publicdata/cms-gov
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cms-gov/security.cms.gov/learn/federal-information-systems-management-act-fisma
Scott Williams b906a0e722 Initial commit
2025-02-28 14:41:14 -05:00

1 line
No EOL
1.6 MiB
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="preload" as="image" href="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg" fetchPriority="high"/><link rel="stylesheet" href="/_next/static/css/ef46db3751d8e999.css" data-precedence="next"/><link rel="stylesheet" href="/_next/static/css/0759e90f4fecfde7.css" data-precedence="next"/><link rel="preload" as="script" fetchPriority="low" href="/_next/static/chunks/webpack-182b67d00f496f9d.js"/><script src="/_next/static/chunks/fd9d1056-ad09c71b7719f2fb.js" async=""></script><script src="/_next/static/chunks/23-260042deb5df7a88.js" async=""></script><script src="/_next/static/chunks/main-app-6de3c3100b91a0a9.js" async=""></script><script src="/_next/static/chunks/30-49b1c1429d73281d.js" async=""></script><script src="/_next/static/chunks/317-0f87feacc1712b2f.js" async=""></script><script src="/_next/static/chunks/223-bc9ed43510898bbb.js" async=""></script><script src="/_next/static/chunks/app/layout-9fc24027bc047aa2.js" async=""></script><script src="/_next/static/chunks/972-6e520d137ef194fb.js" async=""></script><script src="/_next/static/chunks/app/page-cc829e051925e906.js" async=""></script><script src="/_next/static/chunks/app/template-d264bab5e3061841.js" async=""></script><script src="/_next/static/chunks/e37a0b60-b74be3d42787b18d.js" async=""></script><script src="/_next/static/chunks/904-dbddf7494c3e6975.js" async=""></script><script src="/_next/static/chunks/549-c87c1c3bbacc319f.js" async=""></script><script src="/_next/static/chunks/app/learn/%5Bslug%5D/page-5b91cdc45a95ebbe.js" async=""></script><link rel="preload" href="/assets/javascript/uswds-init.min.js" as="script"/><link rel="preload" href="/assets/javascript/uswds.min.js" as="script"/><title>Federal Information Security Modernization Act (FISMA) | CMS Information Security &amp; Privacy Group</title><meta name="description" content="FISMA is federal legislation that defines a framework of guidelines and security standards to protect government information and operations"/><link rel="canonical" href="https://security.cms.gov/learn/federal-information-security-modernization-act-fisma"/><meta name="google-site-verification" content="GMZIwBDJgz_o_JYUB2GpJazkrs7P85BaWDsoCjxF32M"/><meta property="og:title" content="Federal Information Security Modernization Act (FISMA) | CMS Information Security &amp; Privacy Group"/><meta property="og:description" content="FISMA is federal legislation that defines a framework of guidelines and security standards to protect government information and operations"/><meta property="og:url" content="https://security.cms.gov/learn/federal-information-security-modernization-act-fisma"/><meta property="og:image:type" content="image/jpeg"/><meta property="og:image:width" content="1200"/><meta property="og:image:height" content="630"/><meta property="og:image" content="https://security.cms.gov/learn/federal-information-security-modernization-act-fisma/opengraph-image.jpg?d21225707c5ed280"/><meta property="og:type" content="website"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:title" content="Federal Information Security Modernization Act (FISMA) | CMS Information Security &amp; Privacy Group"/><meta name="twitter:description" content="FISMA is federal legislation that defines a framework of guidelines and security standards to protect government information and operations"/><meta name="twitter:image:type" content="image/jpeg"/><meta name="twitter:image:width" content="1200"/><meta name="twitter:image:height" content="630"/><meta name="twitter:image" content="https://security.cms.gov/learn/federal-information-security-modernization-act-fisma/opengraph-image.jpg?d21225707c5ed280"/><link rel="icon" href="/favicon.ico" type="image/x-icon" sizes="48x48"/><script>(self.__next_s=self.__next_s||[]).push(["/assets/javascript/uswds-init.min.js",{}])</script><script src="/_next/static/chunks/polyfills-78c92fac7aa8fdd8.js" noModule=""></script></head><body><a class="usa-skipnav" href="#main">Skip to main content</a><section class="usa-banner" aria-label="Official website of the United States government"><div class="usa-accordion"><header class="usa-banner__header"><div class="usa-banner__inner"><div class="grid-col-auto"><img aria-hidden="true" alt="" loading="lazy" width="16" height="11" decoding="async" data-nimg="1" class="usa-banner__header-flag" style="color:transparent" srcSet="/_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&amp;w=16&amp;q=75 1x, /_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&amp;w=32&amp;q=75 2x" src="/_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&amp;w=32&amp;q=75"/></div><div class="grid-col-fill tablet:grid-col-auto" aria-hidden="true"><p class="usa-banner__header-text">An official website of the United States government</p><p class="usa-banner__header-action">Here&#x27;s how you know</p></div><button type="button" class="usa-accordion__button usa-banner__button" aria-expanded="false" aria-controls="gov-banner-default-default"><span class="usa-banner__button-text">Here&#x27;s how you know</span></button></div></header><div class="usa-banner__content usa-accordion__content" id="gov-banner-default-default" hidden=""><div class="grid-row grid-gap-lg"><div class="usa-banner__guidance tablet:grid-col-6"><img role="img" alt="" aria-hidden="true" loading="lazy" width="40" height="40" decoding="async" data-nimg="1" class="usa-banner__icon usa-media-block__img" style="color:transparent" src="/_next/static/media/icon-dot-gov.3e9cb1b5.svg"/><div class="usa-media-block__body"><p><strong>Official websites use .gov</strong><br/>A <strong>.gov</strong> website belongs to an official government organization in the United States.</p></div></div><div class="usa-banner__guidance tablet:grid-col-6"><img role="img" alt="" aria-hidden="true" loading="lazy" width="40" height="40" decoding="async" data-nimg="1" class="usa-banner__icon usa-media-block__img" style="color:transparent" src="/_next/static/media/icon-https.e7f1a222.svg"/><div class="usa-media-block__body"><p><strong>Secure .gov websites use HTTPS</strong><br/>A <strong>lock</strong> (<span class="icon-lock"><svg xmlns="http://www.w3.org/2000/svg" width="52" height="64" viewBox="0 0 52 64" class="usa-banner__lock-image" role="img" aria-labelledby="banner-lock-description-default" focusable="false"><title id="banner-lock-title-default">Lock</title><desc id="banner-lock-description-default">Locked padlock icon</desc><path fill="#000000" fill-rule="evenodd" d="M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z"></path></svg></span>) or <strong>https://</strong> means you&#x27;ve safely connected to the .gov website. Share sensitive information only on official, secure websites.</p></div></div></div></div></div></section><div class="usa-overlay"></div><header class="usa-header usa-header--extended"><div class="bg-primary-dark"><div class="usa-navbar"><div class="usa-logo padding-y-4 padding-right-3" id="CyberGeek-logo"><a title="CMS CyberGeek Home" href="/"><img alt="CyberGeek logo" fetchPriority="high" width="298" height="35" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg"/></a></div><button aria-label="Open menu" type="button" class="usa-menu-btn" data-cy="menu-button">Menu</button></div></div><nav aria-label="Primary navigation" class="usa-nav padding-0 desktop:width-auto bg-white grid-container float-none"><div class="usa-nav__inner"><button type="button" class="usa-nav__close margin-0"><img alt="Close" loading="lazy" width="24" height="24" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/close.1fafc2aa.svg"/></button><ul class="usa-nav__primary usa-accordion"><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="roles"><span>Roles</span></button><ul id="roles" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Roles</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/information-system-security-officer-isso">Information System Security Officer (ISSO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook"><span>ISSO Handbook</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos"><span>Getting started (for new ISSOs)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/isso-mentorship-program"><span>ISSO Mentorship Program</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook#training"><span>ISSO Training</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/data-guardian">Data Guardian</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/data-guardian-handbook"><span>Data Guardian Handbook</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/cyber-risk-advisor-cra">Cyber Risk Advisor (CRA)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks"><span>CMS Security and Privacy Handbooks</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters"><span>Risk Management Handbook (RMH)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/business-system-owner">Business / System Owner (BO/SO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity and Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-information-exchange-agreement-iea"><span>Information Exchange Agreement (IEA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-computer-matching-agreement-cma"><span>Computer Matching Agreement (CMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/isso-service"><span>ISSO As A Service</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="compliance-authorization"><span>Compliance &amp; Authorization</span></button><ul id="compliance-authorization" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Compliance &amp; Authorization</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/learn/authorization-operate-ato">Authorization to Operate (ATO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato"><span>About ATO at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#types-of-authorizations"><span>Types of authorizations</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#ato-stakeholders"><span>ATO stakeholders</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#related-documents-and-resources"><span>ATO tools and resources</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-technical-reference-architecture-tra"><span>CMS Technical Reference Architecture (TRA)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/learn/ongoing-authorization-oa">Ongoing Authorization (OA)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/ongoing-authorization-oa"><span>About OA at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa"><span>OA eligibility requirements</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Assessments &amp; Audits</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/security-impact-analysis-sia"><span>Security Impact Analysis (SIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/system-audits"><span>System Audits</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="policy-guidance"><span>Policy &amp; Guidance</span></button><ul id="policy-guidance" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Policy &amp; Guidance</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/cms-policies-and-guidance">CMS Policies and Guidance</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-acceptable-risk-safeguards-ars"><span>CMS Acceptable Risk Safeguards (ARS)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-systems-security-privacy-policy-is2p2"><span>CMS Information Security and Privacy Policy (IS2P2)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks"><span>CMS Security and Privacy Handbooks</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/cms-risk-management-framework-rmf"><span>CMS Risk Management Framework (RMF)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/email-encryption-requirements-cms"><span>CMS Email Encryption</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/federal-policies-and-guidance">Federal Policies and Guidance</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/national-institute-standards-and-technology-nist"><span>National Institute of Standards and Technology (NIST)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/federal-information-security-modernization-act-fisma"><span>Federal Information Security Modernization Act (FISMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/fedramp"><span>Federal Risk and Authorization Management Program (FedRAMP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/zero-trust"><span>Zero Trust</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="system-security"><span>System Security</span></button><ul id="system-security" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">System Security</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/application-security">Application Security</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/threat-modeling"><span>Threat Modeling</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/zero-trust"><span>Zero Trust</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cloud-services"><span>CMS Cloud Services</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/software-bill-materials-sbom"><span>Software Bill of Materials (SBOM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/security-operations">Security Operations</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir"><span>Incident Response</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cybersecurity-integration-center-ccic"><span>CMS Cybersecurity Integration Center (CCIC)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/risk-management-and-reporting">Risk Management and Reporting</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cyber-risk-reports"><span>Cyber Risk Reports</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/plan-action-and-milestones-poam"><span>Plan of Action and Milestones (POA&amp;M)</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="privacy"><span>Privacy</span></button><ul id="privacy" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Privacy</span></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Agreements</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-computer-matching-agreement-cma"><span>Computer Matching Agreement (CMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-information-exchange-agreement-iea"><span>Information Exchange Agreement (IEA)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Privacy Activities</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/breach-response"><span>Breach Response</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/system-records-notice-sorn"><span>System of Records Notice (SORN)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Privacy Resources</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/ispg/privacy"><span>Privacy at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-breach-response-handbook"><span>CMS Breach Response Handbook</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/health-insurance-portability-and-accountability-act-1996-hipaa"><span>Health Insurance Portability and Accessibility Act (HIPAA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-privacy-impact-assessment-pia-handbook"><span>CMS Privacy Impact Assessment (PIA) Handbook</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="tools-services"><span>Tools &amp; Services</span></button><ul id="tools-services" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Tools &amp; Services</span></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Reporting &amp; Compliance</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/isso-service"><span>ISSO As A Service</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-fisma-continuous-tracking-system-cfacts"><span>CFACTS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cyber-risk-reports"><span>Cyber Risk Reports and Dashboards</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">System Security</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/threat-modeling"><span>Threat Modeling</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cloud-services"><span>CMS Cloud Services</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cybersecurity-integration-center-ccic"><span>CMS Cybersecurity Integration Center (CCIC)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/cms-security-data-lake-sdl"><span>CMS Security Data Lake (SDL)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Tests &amp; Assessments</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li></ul></section></div></li></ul></li></ul><div class="usa-nav__secondary padding-left-2"><section aria-label="Header search box"><form class="usa-search usa-search--small" role="search" action="/search"><label class="usa-sr-only" for="header-search-box">Search</label><input class="usa-input search__input" id="header-search-box" type="search" name="ispg[query]"/><button aria-label="header search box button" class="usa-button" id="header-search-box-btn" type="submit"><svg aria-describedby="searchIcon" class="usa-icon" aria-hidden="true" focusable="false" role="img"><title id="searchIcon">Search</title><use href="/assets/img/sprite.svg#search"></use></svg></button></form></section></div></div></nav></header><main id="main"><div id="template"><!--$--><!--/$--><section class="hero hero--theme-explainer undefined"><div class="maxw-widescreen margin-x-auto padding-x-2 desktop:padding-x-0 padding-top-4 padding-bottom-6 desktop:padding-y-7"><div class="tablet:grid-container position-relative "><div class="hero__row grid-row grid-gap"><div class="tablet:grid-col-5 widescreen:position-relative"></div><div class="hero__column tablet:grid-col-7 flow padding-bottom-2"><h1 class="hero__heading margin-0 line-height-sans-3 desktop:line-height-sans-2">Federal Information Security Modernization Act (FISMA)</h1><p class="hero__description">FISMA is federal legislation that defines a framework of guidelines and security standards to protect government information and operations</p><div class="hero__meta radius-lg padding-x-2 padding-y-1 bg-white font-sans-2xs line-height-sans-5 display-inline-block text-primary-darker">Contact: <span class="text-bold">ISPG Policy Team</span><span class="hidden-mobile"> | </span><span class="break-mobile"><a href="mailto:CISO@cms.hhs.gov">CISO@cms.hhs.gov</a></span></div></div><div class="tablet:position-absolute tablet:top-0"><div class="[ flow ] bg-primary-light radius-lg padding-2 text-base-darkest maxw-mobile"><div class="display-flex flex-align-center font-sans-lg margin-bottom-2 text-italic desktop:text-no-wrap"><img alt="slack logo" loading="lazy" width="21" height="21" decoding="async" data-nimg="1" class="display-inline margin-right-1" style="color:transparent" src="/_next/static/media/slackLogo.f5836093.svg"/>CMS Slack Channel</div><ul class="add-list-reset"><li class="line-height-sans-5 margin-top-0">#ispg-sec_privacy-policy</li></ul></div></div></div></div></div></section><div class="grid-container"><div class="grid-row grid-gap margin-top-5"><div class="tablet:grid-col-4"><nav class="table-of-contents overflow-y-auto overflow-x-hidden position-sticky top-3 padding-1 radius-lg shadow-2 display-none tablet:display-block" aria-label="Table of contents"><div class="text-uppercase text-bold border-bottom border-base-lighter padding-bottom-1">Table of Contents</div><p class="text-italic text-base font-sans-xs">No table of content entries to display.</p></nav></div><div class="tablet:grid-col-8 content"><section><div class="text-block text-block--theme-explainer"><h2>What is FISMA?</h2><p>The Federal Information Security Modernization Act (FISMA) defines a framework of guidelines and security standards to protect government information and operations.</p><p>FISMA was originally passed as the <a href="https://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002">Federal Information Security Management Act</a> in 2002 as part of the E-Government Act. It requires all federal agencies to develop, document, and implement agency-wide information security programs.</p><p>This law has been amended by the <a href="https://en.wikipedia.org/wiki/Federal_Information_Security_Modernization_Act_of_2014">Federal Information Security Modernization Act of 2014</a> (sometimes called FISMA Reform), passed in response to the increasing amount of cyber attacks on the federal government.&nbsp;</p><p>FISMA defines three security objectives for information and information systems:</p><p dir="ltr"><strong>Confidentiality: </strong>Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.</p><p dir="ltr"><strong>Integrity: </strong>Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity.&nbsp;</p><p dir="ltr"><strong>Availability: </strong>Ensuring timely and reliable access to and use of information.</p><h2>FISMA compliance</h2><p>A key requirement of FISMA is that program officials, and the head of each agency, must conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels. The Office of Management and Budget (OMB) is the agency responsible for final oversight of the FISMA compliance efforts of each agency.</p><p>While FISMA sets the legal requirement for annual compliance, the <a href="https://security.cms.gov/learn/national-institute-standards-and-technology-nist">National Institute of Standards and Technology</a> (NIST) is the government body responsible for developing the standards and policies that agencies use to ensure their systems, applications, and networks remain secure. To be FISMA-compliant, agencies must:</p><h3>Implement continuous monitoring</h3><p>Agencies must continually monitor FISMA accredited systems to identify potential weaknesses. Any changes should be documented in the System Security and Privacy Plan (SSPP). Continuous monitoring will also allow agencies to respond quickly to security incidents or data breaches. CMS is working towards a more robust approach to continuous monitoring through programs like <a href="https://security.cms.gov/learn/continuous-diagnostics-and-mitigation-cdm">Continuous Diagnostics and Mitigation</a> and <a href="https://security.cms.gov/learn/ongoing-authorization-oa">Ongoing Authorization</a>.</p><h3>Conduct annual security reviews</h3><p>Program officials and agency heads must conduct annual security reviews in order to obtain a FISMA certification. Certification and accreditation are defined in <a href="https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final">NIST SP 800-37</a>.</p><h3>Perform risk assessment</h3><p>System risk should be evaluated regularly to validate current security controls and to determine if additional controls are required. At CMS, this is done through assessments such as the <a href="https://security.cms.gov/learn/cybersecurity-risk-assessment-program-csrap">Cybersecurity and Risk Assessment Program</a> (CSRAP).</p><h3>Document the controls in the system security plan</h3><p>Documentation on the baseline controls used to protect a system must be kept in the form of a <a href="https://security.cms.gov/learn/system-security-and-privacy-plan-sspp">System Security and Privacy Plan</a> (SSPP). This is a key deliverable in the process of getting <a href="https://security.cms.gov/learn/authorization-operate-ato">Authorization to Operate</a> (ATO) for a FISMA system.</p><h3>Meet baseline security controls</h3><p>Federal systems must meet minimum security requirements. <a href="https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final">NIST SP 800-53</a> outlines the suggested security controls for FISMA compliance. FISMA does not require an agency to implement every single control, but they must implement the controls relevant to their systems and their function. At CMS, standards for security controls are documented in the <a href="https://security.cms.gov/policy-guidance/cms-acceptable-risk-safeguards-ars">CMS Acceptable Risk Safeguards</a> (ARS).</p><h3>Perform system risk categorization</h3><p>Information systems must be categorized according to their risk levels to ensure that sensitive information and High Value Asset (HVA) systems are given the highest level of security. The categorization process considers the type of information contained in or processed by a system, and will determine what security controls are needed.&nbsp;</p><p>The categorization levels follow those prescribed in <a href="https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.199.pdf">FIPS Publication 199 from NIST</a> (Standards for Security Categorization of Federal Information and Information Systems).</p><p>At CMS, system categorization happens in CFACTS and results in a categorization of “Low”, “Moderate”, or “High” depending on the level of impact that would occur if the information or the information system were compromised.</p><p dir="ltr"><strong>Impact level LOW</strong></p><p dir="ltr">A low impact level occurs when the loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.</p><p dir="ltr">A limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:&nbsp;</p><ul><li dir="ltr">Cause an interruption to mission capability, but CMS is still able to perform its primary functions&nbsp;</li><li dir="ltr">Effectiveness of functions is noticeably reduced</li><li dir="ltr">Result in minor damage to organizational assets</li><li dir="ltr">Result in minor financial loss</li><li dir="ltr">Result in minor harm to individuals</li></ul><p><strong>Impact level MODERATE</strong></p><p>A moderate impact level occurs when the loss of confidentiality, integrity, or availability could be expected to have a <strong>serious</strong> adverse effect on organizational operations, organizational assets, or individuals.</p><p>A serious adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:&nbsp;</p><ul><li>Cause a <strong>significant</strong> deterioration of mission capability, but CMS is still able to perform its primary functions&nbsp;</li><li>Effectiveness of functions is noticeably reduced&nbsp;</li><li>Result in significant damage to organizational assets</li><li>Result in significant financial loss</li><li>Result in significant harm to individuals that does not involve loss of life or serious life threatening injuries</li></ul><p><strong>Impact level HIGH</strong></p><p>A high impact level occurs when the loss of confidentiality, integrity, or availability could be expected to have a <strong>severe or catastrophic</strong> adverse effect on organizational operations, organizational assets, or individuals.