employees and Contractors (OMB M05-24)

LAWS

Federal Information Security Management Act of 2002 (Title III of E-Gov P.L. 107-347)
Computer Security Act of 1987 (P.L. 100-235)

Computer Fraud and Abuse Act (P.L. 99-474)
Privacy Act (5 USC 552a)
Information Technology Management Reform Act (Clinger-Cohen), February 10, 1996
CFR Title 5, Part 2635, Section 704 "Use of Government Property"

Office of Management and Budget Regulations

Circular No. A-130, Management of Federal Information Resources
Appendix III to Circular A-130, "Security of Federal Automated Information Resources"
Synopsis of the A-130, Appendix III
Other OMB Circulars

Department of Commerce Policies

NOAA - Department of Commerce Intranet Proxy:
The Department of Commerce IT Security Policies are located on a non-NOAA network inaccessible from off NOAA sites. NOAA has implemented a web proxy to allow NOAA users access to Department intranet based documentation using NEMS authentication at:

Proxy Link to Department of Commerce IT Security Documentation

The proxy link will require you to accept a self-signed certificate for secure web access. The Certificate presented has the following attributes:

Issued By
Common Name (CN): access.portal.noaa.gov
Organization (O): NOAA.GOV
Organizational Unit (OU): Web Operation Center

Fingerprints
SHA1 Fingerprint: 83:38:43:AB:F2:E3:6E:EC:5E:25:A7:A5:DB:29:AB:0F:FB:75:DC:AC
MD5 Fingerprint: C8:AC:0C:C0:2D:28:27:9B:85:F9:B8:0C:63:5D:72:C0

Ensure the certificate attributes are appropriate prior to accepting the certificate for your session. The proxy server will require your NEMS authentication, your NOAA e-mail address without the @noaa.gov part and e-mail password, to proceed to the linked document.

DOC IT Security Documentation
2009 DOC IT Security Program Policy - FINAL
DOC IT Management Handbook Management Plan
DOC Internet Use Policy
Web Standards, Best Practices, and Policies
DOC Standard on Password Management
DOC Breach Notification Response Plan
DOC Procurement Memo 2003-09 - Contract Requirements for IT Security
Security Clauses - CAR1352.239-73 & CAR1352.239-74

Executive Orders

Executive Order 13231 February 28, 2003, Critical Infrastructure Protection in the Information Age
Executive Order 13130 of July 14, 1999 - National Infrastructure Assurance Council
Executive Order 13111 of January 12, 1999 - Technology uses to improve training opportunities for employees
Executive Order 13103 of September 30, 1998 - Computer Software Piracy
Executive Order 13011 of July 16, 1996 - Chief Information Officers Council
Executive Order 13010 of July 15, 1996 - Critical Information Protection
Executive Order Search from the National Archives and Records Administration

NIST Publications

NIST Special Publication 800-18 Guide for Developing Security Plans for Information Technology Systems, December 1998

NIST SP 800-30 - Risk Management Guide for IT Systems

NIST SP 800-53 - Recommended Security Controls for Federal Information Systems

NIST SP 800-60 - Guide for Mapping Types of Information and Information Systems to Security Categories (Vol. 1)