NOAA Office of the CIO/HPCC - IT Security Office - Policies, Regulations and Laws

Banner - CIO/HPCC IT Security Office



	NOAA IT Security Conference 2004
	Mission Statement
	Staff
	IT Security Officers

	Policies, Regulations & Laws
	Action Items & Due Dates
	IT Security Committee

	Antivirus Software
	Personal Firewall Software

	N-CIRT
	Watches and Warnings
	Form 47-43
	Warning Banners
	Web Resources
	N-CIRT TechNotes

	Visible Statement Screensaver Software
	2004 IT Security Awareness Course
	SANS On-line Training Courses, Certification and Conferences
	Unix Effective Security Measures Course
	Frontline Bulletins
	Other TEA

= External Link
= Link to document on this server
= Needs Acrobat Reader - click here

NOAA Policies

NAO 212-13, Information Technology Security Policy
NOAA 212-1300, (Final) IT Security Manual (5 parts) ( HTML | )

Personal Digital Assistant (PDA) Policy
NOAA Enterprise Messaging Guidelines
NOAA Web Policies
NAO 212-12a, Telecommunications Standards: NOAA Interoperability Profile
NAO 212-12b, Telecommunications Standards: Names, Addresses, and Gateways in Electronic Mail Systems
NAO 212-14, Use of the Internet
NAO 212-14(1), Internet Services Resource Management: Service Aquisition, Security and Name Services
Computer User's Guide For Protecting Information Resources ( | HTML )
NOAA's IT Security Incident Reporting Form #47-43

Spam E-Mail Guidelines
Warning Banner Requirements

Security Plans to system Security Authorization Agreements. A Guide for Using the NIACAP Methodology to Develop Quality System Security Plans (updated June 2003)
NOAA Accreditation Statement ( | HTML )

Federal Links

Department of Homeland Security
GAO Special Publications and Software
Chief Information Officers Council
NIST Computer Security Resource Center Special Publications

LAWS

Analysis of Federal Information Security Management Act
Electronic Government Act of 2002 (H.R. 2458)
Federal Information Security Management Act of 2002 (Title III of E-Gov P.L. 107-347)
Computer Security Act of 1987 (P.L. 100-235)
Summary of the Computer Security Act
Computer Fraud and Abuse Act (P.L. 99-474)
Privacy Act (5 USC 552a)
Trade Secrets Act (18 U.S.C. S1905)
Information Technology Management Reform Act (Clinger-Cohen), February 10, 1996
CFR Title 5, Part 2635, Section 704 "Use of Government Property"

Regulations
Office of Management and Budget Regulations

OMB Memorandum M-04-04, dated December 16, 2003, and entitled "E-Authentication for Federal Agencies,t." This Guidance document addresses those Federal government services accomplished using the Internet online, instead of on paper. To make sure that online government services are secure and protect privacy, some type of identify verification or authentication is needed. This guidance directs agencies to conduct "e-authentication risk assessments" on electronic transactions to ensure that there is a consistent approach across government. PDF Format
OMB Memorandum M-01-24 dated June 22, 2001 and entitled "Reporting Instructions for the Government Information Security Reform Act." These instructions will assist agencies in reporting the results of their annual system and program reviews by agency CIOs and program officials and independent evaluations by the agency Inspectors General. PDF Format
Memorandum from the Director of OMB, "Guidance on Implementing the Government Information Security Reform Act". PDF Format.
Circular No. A-130, Management of Federal Information Resources
Appendix III to Circular A-130, "Security of Federal Automated Information Resources"
Synopsis of the A-130, Appendix III
Other OMB Circulars

Department of Commerce Policies

DOC IT Security Program Policy
DOC IT Management Handbook (Under Construction)
Policy on Password Management - Attachment 1
Managing Your Passwords - Attachment 2
Memorandum: DOC Policy on Password Management
Scott Gudes memo on Issuance of Internet Use Policy
Web Standards, Best Practices, and Policies
Peer-to-Peer (P2P) Security Policy
DOC Broadcast E-mail Policy
DOC Internet Use Policy
Designated Agency Representatives for Telecommunications Services
DOC Telecommunications Management
Policy on Use of Cookies on Commerce Web Sites
Policy on Use of Cookies on Commerce Web Sites (Wordperfect)
DOC Memo on Final Remote Access Security Policy
DOC Remote Access Security Policy
DOC Procurement Memo 2003-09 - Contract Requirements for IT Security
Security Clauses - CAR1352.239-73 & CAR1352.239-74

Executive Orders

Summary of PDD 62 and PDD 63
Presidential Decision Directive 63 (PDD-63) - Protecting America's Critical Infrastructures, dated May 1998
Executive Order 13231 February 28, 2003, Critical Infrastructure Protection in the Information Age
Executive Order 13130 of July 14, 1999 - National Infrastructure Assurance Council
Executive Order 13111 of January 12, 1999 - Technology uses to improve training opportunities for employees
Executive Order 13103 of September 30, 1998 - Computer Software Piracy
Executive Order 13011 of July 16, 1996 - Chief Information Officers Council
Executive Order 13010 of July 15, 1996 - Critical Information Protection
Executive Order Search from the National Archives and Records Administration

OTHER Agency policies

National Information Systems Security (INFOSEC) Glossary

NIST Special Publication 800-18 Guide for Developing Security Plans for Information Technology Systems, December 1998

National Security Telecommunications and Information Systems Security Instruction (NSTISSI) No. 1000, National Information Assurance Certification and Accreditation Process (NIACAP) - establishes the minimum national standards for certifying and accrediting national security systems. This process provides a standard set of activities, general tasks, and a management structure to certify and accredit systems that will maintain the Information Assuranca (IA) and security posture of a system or site.

Publication of the IT Security Office, Office of the CIO/HPCC, National Oceanic & Atmospheric Administration (NOAA), U.S. Department of Commerce

Privacy Statement | Disclaimer | Contact Info | N-CIRT PGP Public Key

Last Update: October 8, 2004 1:56 PM