</p><p>A severe or catastrophic adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:&nbsp;</p><ul><li>Cause a <strong>severe</strong> degradation in or total loss of mission capability&nbsp;</li><li>The organization is <strong>not</strong> able to perform one or more of its primary functions</li><li>Result in <strong>major</strong> damage to organizational assets</li><li>Result in major financial loss</li><li>Result in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries</li></ul></div></section></div></div></div><div class="cg-cards grid-container"><h2 class="cg-cards__heading" id="related-documents-and-resources">Related documents and resources</h2><ul aria-label="cards" class="usa-card-group"><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/learn/zero-trust">Zero Trust </a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>Security paradigm that requires the continuous verification of system users to promote system security</p></div></div></li><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/learn/fedramp">Federal Risk and Authorization Management Program (FedRAMP)</a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>Provides a federally-recognized and standardized security framework for all cloud products and services</p></div></div></li><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/learn/cms-enterprise-data-encryption-cede">CMS Enterprise Data Encryption (CEDE)</a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>How CMS satisfies federal requirements for the encryption of data to keep sensitive information safe</p></div></div></li><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/learn/national-institute-standards-and-technology-nist">National Institute of Standards and Technology (NIST)</a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>Information about NIST and how the agency&#x27;s policies and guidance relate to security and privacy at CMS</p></div></div></li><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/policy-guidance/cms-guide-federal-laws-regulations-and-policies">CMS Guide to Federal Laws, Regulations, and Policies</a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>A comprehensive list of the federal laws, regulations, and policies that shape how information security and privacy are managed at CMS</p></div></div></li></ul></div></div></main><footer class="usa-footer usa-footer--slim"><div class="grid-container"><div class="grid-row flex-align-end"><div class="grid-col"><div class="usa-footer__return-to-top"><a class="font-sans-xs" href="#">Return to top</a></div></div><div class="grid-col padding-bottom-2 padding-top-4 display-flex flex-justify-end"><a class="usa-button" href="/feedback">Give feedback</a></div></div></div><div class="usa-footer__primary-section"><div class="usa-footer__primary-container grid-row"><div class="tablet:grid-col-3"><a class="usa-footer__primary-link" href="/"><img alt="CyberGeek logo" loading="lazy" width="142" height="26" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg"/></a><p class="usa-footer__logo-heading display-none tablet-lg:display-block">The official website of the CMS Information Security and Privacy Group (ISPG)</p></div><div class="tablet:grid-col-12 tablet-lg:grid-col-9"><nav class="usa-footer__nav" aria-label="Footer navigation,"><ul class="grid-row grid-gap"><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="/learn/about-ispg-cybergeek">What is CyberGeek?</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/privacy">Privacy policy</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/about-cms/information-systems/privacy/vulnerability-disclosure-policy">CMS Vulnerability Disclosure Policy</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/About-CMS/Agency-Information/Aboutwebsite/Policiesforaccessibility">Accessibility</a></li></ul></nav></div></div></div><div class="usa-footer__secondary-section"><div class="grid-container"><div class="usa-footer__logo grid-row grid-gap-2"><div class="mobile-lg:grid-col-3"><a href="https://www.cms.gov/"><img alt="CMS homepage" loading="lazy" width="124" height="29" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/cmsLogo.10a64ce4.svg"/></a></div><div class="mobile-lg:grid-col-7"><p class="font-sans-3xs line-height-sans-3">A federal government website managed and paid for by the U.S. Centers for Medicare &amp; Medicaid Services.</p><address class="font-sans-3xs line-height-sans-3">7500 Security Boulevard, Baltimore, MD 21244</address></div></div></div></div></footer><script>(self.__next_s=self.__next_s||[]).push(["/assets/javascript/uswds.min.js",{}])</script><script src="/_next/static/chunks/webpack-182b67d00f496f9d.js" async=""></script><script>(self.__next_f=self.__next_f||[]).push([0]);self.__next_f.push([2,null])</script><script>self.__next_f.push([1,"1:HL[\"/_next/static/css/ef46db3751d8e999.css\",\"style\"]\n2:HL[\"/_next/static/css/0759e90f4fecfde7.css\",\"style\"]\n"])</script><script>self.__next_f.push([1,"3:I[5751,[],\"\"]\n6:I[9275,[],\"\"]\n8:I[1343,[],\"\"]\nb:I[6130,[],\"\"]\n7:[\"slug\",\"federal-information-security-modernization-act-fisma\",\"d\"]\nc:[]\n0:[\"$\",\"$L3\",null,{\"buildId\":\"m9SaS4P6zugJbBHpXSk5Y\",\"assetPrefix\":\"\",\"urlParts\":[\"\",\"learn\",\"federal-information-security-modernization-act-fisma\"],\"initialTree\":[\"\",{\"children\":[\"learn\",{\"children\":[[\"slug\",\"federal-information-security-modernization-act-fisma\",\"d\"],{\"children\":[\"__PAGE__\",{}]}]}]},\"$undefined\",\"$undefined\",true],\"initialSeedData\":[\"\",{\"children\":[\"learn\",{\"children\":[[\"slug\",\"federal-information-security-modernization-act-fisma\",\"d\"],{\"children\":[\"__PAGE__\",{},[[\"$L4\",\"$L5\",null],null],null]},[null,[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"learn\",\"children\",\"$7\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\"}]],null]},[null,[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"learn\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\"}]],null]},[[[[\"$\",\"link\",\"0\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/ef46db3751d8e999.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}],[\"$\",\"link\",\"1\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/0759e90f4fecfde7.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}]],\"$L9\"],null],null],\"couldBeIntercepted\":false,\"initialHead\":[null,\"$La\"],\"globalErrorComponent\":\"$b\",\"missingSlots\":\"$Wc\"}]\n"])</script><script>self.__next_f.push([1,"d:I[4080,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"\"]\ne:I[8173,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"Image\"]\nf:I[7529,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n11:I[231,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"\"]\n12:I[7303,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n13:I[8521,[\"489\",\"static/chunks/app/template-d264bab5e3061841.js\"],\"default\"]\n14:I[5922,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"default\"]\n15:I[7182,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n16:I[4180,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"TealiumTagManager\"]\n10:Tdced,"])</script><script>self.__next_f.push([1,"{\"id\":\"mega-menu\",\"linkset\":{\"elements\":[{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}}],\"size\":87},\"elements\":[{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}}],\"size\":87,\"tree\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]}]}"])</script><script>self.__next_f.push([1,"9:[\"$\",\"html\",null,{\"lang\":\"en\",\"children\":[[\"$\",\"head\",null,{\"children\":[\"$\",\"$Ld\",null,{\"src\":\"/assets/javascript/uswds-init.min.js\",\"strategy\":\"beforeInteractive\"}]}],[\"$\",\"body\",null,{\"children\":[[[\"$\",\"a\",null,{\"className\":\"usa-skipnav\",\"href\":\"#main\",\"children\":\"Skip to main content\"}],[\"$\",\"section\",null,{\"className\":\"usa-banner\",\"aria-label\":\"Official website of the United States government\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-accordion\",\"children\":[[\"$\",\"header\",null,{\"className\":\"usa-banner__header\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-banner__inner\",\"children\":[[\"$\",\"div\",null,{\"className\":\"grid-col-auto\",\"children\":[\"$\",\"$Le\",null,{\"aria-hidden\":\"true\",\"className\":\"usa-banner__header-flag\",\"src\":\"/assets/img/us_flag_small.png\",\"alt\":\"\",\"width\":\"16\",\"height\":\"11\"}]}],[\"$\",\"div\",null,{\"className\":\"grid-col-fill tablet:grid-col-auto\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"p\",null,{\"className\":\"usa-banner__header-text\",\"children\":\"An official website of the United States government\"}],[\"$\",\"p\",null,{\"className\":\"usa-banner__header-action\",\"children\":\"Here's how you know\"}]]}],[\"$\",\"button\",null,{\"type\":\"button\",\"className\":\"usa-accordion__button usa-banner__button\",\"aria-expanded\":\"false\",\"aria-controls\":\"gov-banner-default-default\",\"children\":[\"$\",\"span\",null,{\"className\":\"usa-banner__button-text\",\"children\":\"Here's how you know\"}]}]]}]}],[\"$\",\"div\",null,{\"className\":\"usa-banner__content usa-accordion__content\",\"id\":\"gov-banner-default-default\",\"hidden\":true,\"children\":[\"$\",\"div\",null,{\"className\":\"grid-row grid-gap-lg\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-banner__guidance tablet:grid-col-6\",\"children\":[[\"$\",\"$Le\",null,{\"className\":\"usa-banner__icon usa-media-block__img\",\"src\":{\"src\":\"/_next/static/media/icon-dot-gov.3e9cb1b5.svg\",\"height\":64,\"width\":64,\"blurWidth\":0,\"blurHeight\":0},\"role\":\"img\",\"alt\":\"\",\"aria-hidden\":\"true\",\"width\":\"40\",\"height\":\"40\"}],[\"$\",\"div\",null,{\"className\":\"usa-media-block__body\",\"children\":[\"$\",\"p\",null,{\"children\":[[\"$\",\"strong\",null,{\"children\":\"Official websites use .gov\"}],[\"$\",\"br\",null,{}],\"A \",[\"$\",\"strong\",null,{\"children\":\".gov\"}],\" website belongs to an official government organization in the United States.\"]}]}]]}],[\"$\",\"div\",null,{\"className\":\"usa-banner__guidance tablet:grid-col-6\",\"children\":[[\"$\",\"$Le\",null,{\"className\":\"usa-banner__icon usa-media-block__img\",\"src\":{\"src\":\"/_next/static/media/icon-https.e7f1a222.svg\",\"height\":64,\"width\":64,\"blurWidth\":0,\"blurHeight\":0},\"role\":\"img\",\"alt\":\"\",\"aria-hidden\":\"true\",\"width\":\"40\",\"height\":\"40\"}],[\"$\",\"div\",null,{\"className\":\"usa-media-block__body\",\"children\":[\"$\",\"p\",null,{\"children\":[[\"$\",\"strong\",null,{\"children\":\"Secure .gov websites use HTTPS\"}],[\"$\",\"br\",null,{}],\"A \",[\"$\",\"strong\",null,{\"children\":\"lock\"}],\" (\",[\"$\",\"span\",null,{\"className\":\"icon-lock\",\"children\":[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":\"52\",\"height\":\"64\",\"viewBox\":\"0 0 52 64\",\"className\":\"usa-banner__lock-image\",\"role\":\"img\",\"aria-labelledby\":\"banner-lock-description-default\",\"focusable\":\"false\",\"children\":[[\"$\",\"title\",null,{\"id\":\"banner-lock-title-default\",\"children\":\"Lock\"}],[\"$\",\"desc\",null,{\"id\":\"banner-lock-description-default\",\"children\":\"Locked padlock icon\"}],[\"$\",\"path\",null,{\"fill\":\"#000000\",\"fillRule\":\"evenodd\",\"d\":\"M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z\"}]]}]}],\") or \",[\"$\",\"strong\",null,{\"children\":\"https://\"}],\" means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.\"]}]}]]}]]}]}]]}]}]],[\"$\",\"$Lf\",null,{\"value\":\"$10\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-overlay\"}],[\"$\",\"header\",null,{\"className\":\"usa-header usa-header--extended\",\"children\":[[\"$\",\"div\",null,{\"className\":\"bg-primary-dark\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-navbar\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-logo padding-y-4 padding-right-3\",\"id\":\"CyberGeek-logo\",\"children\":[\"$\",\"$L11\",null,{\"href\":\"/\",\"title\":\"CMS CyberGeek Home\",\"children\":[\"$\",\"$Le\",null,{\"src\":{\"src\":\"/_next/static/media/CyberGeek-logo.8e9bbd2b.svg\",\"height\":50,\"width\":425,\"blurWidth\":0,\"blurHeight\":0},\"alt\":\"CyberGeek logo\",\"width\":\"298\",\"height\":\"35\",\"priority\":true}]}]}],[\"$\",\"button\",null,{\"aria-label\":\"Open menu\",\"type\":\"button\",\"className\":\"usa-menu-btn\",\"data-cy\":\"menu-button\",\"children\":\"Menu\"}]]}]}],[\"$\",\"$L12\",null,{}]]}]]}],[\"$\",\"main\",null,{\"id\":\"main\",\"children\":[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L13\",null,{\"children\":[\"$\",\"$L8\",null,{}]}],\"templateStyles\":[],\"templateScripts\":[],\"notFound\":[\"$\",\"section\",null,{\"className\":\"hero hero--theme-content-not-found undefined\",\"children\":[[\"$\",\"$Le\",null,{\"alt\":\"404 page not found\",\"className\":\"hero__graphic\",\"priority\":true,\"src\":{\"src\":\"/_next/static/media/content-not-found-graphic.8f104f47.svg\",\"height\":551,\"width\":948,\"blurWidth\":0,\"blurHeight\":0}}],[\"$\",\"div\",null,{\"className\":\"maxw-widescreen margin-x-auto padding-x-2 desktop:padding-x-0 padding-top-4 padding-bottom-6 desktop:padding-y-7\",\"children\":[\"$\",\"div\",null,{\"className\":\"tablet:grid-container position-relative \",\"children\":[\"$\",\"div\",null,{\"className\":\"hero__row grid-row grid-gap\",\"children\":[[\"$\",\"div\",null,{\"className\":\"tablet:grid-col-5 widescreen:position-relative\",\"children\":[false,false]}],[\"$\",\"div\",null,{\"className\":\"hero__column tablet:grid-col-7 flow padding-bottom-2\",\"children\":[\"$undefined\",\"$undefined\",false,[\"$\",\"h1\",null,{\"className\":\"hero__heading margin-0 line-height-sans-3 desktop:line-height-sans-2\",\"children\":\"We can't find that page.\"}],\"$undefined\",\"$undefined\",false,[\"$\",\"div\",null,{\"children\":[[\"$\",\"div\",null,{\"className\":\"hero__description\",\"children\":[[\"The page you're looking for may have been moved or retired. You can\",\" \",[\"$\",\"$L11\",null,{\"href\":\"/\",\"children\":\"visit our home page\"}],\" or use the search box to find helpful resources.\"]]}],[\"$\",\"div\",null,{\"className\":\"margin-top-6 search-container\",\"children\":[\"$\",\"$L14\",null,{\"theme\":\"content-not-found\"}]}]]}],false]}],false,false]}]}]}]]}],\"notFoundStyles\":[]}]}],[\"$\",\"$L15\",null,{}],[\"$\",\"$L16\",null,{}],[\"$\",\"$Ld\",null,{\"src\":\"/assets/javascript/uswds.min.js\",\"strategy\":\"beforeInteractive\"}]]}]]}]\n"])</script><script>self.__next_f.push([1,"17:I[9461,[\"866\",\"static/chunks/e37a0b60-b74be3d42787b18d.js\",\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"904\",\"static/chunks/904-dbddf7494c3e6975.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"549\",\"static/chunks/549-c87c1c3bbacc319f.js\",\"192\",\"static/chunks/app/learn/%5Bslug%5D/page-5b91cdc45a95ebbe.js\"],\"default\"]\n18:T1f4c,"])</script><script>self.__next_f.push([1,"\u003ch2\u003e\u003cstrong\u003eWhat is FISMA?\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eThe Federal Information Security Modernization Act (FISMA) defines a framework of guidelines and security standards to protect government information and operations.\u003c/p\u003e\u003cp\u003eFISMA was originally passed as the \u003ca href=\"https://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002\"\u003eFederal Information Security Management Act\u003c/a\u003e in 2002 as part of the E-Government Act. It requires all federal agencies to develop, document, and implement agency-wide information security programs.\u003c/p\u003e\u003cp\u003eThis law has been amended by the \u003ca href=\"https://en.wikipedia.org/wiki/Federal_Information_Security_Modernization_Act_of_2014\"\u003eFederal Information Security Modernization Act of 2014\u003c/a\u003e (sometimes called FISMA Reform), passed in response to the increasing amount of cyber attacks on the federal government.\u0026nbsp;\u003c/p\u003e\u003cp\u003eFISMA defines three security objectives for information and information systems:\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eConfidentiality: \u003c/strong\u003ePreserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eIntegrity: \u003c/strong\u003eGuarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eAvailability: \u003c/strong\u003eEnsuring timely and reliable access to and use of information.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eFISMA compliance\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eA key requirement of FISMA is that program officials, and the head of each agency, must conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels. The Office of Management and Budget (OMB) is the agency responsible for final oversight of the FISMA compliance efforts of each agency.\u003c/p\u003e\u003cp\u003eWhile FISMA sets the legal requirement for annual compliance, the \u003ca href=\"https://security.cms.gov/learn/national-institute-standards-and-technology-nist\"\u003eNational Institute of Standards and Technology\u003c/a\u003e (NIST) is the government body responsible for developing the standards and policies that agencies use to ensure their systems, applications, and networks remain secure. To be FISMA-compliant, agencies must:\u003c/p\u003e\u003ch3\u003eImplement continuous monitoring\u003c/h3\u003e\u003cp\u003eAgencies must continually monitor FISMA accredited systems to identify potential weaknesses. Any changes should be documented in the System Security and Privacy Plan (SSPP). Continuous monitoring will also allow agencies to respond quickly to security incidents or data breaches. CMS is working towards a more robust approach to continuous monitoring through programs like \u003ca href=\"https://security.cms.gov/learn/continuous-diagnostics-and-mitigation-cdm\"\u003eContinuous Diagnostics and Mitigation\u003c/a\u003e and \u003ca href=\"https://security.cms.gov/learn/ongoing-authorization-oa\"\u003eOngoing Authorization\u003c/a\u003e.\u003c/p\u003e\u003ch3\u003eConduct annual security reviews\u003c/h3\u003e\u003cp\u003eProgram officials and agency heads must conduct annual security reviews in order to obtain a FISMA certification. Certification and accreditation are defined in \u003ca href=\"https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final\"\u003eNIST SP 800-37\u003c/a\u003e.\u003c/p\u003e\u003ch3\u003ePerform risk assessment\u003c/h3\u003e\u003cp\u003eSystem risk should be evaluated regularly to validate current security controls and to determine if additional controls are required. At CMS, this is done through assessments such as the \u003ca href=\"https://security.cms.gov/learn/cybersecurity-risk-assessment-program-csrap\"\u003eCybersecurity and Risk Assessment Program\u003c/a\u003e (CSRAP).\u003c/p\u003e\u003ch3\u003eDocument the controls in the system security plan\u003c/h3\u003e\u003cp\u003eDocumentation on the baseline controls used to protect a system must be kept in the form of a \u003ca href=\"https://security.cms.gov/learn/system-security-and-privacy-plan-sspp\"\u003eSystem Security and Privacy Plan\u003c/a\u003e (SSPP). This is a key deliverable in the process of getting \u003ca href=\"https://security.cms.gov/learn/authorization-operate-ato\"\u003eAuthorization to Operate\u003c/a\u003e (ATO) for a FISMA system.\u003c/p\u003e\u003ch3\u003eMeet baseline security controls\u003c/h3\u003e\u003cp\u003eFederal systems must meet minimum security requirements. \u003ca href=\"https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final\"\u003eNIST SP 800-53\u003c/a\u003e outlines the suggested security controls for FISMA compliance. FISMA does not require an agency to implement every single control, but they must implement the controls relevant to their systems and their function. At CMS, standards for security controls are documented in the \u003ca href=\"https://security.cms.gov/policy-guidance/cms-acceptable-risk-safeguards-ars\"\u003eCMS Acceptable Risk Safeguards\u003c/a\u003e (ARS).\u003c/p\u003e\u003ch3\u003ePerform system risk categorization\u003c/h3\u003e\u003cp\u003eInformation systems must be categorized according to their risk levels to ensure that sensitive information and High Value Asset (HVA) systems are given the highest level of security. The categorization process considers the type of information contained in or processed by a system, and will determine what security controls are needed.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe categorization levels follow those prescribed in \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.199.pdf\"\u003eFIPS Publication 199 from NIST\u003c/a\u003e (Standards for Security Categorization of Federal Information and Information Systems).\u003c/p\u003e\u003cp\u003eAt CMS, system categorization happens in CFACTS and results in a categorization of “Low”, “Moderate”, or “High” depending on the level of impact that would occur if the information or the information system were compromised.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eImpact level LOW\u003c/strong\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003eA low impact level occurs when the loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eA limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eCause an interruption to mission capability, but CMS is still able to perform its primary functions\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eEffectiveness of functions is noticeably reduced\u003c/li\u003e\u003cli dir=\"ltr\"\u003eResult in minor damage to organizational assets\u003c/li\u003e\u003cli dir=\"ltr\"\u003eResult in minor financial loss\u003c/li\u003e\u003cli dir=\"ltr\"\u003eResult in minor harm to individuals\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eImpact level MODERATE\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eA moderate impact level occurs when the loss of confidentiality, integrity, or availability could be expected to have a \u003cstrong\u003eserious\u003c/strong\u003e adverse effect on organizational operations, organizational assets, or individuals.\u003c/p\u003e\u003cp\u003eA serious adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCause a \u003cstrong\u003esignificant\u003c/strong\u003e deterioration of mission capability, but CMS is still able to perform its primary functions\u0026nbsp;\u003c/li\u003e\u003cli\u003eEffectiveness of functions is noticeably reduced\u0026nbsp;\u003c/li\u003e\u003cli\u003eResult in significant damage to organizational assets\u003c/li\u003e\u003cli\u003eResult in significant financial loss\u003c/li\u003e\u003cli\u003eResult in significant harm to individuals that does not involve loss of life or serious life threatening injuries\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eImpact level HIGH\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eA high impact level occurs when the loss of confidentiality, integrity, or availability could be expected to have a \u003cstrong\u003esevere or catastrophic\u003c/strong\u003e adverse effect on organizational operations, organizational assets, or individuals.\u003c/p\u003e\u003cp\u003eA severe or catastrophic adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCause a \u003cstrong\u003esevere\u003c/strong\u003e degradation in or total loss of mission capability\u0026nbsp;\u003c/li\u003e\u003cli\u003eThe organization is \u003cstrong\u003enot\u003c/strong\u003e able to perform one or more of its primary functions\u003c/li\u003e\u003cli\u003eResult in \u003cstrong\u003emajor\u003c/strong\u003e damage to organizational assets\u003c/li\u003e\u003cli\u003eResult in major financial loss\u003c/li\u003e\u003cli\u003eResult in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries\u003c/li\u003e\u003c/ul\u003e"])</script><script>self.__next_f.push([1,"19:T1f4c,"])</script><script>self.__next_f.push([1,"\u003ch2\u003e\u003cstrong\u003eWhat is FISMA?\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eThe Federal Information Security Modernization Act (FISMA) defines a framework of guidelines and security standards to protect government information and operations.\u003c/p\u003e\u003cp\u003eFISMA was originally passed as the \u003ca href=\"https://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002\"\u003eFederal Information Security Management Act\u003c/a\u003e in 2002 as part of the E-Government Act. It requires all federal agencies to develop, document, and implement agency-wide information security programs.\u003c/p\u003e\u003cp\u003eThis law has been amended by the \u003ca href=\"https://en.wikipedia.org/wiki/Federal_Information_Security_Modernization_Act_of_2014\"\u003eFederal Information Security Modernization Act of 2014\u003c/a\u003e (sometimes called FISMA Reform), passed in response to the increasing amount of cyber attacks on the federal government.\u0026nbsp;\u003c/p\u003e\u003cp\u003eFISMA defines three security objectives for information and information systems:\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eConfidentiality: \u003c/strong\u003ePreserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eIntegrity: \u003c/strong\u003eGuarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eAvailability: \u003c/strong\u003eEnsuring timely and reliable access to and use of information.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eFISMA compliance\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eA key requirement of FISMA is that program officials, and the head of each agency, must conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels. The Office of Management and Budget (OMB) is the agency responsible for final oversight of the FISMA compliance efforts of each agency.\u003c/p\u003e\u003cp\u003eWhile FISMA sets the legal requirement for annual compliance, the \u003ca href=\"https://security.cms.gov/learn/national-institute-standards-and-technology-nist\"\u003eNational Institute of Standards and Technology\u003c/a\u003e (NIST) is the government body responsible for developing the standards and policies that agencies use to ensure their systems, applications, and networks remain secure. To be FISMA-compliant, agencies must:\u003c/p\u003e\u003ch3\u003eImplement continuous monitoring\u003c/h3\u003e\u003cp\u003eAgencies must continually monitor FISMA accredited systems to identify potential weaknesses. Any changes should be documented in the System Security and Privacy Plan (SSPP). Continuous monitoring will also allow agencies to respond quickly to security incidents or data breaches. CMS is working towards a more robust approach to continuous monitoring through programs like \u003ca href=\"https://security.cms.gov/learn/continuous-diagnostics-and-mitigation-cdm\"\u003eContinuous Diagnostics and Mitigation\u003c/a\u003e and \u003ca href=\"https://security.cms.gov/learn/ongoing-authorization-oa\"\u003eOngoing Authorization\u003c/a\u003e.\u003c/p\u003e\u003ch3\u003eConduct annual security reviews\u003c/h3\u003e\u003cp\u003eProgram officials and agency heads must conduct annual security reviews in order to obtain a FISMA certification. Certification and accreditation are defined in \u003ca href=\"https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final\"\u003eNIST SP 800-37\u003c/a\u003e.\u003c/p\u003e\u003ch3\u003ePerform risk assessment\u003c/h3\u003e\u003cp\u003eSystem risk should be evaluated regularly to validate current security controls and to determine if additional controls are required. At CMS, this is done through assessments such as the \u003ca href=\"https://security.cms.gov/learn/cybersecurity-risk-assessment-program-csrap\"\u003eCybersecurity and Risk Assessment Program\u003c/a\u003e (CSRAP).\u003c/p\u003e\u003ch3\u003eDocument the controls in the system security plan\u003c/h3\u003e\u003cp\u003eDocumentation on the baseline controls used to protect a system must be kept in the form of a \u003ca href=\"https://security.cms.gov/learn/system-security-and-privacy-plan-sspp\"\u003eSystem Security and Privacy Plan\u003c/a\u003e (SSPP). This is a key deliverable in the process of getting \u003ca href=\"https://security.cms.gov/learn/authorization-operate-ato\"\u003eAuthorization to Operate\u003c/a\u003e (ATO) for a FISMA system.