Regulations
Office of Management and Budget Regulations
OMB Memorandum M-04-04, dated December 16, 2003, and entitled "E-Authentication for Federal Agencies,t."
This Guidance document addresses those Federal government services accomplished
using the Internet online, instead of on paper. To make sure that online government
services are secure and protect privacy, some type of identify verification or
authentication is needed. This guidance directs agencies to conduct
"e-authentication risk assessments" on electronic transactions to ensure that
there is a consistent approach across government. PDF Format
OMB Memorandum M-01-24 dated June 22, 2001 and entitled "Reporting
Instructions for the Government Information Security Reform Act."
These instructions will assist agencies in reporting the results
of their annual system and program reviews by agency CIOs and program
officials and independent evaluations by the agency Inspectors General.
PDF Format
Memorandum from the Director of OMB, "Guidance
on Implementing the Government Information Security Reform Act".
PDF Format.
Circular
No. A-130, Management of Federal Information Resources
Appendix
III to Circular A-130, "Security of Federal Automated Information
Resources"
Synopsis
of the A-130, Appendix III
Other
OMB Circulars
Department of Commerce Policies
DOC
IT Security Program Policy
DOC
IT Management Handbook (Under Construction)
Policy
on Password Management - Attachment 1
Managing
Your Passwords - Attachment 2
Memorandum:
DOC Policy on Password Management
Scott
Gudes memo on Issuance of Internet Use Policy
Web
Standards, Best Practices, and Policies
Peer-to-Peer
(P2P) Security Policy
DOC
Broadcast E-mail Policy
DOC
Internet Use Policy
Designated
Agency Representatives for Telecommunications Services
DOC
Telecommunications Management
Policy
on Use of Cookies on Commerce Web Sites
Policy
on Use of Cookies on Commerce Web Sites (Wordperfect)
DOC
Memo on Final Remote Access Security Policy
DOC
Remote Access Security Policy
DOC
Procurement Memo 2003-09 - Contract Requirements for IT Security
Security
Clauses -
CAR1352.239-73 & CAR1352.239-74
OTHER Agency policies
National
Information Systems Security (INFOSEC) Glossary
NIST
Special Publication 800-18 Guide for Developing Security Plans
for Information Technology Systems, December 1998
|