\u003c/p\u003e\u003ch3\u003eMeet baseline security controls\u003c/h3\u003e\u003cp\u003eFederal systems must meet minimum security requirements. \u003ca href=\"https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final\"\u003eNIST SP 800-53\u003c/a\u003e outlines the suggested security controls for FISMA compliance. FISMA does not require an agency to implement every single control, but they must implement the controls relevant to their systems and their function. At CMS, standards for security controls are documented in the \u003ca href=\"https://security.cms.gov/policy-guidance/cms-acceptable-risk-safeguards-ars\"\u003eCMS Acceptable Risk Safeguards\u003c/a\u003e (ARS).\u003c/p\u003e\u003ch3\u003ePerform system risk categorization\u003c/h3\u003e\u003cp\u003eInformation systems must be categorized according to their risk levels to ensure that sensitive information and High Value Asset (HVA) systems are given the highest level of security. The categorization process considers the type of information contained in or processed by a system, and will determine what security controls are needed.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe categorization levels follow those prescribed in \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.199.pdf\"\u003eFIPS Publication 199 from NIST\u003c/a\u003e (Standards for Security Categorization of Federal Information and Information Systems).\u003c/p\u003e\u003cp\u003eAt CMS, system categorization happens in CFACTS and results in a categorization of “Low”, “Moderate”, or “High” depending on the level of impact that would occur if the information or the information system were compromised.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eImpact level LOW\u003c/strong\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003eA low impact level occurs when the loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eA limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eCause an interruption to mission capability, but CMS is still able to perform its primary functions\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eEffectiveness of functions is noticeably reduced\u003c/li\u003e\u003cli dir=\"ltr\"\u003eResult in minor damage to organizational assets\u003c/li\u003e\u003cli dir=\"ltr\"\u003eResult in minor financial loss\u003c/li\u003e\u003cli dir=\"ltr\"\u003eResult in minor harm to individuals\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eImpact level MODERATE\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eA moderate impact level occurs when the loss of confidentiality, integrity, or availability could be expected to have a \u003cstrong\u003eserious\u003c/strong\u003e adverse effect on organizational operations, organizational assets, or individuals.\u003c/p\u003e\u003cp\u003eA serious adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCause a \u003cstrong\u003esignificant\u003c/strong\u003e deterioration of mission capability, but CMS is still able to perform its primary functions\u0026nbsp;\u003c/li\u003e\u003cli\u003eEffectiveness of functions is noticeably reduced\u0026nbsp;\u003c/li\u003e\u003cli\u003eResult in significant damage to organizational assets\u003c/li\u003e\u003cli\u003eResult in significant financial loss\u003c/li\u003e\u003cli\u003eResult in significant harm to individuals that does not involve loss of life or serious life threatening injuries\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eImpact level HIGH\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eA high impact level occurs when the loss of confidentiality, integrity, or availability could be expected to have a \u003cstrong\u003esevere or catastrophic\u003c/strong\u003e adverse effect on organizational operations, organizational assets, or individuals.\u003c/p\u003e\u003cp\u003eA severe or catastrophic adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCause a \u003cstrong\u003esevere\u003c/strong\u003e degradation in or total loss of mission capability\u0026nbsp;\u003c/li\u003e\u003cli\u003eThe organization is \u003cstrong\u003enot\u003c/strong\u003e able to perform one or more of its primary functions\u003c/li\u003e\u003cli\u003eResult in \u003cstrong\u003emajor\u003c/strong\u003e damage to organizational assets\u003c/li\u003e\u003cli\u003eResult in major financial loss\u003c/li\u003e\u003cli\u003eResult in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries\u003c/li\u003e\u003c/ul\u003e"])</script><script>self.__next_f.push([1,"1a:T3796b,"])</script><script>self.__next_f.push([1,"\u003cp\u003eThere are federal laws, regulations, and policies outside of CMS that shape how security and privacy is managed inside CMS. This page contains a comprehensive list of these external requirements, and shows how they relate to the security and privacy policies and guidance at CMS.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDISCLAIMER:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cem\u003eThe laws, regulations, standards, and guidelines provided herein are considered a work in progress and are subject to continuous updates. While we strive to ensure the accuracy and relevance of the information presented, it is important to note that legislative changes, regulatory updates, or evolving standards may impact the content provided. Users are encouraged to regularly check for the latest revisions and consult official sources to ensure compliance with the most current legal and regulatory requirements. The information offered is intended for general informational purposes only and should not be construed as legal advice. Any reliance on the content provided is at the user's own risk. We reserve the right to modify, amend, or update the information without prior notice.\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eQUESTIONS OR COMMENTS?\u003c/strong\u003e Check out CMS Slack channel:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://cmsgov.slack.com/archives/C06KFL4RSSC\"\u003e# cms_fed_laws_policies\u003c/a\u003e\u003c/p\u003e\u003ch2\u003eFederal Laws\u003c/h2\u003e\u003cp\u003eLaws are passed by both branches of Congress and signed by the President. Laws establish requirements or prohibitions. This list contains all federal laws that relate to information security and privacy at CMS.\u003c/p\u003e\u003ch3\u003eFISMA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.cisa.gov/topics/cyber-threats-and-advisories/federal-information-security-modernization-act\"\u003eFederal Information Security Modernization Act of 2014 (FISMA 2014\u003c/a\u003e)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eFederal legislation that defines a framework of guidelines and security standards to protect government information and operations\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eFISMA 2014 amends the FISMA of 2002\u003c/p\u003e\u003ch3\u003eThe Privacy Act of 1974\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.justice.gov/opcl/overview-privacy-act-1974-2020-edition/introduction\"\u003eThe Privacy Act of 1974\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eEstablishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Sep 1975\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eHIPAA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html\"\u003eHealth Insurance Portability and Accountability Act (HIPAA) of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eFederal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patients consent or knowledge\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eHHS issued the Privacy Rule and the Security Rule to implement the requirement of HIPAA\u003c/p\u003e\u003ch3\u003eE-Government Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.justice.gov/opcl/e-government-act-2002\"\u003eE-Government Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eImproves the management of Federal e-government services and processes involving the collection, maintenance, or dissemination of public or personal information\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eSection 208 requires Privacy Impact Assessments (PIAs)\u003c/p\u003e\u003ch3\u003eFedRAMP\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.fedramp.gov/program-basics/\"\u003eFederal Risk and Authorization Management Program (FedRAMP)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eA government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003e2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eJoint Authorization Board (JAB)\u003c/li\u003e\u003cli\u003eDepartment of Defense (DoD)\u003c/li\u003e\u003cli\u003eDepartment of Homeland Security (DHS)\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eComputer Matching and Privacy Protection Act of 1988\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.congress.gov/bill/100th-congress/senate-bill/496\"\u003eComputer Matching and Privacy Protection Act of 1988\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eRequires agencies engaged in computer matching activities to provide notice to individuals if their information is being disclosed to other federal and state agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eSep 1988\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eGovernment Accountability Office (GAO)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSection 508\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.section508.gov/manage/laws-and-policies/\"\u003eSection 508 of the Rehabilitation Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eA federal law that requires agencies to provide individuals with disabilities equal access to electronic information and data comparable to those who do not have disabilities, unless an undue burden would be imposed on the agency\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003e1988\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eU.S. Access Board\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eAmended in 2000\u003c/p\u003e\u003ch3\u003eHSPD-12\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.dhs.gov/homeland-security-presidential-directive-12\"\u003eHomeland Security Presidential Directive 12 (HSPD-12)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eA Government-wide standard for a secure and reliable form of identification issued by the Federal government to its employees and employees of Federal contractors for access to Federally-controlled facilities and Government information systems\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFASCSA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.congress.gov/bill/115th-congress/senate-bill/3085/text\"\u003eFederal Acquisition Supply Chain Security Act (FASCSA) of 2018\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eTo establish a Federal Acquisition Security Council and to provide executive agencies with authorities relating to mitigating supply chain risks in the procurement of information technology, and for other purposes\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eGovernment Accountability Office (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFITARA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.cio.gov/handbook/it-laws/fitara-2014/\"\u003eFederal Information Technology Acquisition Reform Act (FITARA) of 2014\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eStrengthens the role of agency Chief Information Officers (CIOs) and provided greater accountability for the delivery of IT capabilities across the Federal Government\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eOMB M-15-14 implements\u003c/p\u003e\u003ch3\u003eMMA of 2003\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.ssa.gov/privacy/pia/Medicare%20Modernization%20Act%20(MMA)%20FY07.htm\"\u003eMedicare Prescription Drug, Improvement, and Modernization Act (MMA) of 2003\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eAmended section 1144 of the Social Security Act to require the Commissioner of Social Security to conduct additional outreach efforts to identify individuals entitled to benefits, or enrolled under the Medicare program under Title XVIII, who may be eligible for transitional assistance under the Medicare Prescription Drug Discount Card Program and premium and cost-sharing subsidies under the Prescription Drug Card Part D Program\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Health and Human Services (HHS) - Centers for MEDICARE \u0026amp; MEDICAID Services (CMS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eBuy America Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.gao.gov/products/105519\"\u003eBuy America Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eRequires Federal agencies to procure domestic materials and products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApr 1978\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eGovernment Accountability Office (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eNo TikTok on Government Devices Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.congress.gov/bill/117th-congress/senate-bill/1143\"\u003eNo TikTok on Government Devices Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eRequires the social media video application TikTok to be removed from the information technology of federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFOIA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.foia.gov/\"\u003eFreedom of Information Act (FOIA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eProvides that any person has the right to request access to federal agency records or information except to the extent the records are protected from disclosure by any of nine exemptions contained in the law or by one of three special law enforcement record exclusions\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1967\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Justice (DOJ)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eIG Act of 1978\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.ignet.gov/content/inspector-general-act-1978\"\u003eInspectors General Act (IG Act) of 1978\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eCreates Inspector General positions and offices in more than a dozen specific departments and agencies. The Act gave these inspectors general the authority to review the internal documents of their departments or offices. They were given responsibility to investigate fraud, to give policy advice (5 U.S.C. § 404; IG Act, sec. 4), to handle certain complaints by employees, and to report to the heads of their agencies and to Congress on their activities every six months\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1978\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eDOTGOV Act of 2020\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.federalregister.gov/documents/2022/07/26/2022-15670/federal-management-regulation-fmr-internet-gov-domain\"\u003eDOTGOV Online Trust in Government Act of 2020\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eTransfers the DotGov internet domain program, as operated by the General Services Administration under title 41, Code of Federal Regulations, to DHS CISA. The Act also orders that on the date CISA begins operational administration of the DotGov internet domain program, the GSA Administrator shall rescind the requirements in part 102173 of title 41, Code of Federal Regulations applicable to any Federal, State, local, or territorial government entity, or other publicly controlled entity, including any Tribal government recognized by the Federal Government or a State government that is registering or operating a DotGov internet domain. Finally, the DOTGOV orders that in place of the requirements in part 102173 of title 41, Code of Federal Regulations, CISA, in consultation with the Director of Management and Budget (OMB), shall establish and publish a new set of requirements for the registration and operation of DotGov domains.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003ePart of the Consolidated Appropriations Act, 2021\u003c/p\u003e\u003ch3\u003eGovernment Performance and Results Act (GPRA) of 1993\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.federalreserve.gov/publications/gpra.htm\"\u003eGovernment Performance and Results Act (GPRA) of 1993\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to prepare a strategic plan covering a multiyear period and requires each agency to submit an annual performance plan and an annual performance report.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 1993\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Acquisition Streamlining Act (FASA) of 1994\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/103rd-congress/senate-bill/1587\"\u003eFederal Acquisition Streamlining Act (FASA) of 1994\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Streamlines the federal governments acquisition system and dramatically changes the way the government performs its contracting functions. Generally, the statute seeks to: (1) increase the governments reliance on commercial goods and services; (2) streamline the procurement process for high volume, low value acquisitions; (3) improve access by small businesses to government contracting opportunities; (4) improve the bid protest process; and (5) extend the Truth in Negotiations Act to civilian agencies and raise the threshold for submitting certified cost or pricing data under that Act.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1994\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePaperwork Reduction Act (PRA) of 1995\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/104th-congress/senate-bill/244\"\u003ePaperwork Reduction Act (PRA) of 1995\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires that agencies obtain Office of Management and Budget (OMB) approval before requesting most types of information from the public. “Information collections” include forms, interviews, and record keeping, to name a few categories.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 1995\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Financial Management Improvement Act of 1996\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/104th-congress/house-bill/4319\"\u003eFederal Financial Management Improvement Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Advances Federal financial management by ensuring that Federal financial management systems provide accurate, reliable, and timely financial management information to the governments managers.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eSep 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eClinger-Cohen Act of 1996\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/clinger-cohen-act/\"\u003eClinger-Cohen Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The IT Management Reform Act (ITMRA) and the Federal Acquisition Reform Act (FARA) together make up the Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Records Act (FRA) (Records Management Act of 1950)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://presidentialtransition.org/wp-content/uploads/sites/6/2020/11/Federal-Records-Act-Overview.pdf\"\u003eRecords Management Act of 1950 / Federal Records Act (FRA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Designed to ensure that institutional records of vital historical, fiscal and legal value are identified and preserved by the government, providing the public with a historical record of federal; decision-making.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1950\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eNational Archives and Records Administration (NARA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSection 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.acquisition.gov/Section-889-Policies\"\u003eSection 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prohibits the Federal Government from procuring or obtaining, or extending or renewing a contract to procure or obtain “any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system,” on or after August 13, 2019, unless an exception applies or a waiver is granted.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Defense (DoD)\u003c/li\u003e\u003cli\u003eNational Aeronautics and Space Administration (NASA)\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFITARA Enhancement Act of 2017\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/115th-congress/house-bill/3243\"\u003eFITARA Enhancement Act of 2017\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e An act to amend title 40, United States Code, to eliminate the sunset of certain provisions relating to information technology, to amend the National Defense Authorization Act for Fiscal Year 2015 to extend the sunset relating to the Federal Data Center Consolidation Initiative, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eMaking Electronic Government Accountable by Yielding Tangible Efficiencies (MEGABYTE) Act of 2016\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/114th-congress/house-bill/4904/text\"\u003eMaking Electronic Government Accountable by Yielding Tangible Efficiencies (MEGABYTE) Act of 2016\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the Director of the Office of Management and Budget to issue a directive on the management of software licenses by the US federal government.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eStrengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure (SECURE) Technology Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/115th-congress/house-bill/7327/text\"\u003eStrengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure (SECURE) Technology Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the Secretary of Homeland Security to establish a security vulnerability disclosure policy, to establish a bug bounty program for the Department of Homeland Security, to amend title 41, United States Code, to provide for Federal acquisition supply chain security, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eCommunications Act of 1934\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1288\"\u003eCommunications Act of 1934\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Combined and organized federal regulation of telephone, telegraph, and radio communications. The Act created the Federal Communications Commission (FCC) to oversee and regulate these industries. The Act is updated periodically to add provisions governing new communications technologies, such as broadcast, cable and satellite television.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJun 1934\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eFederal Communications Commission (FCC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eWorkforce Innovation and Opportunities Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.dol.gov/agencies/eta/wioa\"\u003eWorkforce Innovation and Opportunities Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Designed to strengthen and improve our nation's public workforce system and help get Americans, including youth and those with significant barriers to employment, into high-quality jobs and careers and help employers hire and retain skilled workers.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Labor (DOL)\u003c/li\u003e\u003cli\u003eDepartment of Education (ED)\u003c/li\u003e\u003cli\u003eDepartment of Health and Human Services (HHS)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eChildrens Online Privacy Protection Act (COPPA) of 1998\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa\"\u003eChildrens Online Privacy Protection Act (COPPA) of 1998\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApr 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eFederal Trade Commission (FTC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGovernment Paperwork Elimination Act of 1998\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/gpea/\"\u003eGovernment Paperwork Elimination Act of 1998\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e It requires Federal agencies, by October 21, 2003, to provide individuals or entities that deal with agencies the option to submit information or transact with the agency electronically, and to maintain records electronically, when practicable.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Property and Administrative Services Act of 1949\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/USCODE-2011-title40/html/USCODE-2011-title40-subtitleI-chap1.htm\"\u003eFederal Property and Administrative Services Act of 1949\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the General Services Administration (GSA). The act also provides for various Federal Standards to be published by the GSA.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1949\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eGeneral Services Administration (GSA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eInformation Quality Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/information-quality-act/\"\u003eInformation Quality Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the OMB to promulgate guidance to agencies ensuring the quality, objectivity, utility, and integrity of information (including statistical information) disseminated by Federal agencies.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSmall Business Paperwork Relief Act of 2002\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.sba.gov/document/policy-guidance--small-business-paperwork-relief-act-2002\"\u003eSmall Business Paperwork Relief Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Institutes a process to reduce paperwork, and introduces measures to make it easier for small businesses to comply with the law.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJun 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eCyber Security Research and Development Act of 2002\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/107th-congress/house-bill/3394\"\u003eCyber Security Research and Development Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Authorizes appropriations to the National Science Foundation (NSF) and to the Secretary of Commerce for the National Institute of Standards and Technology (NIST) to establish new programs, and to increase funding for certain current programs, for computer and network security (CNS) research and development and CNS research fellowships.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eNational Science Foundation (NSF)\u003c/li\u003e\u003cli\u003eNational Institute of Standards and Technology (NIST)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eImplementing Recommendations of the 9/11 Commission Act of 2007\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/110th-congress/house-bill/1\"\u003eImplementing Recommendations of the 9/11 Commission Act of 2007\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides for implementation of recommendations of the National Commission on Terrorist Attacks Upon the United States (9/11 Commission).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Cybersecurity Workforce Assessment Act (FCWAA) of 2015\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/113/plaws/publ246/PLAW-113publ246.pdf\"\u003eFederal Cybersecurity Workforce Assessment Act (FCWAA) of 2015\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the Secretary of Homeland Security to assess the cybersecurity workforce of the Department of Homeland Security and develop a comprehensive workforce strategy, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eWhistleblower Protection Act of 1989\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/101st-congress/senate-bill/20\"\u003eWhistleblower Protection Act of 1989\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prohibits retaliation against most executive branch employees when they blow the whistle on \u0026nbsp;ignificant agency wrongdoing or when they engage in protected conduct.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApr 1989\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Special Counsel\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eComputer Security Act of 1987\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/100th-congress/house-bill/145/all-info\"\u003eComputer Security Act of 1987\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides for a computer standards program within the National Bureau of Standards, to provide for Government-wide computer security, and to provide for the training in security matters of persons who are involved in the management, operation, and use of Federal computer systems, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJan 1988\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eNational Institute of Standards and Technology (NIST)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eOffice of Federal Procurement Policy Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/omb/management/office-federal-procurement-policy/\"\u003eOffice of Federal Procurement Policy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The Office of Federal Procurement Policy (OFPP) was established by Congress in 1974 to provide overall direction for government-wide procurement policies, regulations and procedures and to promote economy, efficiency, and effectiveness in acquisition processes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Aug 1974\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Activities Inventory Reform (FAIR) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/105/plaws/publ270/PLAW-105publ270.pdf\"\u003eFederal Activities Inventory Reform (FAIR) Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to submit to the Office of Management and Budget inventories of commercial activities performed by federal employees every year by June 30.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Oct 1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eBudget and Accounting Act of 1921\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/D03855.pdf\"\u003eBudget and Accounting Act of 1921\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides a national budget system and an independent audit of Government accounts, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jun 1921\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Managers' Financial Integrity Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/omb/financial_fmfia1982\"\u003eFederal Managers Financial Integrity Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the statutory basis for managements responsibility for and assessment of accounting and administrative internal controls. Such controls include program, operational, and administrative areas, as well as accounting and financial management.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Sep 1982\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSarbanes-Oxley Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://sarbanes-oxley-act.com/\"\u003eSarbanes-Oxley Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Contains provisions affecting corporate governance, risk management, auditing, and financial reporting of public companies, including provisions intended to deter and punish corporate accounting fraud and corruption.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jul 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003ePublic Company Accounting Oversight Board (PCAOB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eDigital Accountability and Transparency Act (DATA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/113/plaws/publ101/PLAW-113publ101.pdf\"\u003eDigital Accountability and Transparency Act (DATA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to prepare and submit standardized, accurate information about their spending.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e May 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eDepartment of Treasury\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eElectronic Signatures in Global and National Commerce (E-Sign) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/PLAW-106publ229/pdf/PLAW-106publ229.pdf\"\u003eElectronic Signatures in Global and National Commerce (E-Sign) Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Facilitates the use of electronic records and signatures in interstate or foreign commerce.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jun 2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Commerce\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eSpecifies that, in the United States, the use of an electronic signature (e-signature) is as legally valid as a traditional signature written in ink on paper.\u003c/p\u003e\u003ch3\u003eChief Financial Officers Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/cfo-act/\"\u003eChief Financial Officers Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Gives OMB new authority and responsibility for directing federal financial management, modernizing the governments financial management systems, and strengthening financial reporting.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 1990\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eHomeland Security Act of 2002\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.dhs.gov/homeland-security-act-2002\"\u003eHomeland Security Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Established the Department of Homeland Security\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eHealth Information Technology for Economic and Clinical Health (HITECH) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html\"\u003eHITECH Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Part of the American Recovery and Reinvestment Act of 2009 that incentivized the meaningful use of Electronic Health Records (EHRs) and strengthened the privacy and security provisions of HIPAA.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Health and Human Services (HHS)\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePatient Protection and Affordable Care Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/3590\"\u003ePatient Protection and Affordable Care Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensures that all Americans have access to quality, affordable health care and will create the transformation within the health care system necessary to contain costs.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMar 2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGovernment Performance and Results Act (GPRA) Modernization Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/111/plaws/publ352/PLAW-111publ352.pdf\"\u003eGovernment Performance and Results Act (GPRA) Modernization Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e An amended version of the Government Performance and Results Act of 1993, it requires each executive agency to make its strategic plan available on its public website and to the OMB on the first Monday in February of any year following that in which the term of the President commences and to notify the President and Congress.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJan 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGenetic Information Nondiscrimination Act (GINA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/PLAW-110publ233/pdf/PLAW-110publ233.pdf\"\u003eGenetic Information Nondiscrimination Act (GINA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Protects individuals against discrimination based on their genetic information in health coverage and in employment.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eEconomy Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.acquisition.gov/node/29803/printable/pdf\"\u003eEconomy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Authorizes agencies to enter into agreements to obtain \u003cem\u003esupplies\u003c/em\u003e or services from another agency.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 1933\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Federal Acquistition Regulations (FAR)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eIPERIA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/112/plaws/publ248/PLAW-112publ248.pdf\"\u003eImproper Payments Elimination and Recovery Improvement Act (IPERIA) of 2012\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides guidance on monitoring and reporting improper payments, and requires agencies to continue their review of programs and activities annually to identify those susceptible to significant improper payments and updates the definition of significant improper payments.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJan 2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eAntideficiency Act (ADA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/legal/appropriations-law/resources\"\u003eAntideficiency Act (ADA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prohibits federal agencies from obligating or expending federal funds in advance or in excess of an appropriation, and from accepting voluntary services.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eSep 1982\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Government Accountability Offices (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eBudget Control Act of 2011\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/112/plaws/publ25/PLAW-112publ25.pdf\"\u003eBudget Control Act of 2011\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Amends the Balanced Budget and Emergency Deficit Control Act of 1985 (Gramm-Rudman-Hollings Act) to revise sequestration requirements for enforcement of discretionary spending limits (spending caps).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Activities Inventory Reform (FAIR) Act of 1998\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/105/plaws/publ270/PLAW-105publ270.pdf\"\u003eFederal Activities Inventory Reform (FAIR) Act of 1998\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to submit to the Office of Management and Budget inventories of commercial activities performed by federal employees every year by June 30.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eTelework Enhancement Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/1722/text\"\u003eTelework Enhancement Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the head of each executive agency to: (1) establish a policy under which eligible agency employees may be authorized to telework; (2) determine employee eligibility to participate in telework; and (3) notify all employees of their eligibility to telework.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Personnel Management (OPM)\u003c/li\u003e\u003cli\u003eFederal Emergency Management Agency (FEMA)\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eNational Archives and Records Administration (NARA)\u003c/li\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eDepartment of Homeland Security (DHS)\u003c/li\u003e\u003cli\u003eNational Institute of Standards and Technology (NIST)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePlain Writing Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/PLAW-111publ274/pdf/PLAW-111publ274.pdf\"\u003ePlain Writing Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the effectiveness and accountability of Federal agencies to the public by promoting clear Government communication that the public can understand and use.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eConsolidated Appropriations Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/111/plaws/publ117/PLAW-111publ117.pdf\"\u003eConsolidated Appropriations Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e An act making appropriations for the Departments of Transportation, and Housing and Urban Development, and related agencies for the fiscal year ending September 30, 2010, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Dec 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/3288\"\u003eMultiple agencies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e Many agencies oversee the guidance for this Act\u003c/p\u003e\u003ch3\u003eAmerican Recovery and Reinvestment Act of 2009\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/1/text\"\u003eAmerican Recovery and Reinvestment Act of 2009\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Developed in response to the Great Recession, the primary objective of this federal statute was to save existing jobs and create new ones as soon as possible. Other objectives were to provide temporary relief programs for those most affected by the recession and invest in infrastructure, education, health, and renewable energy.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/1\"\u003eMultiple agencies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e Many agencies oversee the guidance for this Act\u003c/p\u003e\u003ch3\u003eProject BioShield Act of 2004\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/108th-congress/senate-bill/15/text\"\u003eProject BioShield Act of 2004\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Project BioShield was established to help incentivize private industry to develop vitally needed medical countermeasures by providing multi-year funding to support advanced research, clinical development, manufacture and procurement.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003ePublic Health Service Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.ssa.gov/policy/docs/ssb/v7n8/v7n8p15.pdf\"\u003ePublic Health Service Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Consolidates and revises the laws relating to the Public Health Service.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1944\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003eIntelligence Reform and Terrorism Prevention Act of 2004\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/108th-congress/senate-bill/2845/text\"\u003eIntelligence Reform and Terrorism Prevention Act of 2004\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Reforms the intelligence community and the intelligence and intelligence-related activities of the United States Government, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003eElectronic Freedom of Information Act Amendments of 1996\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/104/plaws/publ231/PLAW-104publ231.htm\"\u003eElectronic Freedom of Information Act Amendments of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The Freedom of Information Act (FOIA) established the public's right of access to government information, on the basis of openness and accountability. The 1996 Electronic Freedom of Information Act (e-FOIA) Amendments extended these principles to include electronic access to information.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Oct 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Justice (DoJ)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003eClarifying Lawful Overseas Use of Data (CLOUD) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2022/07/06/2022-14320/office-of-the-attorney-general-clarifying-lawful-overseas-use-of-data-act-attorney-general\"\u003eClarifying Lawful Overseas Use of Data (CLOUD) Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Lifts certain restrictions under U.S. law on companies disclosing electronic data, in response to qualifying, lawful orders in investigations of serious crime, directly to a qualifying foreign government with which the United States has entered into an executive agreement governing access by the foreign government to covered data.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jul 2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Justice (DoJ)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eFederal Regulations\u003c/h2\u003e\u003cp\u003eRegulations are published by executive branch agencies to clarify their interpretation of a law and how a law will be implemented. Regulations also state requirements or prohibitions. This list contains all federal regulations that relate to information security and privacy at CMS.\u003c/p\u003e\u003ch3\u003eB.O.D. 18-01\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/news-events/directives/bod-18-01-enhance-email-and-web-security\"\u003eBinding Operational Directive (B.O.D) 18-01: Enhance Email and Web Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Enhances the security of federal agencies' email and web systems to protect against cyber threats. The directive outlines specific actions that federal agencies must take to improve their email and web security posture, including implementing specific security protocols, enhancing monitoring capabilities, and strengthening authentication mechanisms.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Oct 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eB.O.D. 18-02\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.cisa.gov/news-events/directives/bod-18-02-securing-high-value-assets\"\u003eBinding Operation Directive (B.O.D.) 18-02 - Security High Value Assets (HVAs)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eEnhances the Department of Homeland Security's coordinated approach to securing the federal governments HVAs from cybersecurity threats\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eFISMA 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eB.O.D. 20-01\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/news-events/directives/bod-20-01-develop-and-publish-vulnerability-disclosure-policy\"\u003eBinding Operation Directive (B.O.D) 20-01: Develop and Publish a Vulnerability Disclosure Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires each agency to develop and publish a vulnerability disclosure policy (VDP) and maintain supporting handling procedures.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Sep 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law:\u003c/strong\u003e OMB M-20-32\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.D. 19-01\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/news-events/directives/ed-19-01-mitigate-dns-infrastructure-tampering\"\u003eEmergency Directive (E.D.) 19-01: Mitigate DNS Infrastructure Tampering\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires agencies take near-term actions to mitigate risks from undiscovered tampering, enable agencies to prevent illegitimate DNS activity for their domains, and detect unauthorized certificates.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jan 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law:\u003c/strong\u003e Homeland Security Act of 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eThe Privacy Rule\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html\"\u003eThe Privacy Rule\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eAssures that individuals' health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well being\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eHIPAA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Health and Human Services (DHHS or HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eRegulation that implements HIPAA requirements\u003c/p\u003e\u003ch3\u003eThe Security Rule\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html\"\u003eThe Security Rule\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eEstablishes standards and safeguards for the secure handling of electronic protected health information (ePHI) by healthcare entities, aiming to ensure the confidentiality, integrity, and availability of sensitive health data\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eHIPAA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Health and Human Services (DHHS or HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eRegulation that implements HIPAA requirements\u003c/p\u003e\u003ch3\u003eFAR\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.acquisition.gov/sites/default/files/current/far/pdf/FAR.pdf\"\u003eFederal Acquisition Regulation (FAR)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003ePrimary regulation for use by all executive agencies in their acquisition of supplies and services with appropriated funds\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApril 1984\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eCompetition in Contracting Act of 1984 - FAR: Title 48 of the Code of Federal Regulations (CFR).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eGeneral Services Administration (GSA), Department of \u0026nbsp;Defense (DOD), \u0026amp; National Aeronautics and Space Administration (NASA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Accounting Standards Advisory Board (FASAB)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://fasab.gov/accounting-standards/\"\u003eFederal Accounting Standards Advisory Board (FASAB)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Primary regulation for use by all executive agencies in their acquisition of supplies and services with appropriated funds\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1990\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eCompetition in Contracting Act of 1984 - FAR: Title 48 of the Code of Federal Regulations (CFR).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Treasury, Office of Management and Budget (OMB), \u0026amp; Government Accountability Office (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eFederal Information Processing Standards (FIPS) Publications\u003c/h2\u003e\u003cp\u003eFederal Information Processing Standards (FIPS) are standards and guidelines for federal computer systems that are developed by \u003ca href=\"https://security.cms.gov/learn/national-institute-standards-and-technology-nist\"\u003eNational Institute of Standards and Technology (NIST)\u003c/a\u003e in accordance with the \u003ca href=\"https://security.cms.gov/learn/federal-information-security-modernization-act-fisma\"\u003eFederal Information Security Management Act (FISMA)\u003c/a\u003e and approved by the Secretary of Commerce.\u003c/p\u003e\u003cp\u003eFIPS Standards can be viewed and downloaded from the NIST Computer Security Resource Center (CSRC) website here: \u003ca href=\"https://csrc.nist.gov/publications/fips\"\u003eFIPS publications\u003c/a\u003e\u003c/p\u003e\u003cp\u003eAnswers to Frequently Asked Questions about FIPS can be found on the NIST website here: \u003ca href=\"https://www.nist.gov/standardsgov/compliance-faqs-federal-information-processing-standards-fips\"\u003eFIPS FAQs\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThis list contains all FIPS publications that relate to information security and privacy at CMS.\u003c/p\u003e\u003ch3\u003eFIPS-202\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/202/final\"\u003eSHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e8/4/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 201-3\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/201-3/final\"\u003ePersonal Identity Verification (PIV) of Federal Employees and Contractors\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e1/24/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 200\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/200/final\"\u003eMinimum Security Requirements for Federal Information and Information Systems\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e3/1/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 199\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/199/final\"\u003eStandards for Security Categorization of Federal Information and Information Systems\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e2/1/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 198-1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/198-1/final\"\u003eThe Keyed-Hash Message Authentication Code (HMAC)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e7/16/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 197\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/197/final\"\u003eAdvanced Encryption Standard (AES)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e5/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 186-5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/186-5/final\"\u003eDigital Signature Standard (DSS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e2/13/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 180-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/180-4/upd1/final\"\u003eSecure Hash Standard (SHS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e8/4/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 140-3\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/140-3/final\"\u003eSecurity Requirements for Cryptographic Modules\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e3/22/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eNIST S.P. Guidelines\u003c/h2\u003e\u003cp\u003eFIPS Publications may reference specific NIST Special Publications (S.P.) guidelines (SP800) and/or practices (SP1800), in which that guideline or practice becomes a governance policy for CMS FISMA systems.\u003c/p\u003e\u003cp\u003eAll NIST Special Publications (SP 500, SP800 and SP1800) can be viewed and downloaded from the NIST Computer Security Resource Center (CSRC) website here: \u003ca href=\"https://csrc.nist.gov/publications/sp\"\u003eNIST S.P. list\u003c/a\u003e\u003c/p\u003e\u003cp\u003eNIST S.P. descriptions can be found on the NIST website here: \u003ca href=\"https://www.nist.gov/nist-research-library/nist-special-publication-subseries-descriptions\"\u003eNIST S.P. descriptions\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThe following list consists of NIST S.P.s that are CMS FISMA governance policy by way of FIPS references.\u003c/p\u003e\u003ch3\u003e500-267A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-267Ar1.pdf\"\u003eNIST IPv6 Profile\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e500-267B\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-267Br1.pdf\"\u003eUSGv6 Profile\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e500-281A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=929798\"\u003eUSGv6 Test Program Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e500-281B\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-281Br1.pdf\"\u003eUSGv6 Test Methods: General Description and Validation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-16\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/16/final\"\u003eInformation Technology Security Training Requirements: a Role- and Performance-Based Model\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-18 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/18/r1/final\"\u003eGuide for Developing Security Plans for Federal Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 200\u003c/p\u003e\u003ch3\u003e800-30\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/30/r1/final\"\u003eGuide for Conducting Risk Assessments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-34\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://www.nist.gov/privacy-framework/nist-sp-800-34\"\u003eContingency Planning Guide for Federal Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-37 Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/37/r2/final\"\u003eRisk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-38 (A-G)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/publications/sp800\"\u003eRecommendation for Block Cipher Modes: *\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 197\u003c/p\u003e\u003ch3\u003e800-39\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/39/final\"\u003eManaging Information Security Risk: Organization, Mission, and Information System View\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-40\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/40/r4/final\"\u003eGuide to Enterprise Patch Management Planning: Preventive Maintenance for Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-41\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/41/r1/final\"\u003eGuidelines on Firewalls and Firewall Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-46\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/46/r2/final\"\u003eGuide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-50\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/50/final\"\u003eBuilding an Information Technology Security Awareness and Training Program\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-51\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/51/r1/final\"\u003eGuide to Using Vulnerability Naming Schemes\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-52\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/52/r2/final\"\u003eGuidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-53 Rev. 5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final\"\u003eSecurity and Privacy Controls for Information Systems and Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-53A Rev. 5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/a/r5/final\"\u003eAssessing Security and Privacy Controls in Information Systems and\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/a/r5/final\"\u003eOrganizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-56A\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/56/a/r3/final\"\u003eRecommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-56B Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/56/b/r2/final\"\u003eRecommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-57 Part 1 Rev. 5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/57/pt1/r5/final\"\u003eRecommendation for Key Management - Part 1: General\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-57 Part 3 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/57/pt3/r1/final\"\u003eRecommendation for Key Management, Part 3: Application-Specific Key Management Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-59\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/59/final\"\u003eGuideline for Identifying an Information System as a National Security System\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-60 Vol. 1 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/60/v1/r1/final\"\u003eGuide for Mapping Types of Information and Information Systems to Security Categories\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 200\u003c/p\u003e\u003ch3\u003e800-61\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/61/r2/final\"\u003eComputer Security Incident Handling Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-63-3\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\"\u003eDigital Identity Guidelines\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-63A\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/a/upd2/final\"\u003eDigital Identity Guidelines: Enrollment and Identity Proofing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-63B\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/b/upd2/final\"\u003eDigital Identity Guidelines: Authentication and Lifecycle Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-63C\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/c/upd2/final\"\u003eDigital Identity Guidelines: Federation and Assertions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-70\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/70/r4/final\"\u003eNational Checklist Program for IT Products: Guidelines for Checklist Users and Developers\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-73-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/73/4/upd1/final\"\u003eInterfaces for Personal Identity Verification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-76-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/76/2/final\"\u003eBiometric Specifications for Personal Identity Verification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-78-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/78/4/final\"\u003eCryptographic Algorithms and Key Sizes for Personal Identity Verification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-79-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/79/2/final\"\u003eGuidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-81\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/81/2/final\"\u003eSecure Domain Name System (DNS) Deployment Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-85A-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/85/a/4/final\"\u003ePIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-87 Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/87/r2/final\"\u003eCodes for Identification of Federal and Federally-Assisted Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-88\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/88/r1/final\"\u003eGuidelines for Media Sanitization\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-89\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/89/final\"\u003eRecommendation for Obtaining Assurances for Digital Signature\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://csrc.nist.gov/pubs/sp/800/89/final\"\u003eApplications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-90A Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/90/a/r1/final\"\u003eRecommendation for Random Number Generation Using Deterministic Random Bit Generators\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-94\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/94/final\"\u003eGuide to Intrusion Detection and Prevention Systems (IDPS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-96\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/96/final\"\u003ePIV Card to Reader Interoperability Guidelines\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-97\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/97/final\"\u003eEstablishing Wireless Robust Security Networks: A Guide to IEEE 802.11i\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-102\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/102/final\"\u003eRecommendation for Digital Signature Timeliness\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-107\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/107/r1/final\"\u003eRecommendation for Applications Using Approved Hash Algorithms\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003cli\u003eFIPS 202\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-111\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/111/final\"\u003eGuide to Storage Encryption Technologies for End User Devices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 197\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-115\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/115/final\"\u003eTechnical Guide to Information Security Testing and Assessment\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-116 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/116/r1/final\"\u003eGuidelines for the Use of PIV Credentials in Facility Access\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-119\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/119/final\"\u003eGuidelines for the Secure Deployment of IPv6\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-122\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/122/final\"\u003eGuide to Protecting the Confidentiality of Personally Identifiable Information (PII)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-124\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/124/r2/final\"\u003eGuidelines for Managing the Security of Mobile Devices in the Enterprise\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-126\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/126/r3/final\"\u003eThe Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-128\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/128/upd1/final\"\u003eGuide for Security-Focused Configuration Management of Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-131A Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/131/a/r2/final\"\u003eTransitioning the Use of Cryptographic Algorithms and Key Lengths\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-133 Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/133/r2/final\"\u003eRecommendation for Cryptographic Key Generation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 197\u003c/p\u003e\u003ch3\u003e800-137\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/137/final\"\u003eInformation Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-140\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/final\"\u003eFIPS 140-3 Derived Test Requirements (DTR): CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/a/final\"\u003eCMVP Documentation Requirements: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140B Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/b/r1/final\"\u003eCryptographic Module Validation Program (CMVP) Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140C Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/c/r2/final\"\u003eCryptographic Module Validation Program (CMVP)-Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140D Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/d/r2/final\"\u003eCryptographic Module Validation Program (CMVP)-Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140E\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/e/final\"\u003eCMVP Approved Authentication Mechanisms: CMVP Validation Authority Requirements for ISO/IEC 19790 Annex E and ISO/IEC 24579 Section 6.17\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140F\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/f/final\"\u003eCMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-144\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/144/final\"\u003eGuidelines on Security and Privacy in Public Cloud Computing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-145\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/145/final\"\u003eThe NIST Definition of Cloud Computing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-152\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/152/final\"\u003eA Profile for U.S. Federal Cryptographic Key Management Systems (CKMS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 197\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-153\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/153/final\"\u003eGuidelines for Securing Wireless Local Area Networks (WLANs)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-156\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/156/final\"\u003eRepresentation of PIV Chain-of-Trust for Import and Export\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-157\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/157/final\"\u003eGuidelines for Derived Personal Identity Verification (PIV) Credentials\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-157\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/157/final\"\u003eGuidelines for Derived Personal Identity Verification (PIV) Credentials\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-163\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/163/r1/final\"\u003eVetting the Security of Mobile Applications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-167\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/167/final\"\u003eGuide to Application Whitelisting\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-171\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final\"\u003eProtecting Controlled Unclassified Information in Nonfederal Systems and Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-175A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/175/a/final\"\u003eGuideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-175B\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/175/b/r1/final\"\u003eGuideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 197\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 202\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-177\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/177/r1/final\"\u003eTrustworthy Email\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-181\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/181/r1/final\"\u003eWorkforce Framework for Cybersecurity (NICE Framework)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-186\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/186/final\"\u003eRecommendations for Discrete-Logarithm Based Cryptography: Elliptic Curve Domain Parameters\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 186\u003c/p\u003e\u003ch3\u003e800-207\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/207/final\"\u003eZero Trust Architecture\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-217\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/217/ipd\"\u003eGuidelines for the Use of Personal Identity Verification (PIV) Credentials with Federation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-219\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/219/r1/final\"\u003eAutomated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eExecutive Orders (E.O.)\u003c/h2\u003e\u003cp\u003eAn Executive Order (E.O.) is a signed, written, and published directive from the President of the United States that manages operations of the federal government. They are numbered consecutively, so executive orders may be referenced by their assigned number, or their topic. This list contains all E.O.s that relate to information security and privacy.\u003c/p\u003e\u003ch3\u003eE.O 9397\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.ssa.gov/foia/html/EO9397.htm\"\u003eNumbering System for Federal Accounts Relating to Individual Persons\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes a centralized numbering system for federal accounts relating to individual persons in the United States.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e November 30, 1943\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Social Security Administration (SSA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 11609\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.archives.gov/federal-register/codification/executive-order/11609.html\"\u003eDelegating certain functions vested in the President to other officers of the Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Grants certain, presidential authorities to the GSA without approval, ratification, or other action of the President.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 22, 1971\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e General Services Administration (GSA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13011\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/CFR-1997-title3-vol1/html/CFR-1997-title3-vol1-eo13011.htm\"\u003eFederal Information Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Aimed to improve the management and utilization of IT resources across federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 16, 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eDHS\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eE.O 13381\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2005/06/30/05-13098/strengthening-processes-relating-to-determining-eligibility-for-access-to-classified-national\"\u003eStrengthening Processes Relating to Determining Eligibility for Access to Classified National Security Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Assists in determining eligibility for access to classified national security information, while taking appropriate account of title III of Public Law 108-458\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jun 2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13402\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2006/05/15/06-4552/strengthening-federal-efforts-to-protect-against-identity-theft\"\u003eStrengthening Federal Efforts To Protect Against Identity Theft\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Strengthens efforts to protect against identity theft\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13439\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2007/07/20/07-3593/establishing-an-interagency-working-group-on-import-safety\"\u003eEstablishing an Interagency Working Group on Import Safety\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensures that the executive branch takes all appropriate steps to promote the safety of imported products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jul 2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e HHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13520\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/executive-order-reducing-improper-payments\"\u003eReducing Improper Payments and Eliminating Waste in Federal Programs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Reduces payment errors and eliminating waste, fraud, and abuse in Federal programs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Nov 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13526\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.archives.gov/isoo/policy-documents/cnsi-eo.html\"\u003eClassified National Security Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prescribes a uniform system for classifying, safeguarding, and declassifying national security information, including information relating to defense against transnational terrorism\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Dec 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Information Security Oversight Office\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13556\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.commerce.gov/sites/default/files/2022-02/Controlled-Unclassified-Information-Policy.pdf\"\u003eControlled Unclassified Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes an open and uniform program for managing unclassified information requiring safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Aug 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e National Archives \u0026amp; Records Administration (NARA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13571\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/04/27/executive-order-13571-streamlining-service-delivery-and-improving-custom\"\u003eStreamlining Service Delivery and Improving Customer Service\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the quality of service to the public by the Federal Government\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Apr 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13576\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/06/13/executive-order-13576-delivering-efficient-effective-and-accountable-gov\"\u003eDelivering an Efficient, Effective, and Accountable Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Aims to cut waste, streamline Government operations, and reinforce the performance and management reform gains the Obama Administration has achieved\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jun 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13583\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/08/18/executive-order-13583-establishing-coordinated-government-wide-initiativ\"\u003eEstablishing a Coordinated Government-wide Initiative to Promote Diversity and Inclusion in the Federal Workforce\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Promotes the Federal workplace as a model of equal opportunity, diversity, and inclusion\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Aug 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOPM\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003ePresidents Management Council (PMC)\u003c/li\u003e\u003cli\u003eEqual Employment Opportunity Commission (EEOC)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13589\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/11/09/executive-order-13589-promoting-efficient-spending\"\u003ePromoting Efficient Spending\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Further promote efficient spending in the Federal Government\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Nov 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13636\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity\"\u003eImproving Critical Infrastructure Cybersecurity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Designed to increase the level of core capabilities for our critical infrastructure to manage cyber risk. It does this by focusing on three key areas: (1) information sharing, (2) privacy, and (3) the adoption of cybersecurity practices.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 12, 2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eDHS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13642\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/01/31/executive-order-13564-presidents-council-jobs-and-competitiveness\"\u003eThe President's Council on Jobs and Competitiveness\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Aims to strengthen the Nation's economy and ensure the competitiveness of the United States and to create jobs, opportunity, and prosperity for the American people by ensuring the availability of non partisan advice to the President from participants in and experts on the economy\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jan 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Department of Treasury\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13681\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2014/10/17/executive-order-improving-security-consumer-financial-transactions\"\u003eImproving the Security of Consumer Financial Transactions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the security of consumer financial transactions in both the private and public sectors\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e October 17, 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Treasury\u003c/li\u003e\u003cli\u003eDepartment of Justice\u003c/li\u003e\u003cli\u003eDepartment of Commerce\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eSocial Security Administration (SSA)\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC)\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003eDHS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13719\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2016/02/09/executive-order-establishment-federal-privacy-council\"\u003eEstablishment of the Federal Privacy Council\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The Federal Privacy Council is the principal interagency forum to improve the privacy practices of agencies and entities acting on their behalf.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 9, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Federal Privacy Council (FPC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13800\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/topics/cybersecurity-best-practices/executive-order-strengthening-cybersecurity-federal-networks-and-critical-infrastructure\"\u003eStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Modernizes federal information technology infrastructure, working with state and local government and private sector partners to more fully secure critical infrastructure, and collaborating with foreign allies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 11, 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13833\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2018/05/18/2018-10855/enhancing-the-effectiveness-of-agency-chief-information-officers\"\u003eEnhancing the Effectiveness of Agency Chief Information Officers\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Strengthens the role and responsibilities of Chief Information Officers (CIOs) within federal agencies to improve the efficiency and effectiveness of IT management\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 15, 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13834\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2018/05/22/2018-11101/efficient-federal-operations\"\u003eEfficient Federal Operations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the efficiency, effectiveness, and accountability of federal agencies in managing their operations and resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 17, 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13859\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2019/02/14/2019-02544/maintaining-american-leadership-in-artificial-intelligence\"\u003eMaintaining American Leadership in Artificial Intelligence\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Identifies five key lines of effort, including increasing AI research investment, unleashing Federal AI computing and data resources, setting AI technical standards, building Americas AI workforce, and engaging with international allies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Feb 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e National AI Initiative Office\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eTo oversee and implement the U.S. national AI strategy, the White House established the National Artificial Intelligence Initiative Office in early January 2021, in accordance with the National AI Initiative Act of 2020 (still a bill as of Feb 2024)\u003c/p\u003e\u003ch3\u003eE.O 13873\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2019/05/17/2019-10538/securing-the-information-and-communications-technology-and-services-supply-chain\"\u003eSecuring the Information and Communications Technology and Services Supply Chain\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Strengthens efforts to prevent foreign adversaries from exploiting vulnerabilities in the ICT supply chain and protect the vast amount of sensitive information being stored in and communicated through ICT products and services\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Commerce\u003c/li\u003e\u003cli\u003eCISA\u003c/li\u003e\u003cli\u003eICT SCRM Task Force\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13960\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2020/12/08/2020-27065/promoting-the-use-of-trustworthy-artificial-intelligence-in-the-federal-government\"\u003ePromoting the Use of Trustworthy Artificial Intelligence in the Federal Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes principles for the use of AI in the Federal Government, establishes a common policy for implementing the principles, directs agencies to catalogue their AI use cases\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e December 3, 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 14028\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity\"\u003eImproving the Nation's Cybersecurity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Charges multiple agencies, including NIST, with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e NIST\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 14034\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2021/06/11/2021-12506/protecting-americans-sensitive-data-from-foreign-adversaries\"\u003eProtecting Americans' Sensitive Data From Foreign Adversaries\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires government agencies to issue regulations that prohibit, or otherwise restrict, certain categories of data transactions that pose an unacceptable risk to national security.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e June 2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003eDepartment of Justice\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 14110\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://crsreports.congress.gov/product/pdf/R/R47843\"\u003eSafe, Secure, and Trustworthy Development and Use of Artificial Intelligence\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes a government-wide effort to guide responsible artificial intelligence (AI) development and deployment through federal agency leadership, regulation of industry, and engagement with\u003cbr\u003einternational partners\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e October 30, 2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eOffice of Science and Technology Policy (OSTP)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eGovernment Accountability Office (GAO) and GAO Accounting and Information Management Division (AIMD)\u003c/h2\u003e\u003cp\u003eThe U.S. Government Accountability Office (GAO) provides Congress, the heads of executive agencies, and the public with timely, fact-based, non-partisan information that can be used to improve government and save taxpayers billions of dollars. The GAO reports provide findings from their audits.\u003c/p\u003e\u003ch3\u003eAIMD-10.1.13\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/aimd-10.1.13.pdf\"\u003eAssessing Risks and Returns: A Guide for Evaluating Federal Agencies IT Investment Decision-making\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 3, 1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePaperwork Reduction Act (PRA)\u003c/li\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eGovernment Performance and Results Act (GPRA)\u003c/li\u003e\u003cli\u003eChief Financial Officers Act\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 04-394G\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-04-394g.pdf\"\u003eInformation Technology Investment Management: A Framework for Assessing and Improving Process Maturity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e March 1, 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 05-471\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-05-471.pdf\"\u003eINTERNET PROTOCOL VERSION 6 - Federal Agencies Need to Plan for Transition and Manage\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://www.gao.gov/assets/gao-05-471.pdf\"\u003eSecurity Risks\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 20, 2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 13-87\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-04-394g.pdf\"\u003eInformation Technology Investment Management: A Framework for Assessing and Improving Process Maturity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e March 1, 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 14-413\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/d14413.pdf\"\u003eFederal Software Licenses: Better Management Needed to Achieve Significant Savings Government-Wide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 22, 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 16-469\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-16-469.pdf\"\u003eInformation Technology Reform: Agencies Need to Increase Their Use of Incremental Development Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e August 16, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e FITARA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 20-195G\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-20-195g.pdf\"\u003eCost Estimating and Assessment Guide: Best Practices for Developing and Managing Program Costs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e March 12, 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eFederal Continuity Directives\u003c/h2\u003e\u003cp\u003eFederal Continuity Directives (FCDs) and Presidential Policy Directives (PPDs) and are both types of directives issued by the President of the United States to guide and coordinate specific policies, programs, and activities across the federal government.\u003c/p\u003e\u003cp\u003ePPDs are presidential statements that set forth national policies and decisions, while FCDs are agency-level directives aimed at ensuring the continuity and resilience of government operations during emergencies and crises.\u003c/p\u003e\u003ch3\u003eFCD-1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gpo.gov/docs/default-source/accessibility-privacy-coop-files/January2017FCD1-2.pdf\"\u003eFederal Executive Branch National Continuity Program and Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e January 17, 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFCD-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.fema.gov/sites/default/files/2020-07/Federal_Continuity_Directive-2_June132017.pdf\"\u003eFederal Executive Branch Mission Essential Functions and Candidate Primary Mission Essential Functions\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://www.fema.gov/sites/default/files/2020-07/Federal_Continuity_Directive-2_June132017.pdf\"\u003eIdentification and Submission Process\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e June 13, 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://irp.fas.org/offdocs/ppd/ppd-1.pdf\"\u003eOrganization of the National Security Council System\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 13, 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e National Security Council (NSC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://irp.fas.org/offdocs/ppd/ppd-2.pdf\"\u003eImplementation of the National Strategy for Countering Biological Threats\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e November 23, 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e National Security Staff Executive Secretary\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-40\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.fema.gov/emergency-managers/national-preparedness/continuity/toolkit/chapter-1\"\u003eNational Continuity Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 15, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e Federal Emergency Management Agency (FEMA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-41\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2016/07/26/presidential-policy-directive-united-states-cyber-incident\"\u003eUnited States Cyber Incident Coordination\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 26, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eOMB Circulars\u003c/h2\u003e\u003cp\u003eOMB Circulars are a series of guidance documents issued by the Office of Management and Budget (OMB) of the United States federal government. They provide instructions, requirements, and policies for federal agencies in specific areas of financial management, budgeting, procurement, grants management, and administrative operations.\u003c/p\u003e\u003ch3\u003eA-11\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/06/a11.pdf\"\u003ePreparation, Submission, and Execution of the Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/11/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GRPA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-19\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/Circular-019.pdf\"\u003eLegislative Coordination and Clearance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/20/1979\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Budget Control Act of 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-76\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A76/a76_incl_tech_correction.pdf\"\u003ePerformance of Commercial Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/14/2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFederal Procurement Policy Act\u003c/li\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eEO 11609\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-94\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/11/CircularA-94.pdf\"\u003eGuidelines and Discount Rates for Benefit-Cost Analysis of Federal Programs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Budget and Accounting Act of 1921\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-108\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A108/omb_circular_a-108.pdf\"\u003eFederal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/1975\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act (PRA)\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-123\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/omb/circulars_a123_rev\"\u003eManagements Responsibility for Internal Control\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/21/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eSarbanes-Oxley Act\u003c/li\u003e\u003cli\u003eFederal Managers' Financial Integrity Act\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-130\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf\"\u003eManaging Information as a Strategic Resource\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/28/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eE-Government Act\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003ePRA\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eDigital Accountability and Transparency Act\u003c/li\u003e\u003cli\u003eElectronic Signatures in Global and National Commerce Act\u003c/li\u003e\u003cli\u003eGovernment Paperwork Elimination Act\u003c/li\u003e\u003cli\u003eGPRA\u003c/li\u003e\u003cli\u003eOffice of Federal Procurement Policy Act\u003c/li\u003e\u003cli\u003eBudget and Accounting Procedures Act\u003c/li\u003e\u003cli\u003eChief Financial Officers Act\u003c/li\u003e\u003cli\u003eEO 13719\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-136\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2024/05/A-136-for-FY-2024.pdf\"\u003eFinancial Reporting Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/30/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eChief Financial Officers Act of 1990\u003c/li\u003e\u003cli\u003eGovernment Management Reform Act of 1994\u003c/li\u003e\u003cli\u003eAccountability of Tax Dollars Act of 2002\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eOMB Memos\u003c/h2\u003e\u003cp\u003eThe Office of Management and Budget (OMB) memoranda provide Federal agencies with instructions and implementation guidance for specific management priorities or legislative requirements. They provide annual updates, such as for FISMA reporting requirements, or have longer term guidance for agency implementation.\u003c/p\u003e\u003ch3\u003e2024\u003c/h3\u003e\u003ch4\u003eM-24-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/12/M-24-08-Strengthening-Digital-Accessibility-and-the-Management-of-Section-508-of-the-Rehabilitation-Act.pdf\"\u003eStrengthening Digital Accessibility and the Management of Section 508 of the Rehabilitation Act (digital)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/21/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Section 508 of the Rehabilitation Act\u003c/p\u003e\u003ch4\u003eM-24-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/12/M-24-04-FY24-FISMA-Guidance.pdf\"\u003eFiscal Year 2024 Guidance on Federal Information Security and Privacy Management Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/4/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-24-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/10/M-24-02-Buy-America-Implementation-Guidance-Update.pdf\"\u003eImplementation Guidance on Application of Buy America Preference in Federal Financial Assistance Programs for Infrastructure\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/25/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Buy America Act\u003c/p\u003e\u003ch3\u003e2023\u003c/h3\u003e\u003ch4\u003eM-23-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/09/M-23-22-Delivering-a-Digital-First-Public-Experience.pdf\"\u003eDelivering a Digital-First Public Experience (digital)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/22/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e 21st Century Integrated Digital Experience Act\u003c/p\u003e\u003ch4\u003eM-23-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/08/M-23-20.pdf\"\u003eMulti-Agency Research and Development Priorities for the FY 2025 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/17/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-23-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-18-Administration-Cybersecurity-Priorities-for-the-FY-2025-Budget-s.pdf\"\u003eAdministration Cybersecurity Priorities for the FY 2025 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/27/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e National Cybersecurity Strategy (NCS)\u003c/p\u003e\u003ch4\u003eM-23-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-16-Update-to-M-22-18-Enhancing-Software-Security.pdf\"\u003eUpdate to Memorandum M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements: \u003c/strong\u003eE.O. 14028\u003c/p\u003e\u003ch4\u003eM-23-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/02/M-23-13-No-TikTok-on-Government-Devices-Implementation-Guidance_final.pdf\"\u003e“No TikTok on Government Devices” Implementation Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/27/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e No Tiktok on Government Devices\u003c/p\u003e\u003ch4\u003eM-23-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/02/M-23-10-DOTGOV-Act-Guidance.pdf\"\u003eThe Registration and Use of .gov Domains in the Federal Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/8/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e DOTGOV Online Trust in Government Act of 2020\u003c/p\u003e\u003ch4\u003eM-23-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/12/M_23_07-M-Memo-Electronic-Records_final.pdf\"\u003eUpdate to Transition to Electronic Records\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/23/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-23-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/11/M-23-02-M-Memo-on-Migrating-to-Post-Quantum-Cryptography.pdf\"\u003eMigrating to Post-Quantum Cryptography\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/18/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2022\u003c/h3\u003e\u003ch4\u003eM-22-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/09/M-22-18.pdf\"\u003eEnhancing the Security of the Software Supply Chain through Secure Software Development Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/14/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-22-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/07/M-22-16.pdf\"\u003eAdministration Cybersecurity Priorities for the FY 2024 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/22/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch4\u003eM-22-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/07/M-22-15.pdf\"\u003eMulti-Agency Research and Development Priorities for the FY 2024 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/22/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-22-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf\"\u003eMoving the U.S. Government Toward Zero Trust Cybersecurity Principles\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/26/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-22-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/12/M-22-04-IG-Cooperation.pdf\"\u003ePromoting Accountability through Cooperation among Agencies and Inspectors General\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/3/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e IG Act\u003c/p\u003e\u003ch4\u003eM-22-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/10/M-22-01.pdf\"\u003eImproving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Systems through Endpoint Detection and Response\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/8/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch3\u003e2021\u003c/h3\u003e\u003ch4\u003eM-21-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/07/M-21-32-Multi-Agency-Research-and-Development-Prioirties-for-FY-2023-Budget-.pdf\"\u003eMulti-Agency Research and Development Priorities for the FY 2023 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/27/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-21-31\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf\"\u003eImproving the Federal Governments Investigative and Remediation Capabilities Related to Cybersecurity Incident\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/27/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch4\u003eM-21-30\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-30.pdf\"\u003eProtecting Critical Software Through Enhanced Security Measures\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/10/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch4\u003eM-21-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-07.pdf\"\u003eCompleting the Transition to Internet Protocol Version 6 (IPv6)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/19/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FAR\u003c/p\u003e\u003ch4\u003eM-21-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-06.pdf\"\u003eGuidance for Regulation of Artificial Intelligence Applications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/17/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 13859\u003c/p\u003e\u003ch4\u003eM-21-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-05.pdf\"\u003eExtension of Data Center Optimization Initiative (DCOI)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/13/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch4\u003eM-21-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-04.pdf\"\u003eModernizing Access to and Consent for Disclosure of Records Subject to the Privacy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/12/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e The Privacy Act of 1974\u003c/p\u003e\u003ch3\u003e2020\u003c/h3\u003e\u003ch4\u003eM-20-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/09/M-20-32.pdf\"\u003eImproving Vulnerability Identification, Management, and Remediation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/2/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA\u003c/p\u003e\u003ch4\u003eM-20-29\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/08/M-20-29.pdf\"\u003eR \u0026amp; D Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/14/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-20-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/03/M-20-19.pdf\"\u003eHarnessing Technology to Support Mission Continuity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/22/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-20-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/11/M-20-04.pdf\"\u003eFiscal Year 2019-2020 Guidance on Federal Information Security and Privacy Management Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/19/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2019\u003c/h3\u003e\u003ch4\u003eM-19-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/09/M-19-26.pdf\"\u003eUpdate to the Trusted Internet Connections (TIC) Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/12/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-19-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/08/M-19-21-new-2.pdf\"\u003eTransition of Electronic Records\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/28/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e NARA\u003c/p\u003e\u003ch4\u003eM-19-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/06/M-19-19-Data-Centers.pdf\"\u003eUpdate to Data Center Optimization Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/25/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch4\u003eM-19-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/06/M-19-18.pdf\"\u003eFederal Data Strategy A Framework for Consistency\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/4/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-19-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/05/M-19-17.pdf\"\u003eEnabling Mission Delivery through Improved Identity, Credential, and Access Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/21/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-19-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/02/M-19-10.pdf\"\u003eGuidance for Achieving Interoperability with the National Freedom of Information Act (FOIA) Portal on FOIA.gov\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/12/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FOIA\u003c/p\u003e\u003ch4\u003eM-19-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/12/M-19-03.pdf\"\u003eStrengthening the Cybersecurity of Federal Agencies by enhancing the High Value Asset Program\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/10/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e High Value Asset (HVA) program\u003c/p\u003e\u003ch4\u003eM-19-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/10/M-19-02.pdf\"\u003eFiscal Year 2018-2019 Guidance on Federal Information Security and Privacy Management Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/25/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-19-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/10/M-19-01.pdf\"\u003eRequest for Agency Feedback on the Federal Data Strategy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/16/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Federal Data Strategy\u003c/p\u003e\u003ch3\u003e2018\u003c/h3\u003e\u003ch4\u003eM-18-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/09/M-18-26.pdf\"\u003eIncentivizing Workforce Participation and Expanding Recruitment Sources for the 2020 Decennial Census\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/28/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-18-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/07/M-18-22.pdf\"\u003eFY 2020 Administration Research and Development Budget Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/31/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-18-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/06/M-18-20.pdf\"\u003eAppendix C to OMB Circular No. A-123, Requirements for Payment Integrity Improvement\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/26/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch3\u003e2017\u003c/h3\u003e\u003ch4\u003eM-17-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-32.pdf\"\u003eTravel on Government-Owned Rented, Leased or Chartered Aircraft\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/29/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-126\u003c/p\u003e\u003ch4\u003eM-17-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-25.pdf\"\u003eReporting Guidance for Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/19/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-17-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-23.pdf\"\u003eGuidance on Regulatory Reform Accountability under Executive Order 13777, titled “Enforcing the Regulatory Reform Agenda”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/28/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13777\u003c/p\u003e\u003ch4\u003eM-17-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-22.pdf\"\u003eComprehensive Plan for Reforming the Federal Government and Reducing the Federal Civilian Workforce\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/12/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GPRA Modernization Act of 2010\u003c/p\u003e\u003ch4\u003eM-17-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-21-OMB.pdf\"\u003eImplementing Executive Order 13771, Titled “Reducing Regulation and Controlling Regulatory Costs”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/5/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13771\u003c/p\u003e\u003ch4\u003eM-17-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-19-OMB.pdf\"\u003eLegislative Coordination and Clearance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/28/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-19\u003c/p\u003e\u003ch4\u003eM-17-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-15.pdf\"\u003eRescission of Memoranda Relating to Identity Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/19/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-17-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-12_0.pdf\"\u003ePreparing for and Responding to a Breach of Personally Identifiable Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/3/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-17-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-09.pdf\"\u003eManagement of Federal High Value Assets\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/9/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eB.O.D. 18-02\u003c/li\u003e\u003cli\u003eHHS HVA Program\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-17-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-04.pdf\"\u003eAdditional Guidance for Data Act Implementation: Further Requirements For Reporting And Assuring Data Reliability\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/4/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e DATA Act\u003c/p\u003e\u003ch4\u003eM-17-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-03.pdf\"\u003eInstitutionalizing Hiring Excellence To Achieve Mission Outcomes\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/1/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda (PMA) Cross Agency Priority (CAP)\u003c/p\u003e\u003ch4\u003eM-17-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-02.pdf\"\u003ePrecision Medicine Initiative Privacy and Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/21/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eGenetic Information Nondiscrimination Act\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2016\u003c/h3\u003e\u003ch4\u003eM-16-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_24_0.pdf\"\u003eRole and Designation of Senior Agency Officials for Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/15/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13719\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-16-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_23.pdf\"\u003ePrioritizing Federal Investments in Promise Zones\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/2/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-16-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_21.pdf\"\u003eFederal Source Code Policy: Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/8/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger Cohen Act\u003c/p\u003e\u003ch4\u003eM-16-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-17.pdf\"\u003eOMB Circular No. A-123, Managements Responsibility for Enterprise Risk Management and Internal Control\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/15/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-16-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-15.pdf\"\u003eFederal Cybersecurity Workforce Strategy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/12/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-16-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-14.pdf\"\u003eCategory Management Policy 16-2: Providing Comprehensive Identity Protection Services, Identity Monitoring, and Data Breach Response\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-16-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-12_1.pdf\"\u003eCategory Management Policy 16-1: Improving the Acquisition and Management of Common Information Technology: Software Licensing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/2/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GAO 14-413\u003c/p\u003e\u003ch4\u003eM-16-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-11.pdf\"\u003eImproving Administrative Functions Through Shared Services\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/4/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Federal Cloud Computing Strategy - Cloud Smart\u003c/p\u003e\u003ch4\u003eM-16-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-08.pdf\"\u003eEstablishment of the Core Federal Services Council\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/30/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda (PMA) Cross Agency Priority (CAP)\u003c/p\u003e\u003ch4\u003eM-16-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-04.pdf\"\u003eCybersecurity Strategy and Implementation Plan (CSIP) for the Federal Civilian Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/30/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-16-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-02.pdf\"\u003eCategory Management Policy 15-1: Improving the Acquisition and Management of Common Information Technology: Laptops and Desktops\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/16/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch3\u003e2015\u003c/h3\u003e\u003ch4\u003eM-15-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-18.pdf\"\u003eFiscal Year 2017 Budget Guidance for Countering Biological Threats Resource Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/9/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e PPD-2\u003c/p\u003e\u003ch4\u003eM-15-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-16.pdf\"\u003eMulti-Agency Science and Technology Priorities for the FY 2017 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/9/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-15-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-15.pdf\"\u003eImproving Statistical Activities through Interagency Collaboration\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/8/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Economy Act\u003c/p\u003e\u003ch4\u003eM-15-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-14.pdf\"\u003eManagement and Oversight of Federal Information Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/10/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch4\u003eM-15-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-13.pdf\"\u003ePolicy to Require Secure Connections across Federal Websites and Web Services\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/8/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-15-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-11.pdf\"\u003eFiscal Year 2017 Budget Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/1/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDATA Act\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-15-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-09.pdf\"\u003eGuidance on Implementing the Federal Customer Service Awards Program\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/19/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13571\u003c/p\u003e\u003ch4\u003eM-15-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-07.pdf\"\u003eEstablishment of a Diversity and Inclusion in Government Council\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/6/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13583\u003c/p\u003e\u003ch4\u003eM-15-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-02.pdf\"\u003eAppendix C to Circular No. A-123, Requirements for Effective Estimation and Remediation of Improper Payments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/20/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch3\u003e2014\u003c/h3\u003e\u003ch4\u003eM-14-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-17.pdf\"\u003eMetrics for Uniform Guidance (2 C.F.R. 200\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/30/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13520\u003c/p\u003e\u003ch4\u003eM-14-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-16.pdf\"\u003eGuidance on Managing Email\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/15/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Managing Government Records Directive of 2012\u003c/p\u003e\u003ch4\u003eM-14-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-15.pdf\"\u003eEnsuring That Employment and Training Programs Are Job-Driven\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/22/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-14.pdf\"\u003eFiscal Year 2016 Budget Guidance for Countering Biological Threats Resource Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e PPD-2\u003c/p\u003e\u003ch4\u003eM-14-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/M-14-13.pdf\"\u003eFiscal Year 2016 Budget Guidance for Combating Antibiotic Resistant Bacteria Resource Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e PPD-1\u003c/p\u003e\u003ch4\u003eM-14-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-12.pdf\"\u003eManagement Agenda Priorities for the FY 2016 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-11.pdf\"\u003eScience and Technology Priorities for FY 2016 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-06.pdf\"\u003eGuidance for Providing and Using Administrative Data for Statistical Purposes\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/14/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-04.pdf\"\u003eFiscal Year 2013 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/18/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-14-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-03.pdf\"\u003eEnhancing the Security of Federal Information and Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/1/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GPRA Modernization Act 0f 2010\u003c/p\u003e\u003ch3\u003e2013\u003c/h3\u003e\u003ch4\u003eM-13-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-20.pdf\"\u003eProtecting Privacy while Reducing Improper Payments with the Do Not Pay Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/16/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIPERIA 2012\u003c/li\u003e\u003cli\u003eDo Not Pay (DNP) Initiative\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-13-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-17.pdf\"\u003eNext Steps in the Evidence and Innovation Agenda\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/26/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-13-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-16.pdf\"\u003eScience and Technology Priorities for the FY 2015 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/26/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-13-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-13.pdf\"\u003eOpen Data Policy Managing Information as an Asset\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/9/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13642\u003c/p\u003e\u003ch4\u003eM-13-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-10.pdf\"\u003eAntideficiency Act Implications of Certain Online Terms of Service Agreements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/4/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Antideficiency Act\u003c/p\u003e\u003ch4\u003eM-13-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-09.pdf\"\u003eFiscal Year 2013 PortfolioStat Guidance: Strengthening Federal IT Portfolio Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/27/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-13-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-06.pdf\"\u003eIssuance of the Sequestration Order Pursuant To Section 251A of the Balanced Budget and Emergency Deficit Control Act of 1985, as Amended\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/1/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Budget Control Act of 2011\u003c/p\u003e\u003ch4\u003eM-13-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-02_0.pdf\"\u003eImproving Acquisition through Strategic Sourcing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/5/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e2012\u003c/h3\u003e\u003ch4\u003eM-12-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-20.pdf\"\u003eFY 2012 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/27/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-12-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-18.pdf\"\u003eManaging Government Records Directive\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/24/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidential Memorandum - Managing Government Records\u003c/p\u003e\u003ch4\u003eM-12-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-15.pdf\"\u003eScience and Technology Priorities for the FY 2014 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/6/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-12-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-14_1.pdf\"\u003eUse of Evidence and Evaluation in the 2014 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/18/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-12-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-12_0.pdf\"\u003ePromoting Efficient Spending to Support Agency Operations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/11/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13589\u003c/p\u003e\u003ch4\u003eM-12-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-11_1.pdf\"\u003eReducing Improper Payments through the “Do Not Pay List”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/12/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13520\u003c/p\u003e\u003ch4\u003eM-12-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-09_0.pdf\"\u003eFederal Activities Inventory Reform (FAIR) Act Submission for Fiscal Year 2012\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/26/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-12-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-01.pdf\"\u003eCreation of the Council on Financial Assistance Reform\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/27/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13576\u003c/p\u003e\u003ch3\u003e2011\u003c/h3\u003e\u003ch4\u003eM-11-33\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-33.pdf\"\u003eFY 2011 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/14/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-11-27\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-27.pdf\"\u003eImplementing the Telework Enhancement Act of 2010: Security Guidelines\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/15/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Telework Enhancement Act of 2010\u003c/p\u003e\u003ch4\u003eM-11-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-26.pdf\"\u003eNew Fast-Track Process for Collecting Service Delivery Feedback Under the Paperwork Reduction Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/15/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003eM-11-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-21.pdf\"\u003eImplementing the Presidential Memorandum “Administrative Flexibility, Lower Costs, and Better Results for State, Local, and Tribal Governments”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/29/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidential Memorandum - Administrative Flexibility\u003c/p\u003e\u003ch4\u003eM-11-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-16.pdf\"\u003e2011 Issuance of Revised Parts I and II to Appendix C of OMB Circular A-123\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/14/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-11-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-15.pdf\"\u003e2011 Final Guidance on Implementing the Plain Writing Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/13/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Plain Writing Act of 2010\u003c/p\u003e\u003ch4\u003eM-11-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-11.pdf\"\u003eContinued Implementation of Homeland Security Presidential Directive (HSPD) 12Policy for a Common Identification Standard for Federal Employees and Contractors\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/3/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-11-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-08.pdf\"\u003eInitial Assessments of Safeguarding and Counterintelligence Postures for Classified National Security Information in Automated Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/3/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13526\u003c/p\u003e\u003ch4\u003eM-11-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-04.pdf\"\u003eIncreasing Efforts to Recapture Improper Payments by Intensifying and Expanding Payment Recapture Audits\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/16/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e IPERIA 2012\u003c/p\u003e\u003ch4\u003eM-11-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-02.pdf\"\u003eSharing Data While Protecting Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/3/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Privacy Act of 1974\u003c/p\u003e\u003ch4\u003eM-11-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-01.pdf\"\u003ePilot Projects for the Partnership Fund for Program Integrity Innovation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/19/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Consolidated Appropriations Act of 2010\u003c/p\u003e\u003ch3\u003e2010\u003c/h3\u003e\u003ch4\u003eM-10-34\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-34.pdf\"\u003eUpdated Guidance on the American Recovery and Reinvestment Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/24/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-30\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-30.pdf\"\u003eScience and Technology Priorities for the FY 2012 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-10-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m-10-26.pdf\"\u003eImmediate Review of Financial Systems IT Projects\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/28/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-10-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-23.pdf\"\u003eGuidance for Agency Use of Third-Party Websites and Applications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/25/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003eM-10-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-22.pdf\"\u003eGuidance for Online Use of Web Measurement and Customization Technologies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/25/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB M-10-06\u003c/p\u003e\u003ch4\u003eM-10-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-21.pdf\"\u003eDeveloping Effective Place-Based Policies for the FY 2012 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/21/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-10-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-16.pdf\"\u003eGrants.gov Return to Normal Operations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/23/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-14.pdf\"\u003eUpdated Guidance on the American Recovery and Reinvestment Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/22/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-13.pdf\"\u003eIssuance of Part III to OMB Circular A-123, Appendix C\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/22/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-10-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-10.pdf\"\u003eFederal Agency Coordination on Health Information Technology (HIT)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/19/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HITECH\u003c/p\u003e\u003ch4\u003eM-10-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-03.pdf\"\u003ePayments to State Grantees for their Administrative Costs for Recovery Act Funding Alternative Allocation Methodologies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/13/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-01.pdf\"\u003eIncreased Emphasis on Program Evaluations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/7/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e2009\u003c/h3\u003e\u003ch4\u003eM-09-33\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-33.pdf\"\u003eTechnical Amendments to OMB Bulletin No. 07-04, Audit Requirements for Federal Financial Statements\u003c/a\u003e\u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-01.pdf\"\u003eIncreased Emphasis on Program Evaluations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/23/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-136\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-09-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-32.pdf\"\u003eUpdate on the Trusted Internet Connections Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/16/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch4\u003eM-09-27\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-27.pdf\"\u003eScience and Technology Priorities for the FY 2011 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/4/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-09-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-18.pdf\"\u003ePayments to State Grantees for Administrative Costs of Recovery Act Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/11/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-17.pdf\"\u003eImproving Grants.gov\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/8/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-15.pdf\"\u003eUpdated Implementing Guidance for the American Recovery and Reinvestment Act of 2009\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/3/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-14.pdf\"\u003eRecovery Act Implementation Improving Grants.gov and Other Critical Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/9/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-14.pdf\"\u003eRecovery Act Implementation Improving Grants.gov and Other Critical Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/9/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-10.pdf\"\u003eInitial Implementing Guidance for the American Recovery and Reinvestment Act of 2009\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/18/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch3\u003e2008\u003c/h3\u003e\u003ch4\u003eM-08-27\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-27.pdf\"\u003eGuidance for Trusted Internet Connection (TIC) Compliance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/30/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch4\u003eM-08-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-25.pdf\"\u003eGuidance for Completing FY 2008 Financial and Performance Reports\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/252008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-08-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-24.pdf\"\u003eTechnical Amendments to OMB Bulletin No. 07-04, Audit Requirements for Federal Financial Statements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB Bulletin No. 07-04\u003c/p\u003e\u003ch4\u003eM-08-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-16.pdf\"\u003eGuidance for Trusted Internet Connection Statement of Capability Form (SOC)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/4/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch4\u003eM-08-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-15.pdf\"\u003eTools Available for Implementing Electronic Records Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/31/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-08-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-14.pdf\"\u003e2008 Inventories of Commercial and Inherently Governmental Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/26/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-08-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-13.pdf\"\u003eUpdate to Civilian Position Full Fringe Benefit Cost Factor, Federal Pay Raise Assumptions, and Inflation Factors used in OMB Circular No. A-76, “Performance of Commercial Activities”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/11/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements: \u003c/strong\u003eOMB A-76\u003c/p\u003e\u003ch4\u003eM-08-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-11.pdf\"\u003eCompetitive Sourcing Requirements in Division D of Public Law 110-161\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/20/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Consolidated Appropriations Act of 2010\u003c/p\u003e\u003ch4\u003eM-08-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-09.pdf\"\u003eNew FISMA Privacy Reporting Requirements for FY 2008\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/18/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-08-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-05.pdf\"\u003eImplementation of Trusted Internet Connections (TIC)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/20/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch3\u003e2007\u003c/h3\u003e\u003ch4\u003eM-07-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-25.pdf\"\u003eBioShield Procurement Approval Anthrax Vaccine Adsorbed\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/20/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eProject BioShield Act of 2004\u003c/li\u003e\u003cli\u003ePublic Health Service Act\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-07-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-24.pdf\"\u003eUpdated Principles for Risk Analysis\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/19/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB Memorandum - Principles for Risk Analysis\u003c/p\u003e\u003ch4\u003eM-07-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-23.pdf\"\u003eRequiring Agency Use of the International Trade Data System\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/10/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13439\u003c/p\u003e\u003ch4\u003eM-07-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-21.pdf\"\u003eVerifying the Employment Eligibility of Federal Employees\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/10/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-07-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-20.pdf\"\u003eFY 2007 E-Government Act Reporting Instructions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/14/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-07-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-18.pdf\"\u003eEnsuring New Acquisitions Include Common Security Configurations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/1/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-07-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-16.pdf\"\u003eSafeguarding Against and Responding to the Breach of Personally Identifiable Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/22/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/business_migrations.pdf\"\u003eCompetition Framework for Human Resources Management Line of Business Migrations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/18/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-07-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-14.pdf\"\u003e2007 Inventories of Commercial and Inherently Governmental Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/3/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-07-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-02.pdf\"\u003eUpdate to Civilian Position Full Fringe Benefit Cost Factor, Federal Pay Raise Assumptions, Inflation Factors, and Tax Rates used in OMB Circular No. A-76, “Performance of Commercial Activities”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/31/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-76\u003c/p\u003e\u003ch3\u003e2006\u003c/h3\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/task_force_theft_memo.pdf\"\u003eRecommendations for Identity Theft Related Data Breach Notification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/20/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13402\u003c/p\u003e\u003ch4\u003eM-06-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-25.pdf\"\u003eFY 2006 E-Government Act Reporting Instructions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-06-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-21.pdf\"\u003eReciprocal Recognition of Existing Personnel Security Clearances\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/17/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 12958\u003c/p\u003e\u003ch4\u003eM-06-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-19.pdf\"\u003eReporting Incidents Involving Personally Identifiable Information Incorporating the Cost for Security in Agency Information Technology Investments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/12/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-06-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-18.pdf\"\u003eAcquisition of Products and Services for Implementation of HSPD-12\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/30/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-06-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m-06-15.pdf\"\u003eSafeguarding Personally Identifiable Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/22/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Privacy Act of 1974\u003c/p\u003e\u003ch4\u003eM-06-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-12.pdf\"\u003eFollow-up Memorandum on “Implementation of the Presidents Executive Order “Improving Agency Disclosure of Information”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/13/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FOIA\u003c/p\u003e\u003ch4\u003eM-06-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-06.pdf\"\u003eSample Privacy Documents for Agency Implementation of Homeland Security Presidential Directive (HSPD) 12\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/17/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-06-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-04.pdf\"\u003eImplementation of the Presidents Executive Order “Improving Agency Disclosure of Information”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/30/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FOIA\u003c/p\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/reciprocal121205.pdf\"\u003eReciprocal Recognition of Existing Personnel Security Clearances\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/12/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Intelligence Reform and Terrorism Prevention Act of 2004\u003c/p\u003e\u003ch4\u003eM-06-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-02.pdf\"\u003eImproving Public Access to and Dissemination of Government Information and Using the Federal Enterprise Architecture Data Reference Model\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/16/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2005\u003c/h3\u003e\u003ch4\u003eM-05-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-25.pdf\"\u003eSmartBUY Agreement with Oracle\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-05-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-24.pdf\"\u003eImplementation of Homeland Security Presidential Directive (HSPD) 12 Policy for a Common Identification Standard for Federal Employees and Contractors\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-05-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-23.pdf\"\u003eImproving Information Technology (IT) Project Planning and Execution\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/4/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-05-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-22.pdf\"\u003eTransition Planning for Internet Protocol Version 6 (IPv6)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/2/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GAO 05-471\u003c/p\u003e\u003ch4\u003eM-05-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-17.pdf\"\u003eAllocation of Responsibilities For Security Clearances Under the Executive Order, Strengthening Processes Relating to Determining Eligibility for Access to Classified National Security Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/30/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13381\u003c/p\u003e\u003ch4\u003eM-05-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-16.pdf\"\u003eRegulation on Maintaining Telecommunication Services During a Crisis or Emergency in Federally-owned Buildings\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/30/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Section 414 of the Transportation, Treasury, Independent Agencies, and General Government Appropriations Act\u003c/p\u003e\u003ch4\u003eM-05-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-08.pdf\"\u003eDesignation of Senior Agency Officials for Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/11/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Privacy Act of 1974\u003c/p\u003e\u003ch4\u003eM-05-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-05.pdf\"\u003eElectronic Signatures: How to Mitigate the Risk of Commercial Managed Services\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/20/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-05-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-04.pdf\"\u003ePolicies for Federal Agency Public Websites\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/17/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch3\u003e2004\u003c/h3\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-25_template.xls\"\u003eSection E — FY04 FISMA Reporting Template\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-04-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/omb/memoranda_fy04_m04-24/\"\u003eExpanded Electronic Government (E-Gov) Presidents Management Agenda (PMA) Scorecard Cost, Schedule and Performance Standard for Success\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/23/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda - Expanded Electronic Government (E-Gov) Initiative\u003c/p\u003e\u003ch4\u003eM-04-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-19.pdf\"\u003eInformation Technology (IT) Project Manager (PM) Qualification Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/21/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-04-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m-04-18.pdf\"\u003eMedicare Modernization Act and Federal Programs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/19/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Medicare Prescription Drug, Improvement, and Modernization Act (MMA)\u003c/p\u003e\u003ch4\u003eM-04-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2004-M-04-16-Software-Acquisition-.pdf\"\u003eSoftware Acquisition\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-04-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m-04-15.pdf\"\u003eDevelopment of Homeland Security Presidential Directive(HSPD) 7 Critical Infrastructure Protection Plans to Protect Federal Critical Infrastructures and Key Resources\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/17/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-04-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-08.pdf\"\u003eMaximizing Use of SmartBuy and Avoiding Duplication of Agency Activities with the Presidents 24 E-Gov Initiatives\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/25/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda - Expanded Electronic Government (E-Gov) Initiative\u003c/p\u003e\u003ch4\u003eM-04-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-04.pdf\"\u003eE-Authentication Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/16/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003ePaperwork Elimination Act of 1998\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2003\u003c/h3\u003e\u003ch4\u003eM-03-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/203-M-03-22-OMB-Guidance-for-Implementing-the-Privacy-Provisions-of-the-E-Government-Act-of-2002-1.pdf\"\u003eOMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/16/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-03-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2003/m03-18.pdf\"\u003eImplementation Guidance for the E-Government Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/1/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-03-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2003-M-03-04-Determination-Orders-Organizing-the-Department-of-Homeland-Security-1.pdf\"\u003eDetermination Orders Organizing the Department of Homeland Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/7/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Public Law 107-296 - Establishing the Department of Homeland Security\u003c/p\u003e\u003ch3\u003e2002\u003c/h3\u003e\u003ch4\u003eM-02-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2002/m02-14.pdf\"\u003eAdditional Information Requirements for Overseas Combating Terrorism and Homeland Security for the FY 2004 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/8/2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-02-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2002/m02-11.pdf\"\u003eDepartment of Homeland Security Transition Issues\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/16/2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Public Law 107-296 - Establishing the Department of Homeland Security\u003c/p\u003e\u003ch4\u003eM-02-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2002-M-02-01-Guidance-for-Preparing-and-Submitting-Security-Plans-of-Action-and-Milestones-1.pdf\"\u003eGuidance for Preparing and Submitting Security Plans of Action and Milestones\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/17/2001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Government Information Security Reform Act\u003c/p\u003e\u003ch3\u003e2001\u003c/h3\u003e\u003ch4\u003eM-01-28\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2001-M-01-28-Citizen-Centered-E-Government-Developing-the-Action-Plan.pdf\"\u003eCitizen-Centered E-Government: Developing the Action Plan\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e President Management Agenda - e-Government\u003c/p\u003e\u003ch4\u003eM-01-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2001-M-01-05-Guidance-on-Inter-Agency-Sharing-of-Personal-Data-Protecting-Personal-Privacy.pdf\"\u003eGuidance on Inter-Agency Sharing of Personal Data Protecting Personal Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/20/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Computer Matching and Privacy Protection Act\u003c/p\u003e\u003ch3\u003e2000\u003c/h3\u003e\u003ch4\u003eM-00-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-15-OMB-Guidance-on-Implementing-the-Electronic-Signatures-in-Global-and-National-Commerce-Act.pdf\"\u003eOMB Guidance on Implementing the Electronic Signatures in Global and National Commerce Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/25/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Sign Act\u003c/p\u003e\u003ch4\u003eM-00-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-13-Privacy-Policies-and-Data-Collection-on-Federal-Web-Sites.pdf\"\u003ePrivacy Policies and Data Collection on Federal Web Sites\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/22/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eChildrens Online Privacy Protection Act\u003c/li\u003e\u003cli\u003ePrivacy Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-00-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-10-OMB-Procedures-and-Guidance-on-Implementing-the-Government-Paperwork-Elimination-Act.pdf\"\u003eOMB Procedures and Guidance on Implementing the Government Paperwork Elimination Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/25/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003eM-00-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-03-Reporting-Y2K-Compliance-of-Non-mission-Critical-Systems.pdf\"\u003eReporting Y2K Compliance of Non-mission Critical Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/10/1999\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e1999\u003c/h3\u003e\u003ch4\u003eM-99-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1999-M-99-18-Privacy-Policies-on-Federal-Web-Sites.pdf\"\u003ePrivacy Policies on Federal Web Sites\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/2/1999\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-99-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1999-M-99-01-New-Statutory-Language-on-Paperwork-Reduction-FY-1999-ICB.pdf\"\u003eNew Statutory Language on Paperwork Reduction FY 1999 ICB\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/16/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003e1998\u003c/h4\u003e\u003ch4\u003eM-98-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1995-1998-M-98-14-Comprehensive-Plans-and-Associated-Funding-Requirements-for-Achieving-Year-2000-Computer-Compliance.pdf\"\u003eComprehensive Plans and Associated Funding Requirements for Achieving Year 2000 Computer Compliance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/13/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-11\u003c/p\u003e\u003ch4\u003eM-98-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1995-1998-M-98-09-Updated-Guidance-on-Developing-a-Handbook-for-Individuals-Seeking-Access-of-Public-Information.pdf\"\u003eUpdated Guidance on Developing a Handbook for Individuals Seeking Access of Public Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/23/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eElectronic Freedom of Information Act Amendments of 1996\u003c/li\u003e\u003cli\u003eFOIA\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-98-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1998-M-98-04-Annual-Performance-Plans-Required-by-the-Government-Performance-and-Results-Act-GPRA.pdf\"\u003eAnnual Performance Plans Required by the Government Performance and Results Act (GPRA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/29/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GPRA Modernization Act of 2010\u003c/p\u003e\u003ch3\u003e1997\u003c/h3\u003e\u003ch4\u003eM-97-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/1995-1998/m97-15.pdf\"\u003eLocal Telecommunications Services Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/12/1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch4\u003eM-97-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-09-Interagency-Support-for-Information-Technology.pdf\"\u003eInteragency Support for Information Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/10/1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch4\u003eM-97-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-07-Multiagency-Contracts-Under-the-Information-Technology-Management-Reform-Act-of-1996.pdf\"\u003eMultiagency Contracts Under the Information Technology Management Reform Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/26/1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch4\u003eM-97-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-02-Funding-Information-Systems-Investments.pdf\"\u003eFunding Information Systems Investments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/25/1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eGPRA Modernization Act of 2010\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e1996\u003c/h3\u003e\u003ch4\u003eM-96-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1996-M-96-20-Implementation-of-the-Information-Technology-Management-Reform-Act-of-1996.pdf\"\u003eImplementation of the Information Technology Management Reform Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/4/1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch3\u003e1995\u003c/h3\u003e\u003ch4\u003eM-95-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/1995-1998/m95-17.pdf\"\u003eContingency Planning for Agency Operations in Fiscal Year 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/17/1995\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch2\u003eHHS Policies, Standards, Memorandum, and Guides\u003c/h2\u003e\u003ch3\u003eHHS Policies\u003c/h3\u003e\u003cp\u003eThe HHS Cybersecurity Program develops policies, standards, memoranda, guides, and standard operating procedures. They are collectively referred to as policy documents. HHS policy documents help to apply Federal legislation, OMB regulations, NIST standards, and U.S. Computer Emergency Readiness Team (US-CERT) guidelines in the context of the HHS environment, thus standardizing the implementation of information security and privacy practices across the Department.\u003c/p\u003e\u003cp\u003eNOTE: The HHS Polices can be found at \u003cem\u003ehttp://intranet.hhs.gov/working-at-hhs/cybersecurity/ocio-policies\u003c/em\u003e and are only accessible through the HHS intranet/CMS network and cannot be accessed with a public internet connection.\u003c/p\u003e\u003ch4\u003eCybersecurity Awareness and Training\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2024-03-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Identifies the baseline requirements for providing HHS personnel with the requirements for Awareness Training and of their responsibility to help protect the confidentiality, integrity, and availability of HHS information systems and data\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/role-based-training-rbt\"\u003eCyberGeek - Role Based Training (RBT)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-2-awareness-and-training\"\u003eCyberGeek - Risk Management Handbook (RMH) Chapter 2: Awareness \u0026amp; Training (AT)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e5 CFR 930.301\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS Policy for Information Security and Privacy Protection (IS2P)\u003c/li\u003e\u003cli\u003eNIST S.P. 800-16\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-50\u003c/li\u003e\u003cli\u003eNIST SP 800-181 rev 1\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRecords Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-CDO-2024-02-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the principles, responsibilities, and requirements for managing HHS records\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 2/1/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003eCMS Records and Information Management Program\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B\u003c/li\u003e\u003cli\u003e32 CFR Part 2002\u003c/li\u003e\u003cli\u003e18 U.S. Code § 641\u003c/li\u003e\u003cli\u003e18 U.S. Code § 2071\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 2901-2910\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 3101-3107\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 3106\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 3301-3324\u003c/li\u003e\u003cli\u003e44 U.S. Code § 3301\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eFederal Rules of Civil Procedures\u003c/li\u003e\u003cli\u003eNARA Bulletin 2010-05\u003c/li\u003e\u003cli\u003eNARA Bulletin 2013-02\u003c/li\u003e\u003cli\u003eNARA Bulletin 2014-02\u003c/li\u003e\u003cli\u003eNARA Bulletin 2015-02\u003c/li\u003e\u003cli\u003eNARA Bulletin 2023-02\u003c/li\u003e\u003cli\u003eNARA Criteria for Successfully Managing Permanent Electronic Records\u003c/li\u003e\u003cli\u003eNARA Guidance on Records Management Language for Contracts\u003c/li\u003e\u003cli\u003eNARA Universal Electronic Records Management Requirements\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB M-19-21\u003c/li\u003e\u003cli\u003eOMB M-23-07\u003c/li\u003e\u003cli\u003eHHS Policy for Litigation Holds\u003c/li\u003e\u003cli\u003eHHS Policy for Rules of Behavior for Use of Information and IT Resources\u003c/li\u003e\u003cli\u003eHHS Policy for Mobile Devices and Removable Media\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePrivacy Impact Assessments\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2023-09-005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Set forth the minimum HHS Privacy Threshold Analysis (PTA), PIA, and Internal PIA requirements, as well as accompanying approval and publication processes\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/privacy-impact-assessment-pia\"\u003eCyberGeek - Privacy Impact Assessment (PIA)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS Policy for Information Security and Privacy Protection (IS2P)\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53 Rev. 5\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management v1.0\u003c/li\u003e\u003cli\u003eOMB Circular A-108\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eOMB M-17-06\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act (PRA)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eLitigation Holds\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-CDO-2023-08-004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish that HHS takes all reasonable steps to preserve potentially relevant information in the possession, custody, or control of HHS when civil litigation has commenced or when there is reasonable anticipation of litigation\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/10/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Litigation Holds and Essential Records Program\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B §§ 1220.30-1220.34\u003c/li\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B §§ 1230.1-1230.18\u003c/li\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B §§ 1236.2-1236.36\u003c/li\u003e\u003cli\u003e18 USC § 641\u003c/li\u003e\u003cli\u003e18 USC § 2071\u003c/li\u003e\u003cli\u003e44 USC §§ 2071-2120\u003c/li\u003e\u003cli\u003e44 USC §§ 2901-2912\u003c/li\u003e\u003cli\u003e44 USC §§ 3101-3107\u003c/li\u003e\u003cli\u003e44 USC §§ 3301-3314\u003c/li\u003e\u003cli\u003e44 USC §§ 3501-3583\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eDuty to Disclose, Rule 26\u003c/li\u003e\u003cli\u003eProducing Documents, Rule 34\u003c/li\u003e\u003cli\u003eFailure to Make Disclosures or to Cooperate in Discovery, Rule 37\u003c/li\u003e\u003cli\u003eDelivering Government Solutions in 21st Century\u003c/li\u003e\u003cli\u003eNARA 2010-05\u003c/li\u003e\u003cli\u003eNARA 2014-02\u003c/li\u003e\u003cli\u003eNARA 2015-02\u003c/li\u003e\u003cli\u003eNARA Criteria for Successfully Managing Permanent Electronic Records\u003c/li\u003e\u003cli\u003eNARA Guidance on Records Management Language for Contracts\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMA/NARA M-23-07\u003c/li\u003e\u003cli\u003ePublic Law 113-187\u003c/li\u003e\u003cli\u003eUniversal Electronic Records Management Requirements\u003c/li\u003e\u003cli\u003eNARA General Records Schedules\u003c/li\u003e\u003cli\u003eGeneral Record Schedule 6.1\u003c/li\u003e\u003cli\u003eHHS Implementing Email Records Management\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior for Use of Information and IT Resources\u003c/li\u003e\u003cli\u003eHHS Mobile Devices and Removable Media\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eData Loss Prevention\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2022-05-003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish comprehensive DLP requirements for HHS systems and information that are compliant with FISMA 2014, NIST S.P. 800-53, EO 14028\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/16/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eEO 13556\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHSS IS2P\u003c/li\u003e\u003cli\u003eNARA CUI Program\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB M-22-09\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRules of Behavior for Use of Information and IT Resources\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2023-02-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Defines the acceptable use of HHS information and IT resources and establishes the baseline requirements for developing Rules of Behavior that all users, including privileged users, are required to sign prior to accessing HHS information systems and resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 2/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/hhs-policy-rules-behavior-use-information-it-resources\"\u003eCyberGeek - HHS Policy for Rules of Behavior for Use of Information and IT Resources\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eNIST S.P. 800-18\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003ePublic Law § 115-232 889\u003c/li\u003e\u003cli\u003e5 USC § 552a\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eCommon Data Use Agreement (DUA) Structure and Repository\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-CDO-2023-01-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Defines a DUA as a document that establishes the terms and conditions under which the Data Provider will provide, and the Data Recipient will receive and use, the data covered under the Agreement, which is nonpublic, restricted HHS data shared for a limited government purpose\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/23/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/cms-data-use-agreement-dua\"\u003eCyberGeek - CMS Data Use Agreement (DUA)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e44 USC § 3520\u003c/li\u003e\u003cli\u003e44 USC § 3576\u003c/li\u003e\u003cli\u003eOMB M-14-06\u003c/li\u003e\u003cli\u003eOMB M-01-05\u003c/li\u003e\u003cli\u003eHHS Enterprise Data Management\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEncryption of Computing Devices and Information\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2022-12-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish comprehensive encryption requirements for HHS systems and information that are compliant with FISMA 2014, NIST S.P. 800-53, EO 14028, OMB M-22-09\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/9/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-15-13\u003c/li\u003e\u003cli\u003eOMB M-22-09\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSecuring AI Technology\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-12-007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensure secure implementation of AI technology within HHS, secure HHS networks and information, protect privacy, and address risks\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/14/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13859\u003c/li\u003e\u003cli\u003eEO 13960\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST Privacy Framework\u003c/li\u003e\u003cli\u003eNIST S.P. 800-167\u003c/li\u003e\u003cli\u003eNIST S.P. 800-94\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eDHS AI Using Standards to Mitigate Risks\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Security and Privacy Protection (IS2P)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-11-0006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish comprehensive security and privacy requirements for HHS systems and information that are compliant with FISMA 2014 and NIST S.P. 800-53\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/18/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eEO 13556\u003c/li\u003e\u003cli\u003eFERPA\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eBuy American Act\u003c/li\u003e\u003cli\u003eFASCSA 2018\u003c/li\u003e\u003cli\u003ePublic Law 115-232 § 889\u003c/li\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eHSPD-12\u003c/li\u003e\u003cli\u003eNARA\u003c/li\u003e\u003cli\u003eB.O.D 18-02\u003c/li\u003e\u003cli\u003eFIPS 140-2, 199, 200, 201-1\u003c/li\u003e\u003cli\u003eNIST S.P. 800-111\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST S.P. 800-144\u003c/li\u003e\u003cli\u003eNIST S.P. 800-152\u003c/li\u003e\u003cli\u003eNIST S.P. 800-171\u003c/li\u003e\u003cli\u003eNIST S.P. 800-175A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-175B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-46\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-79-2\u003c/li\u003e\u003cli\u003eNIST S.P. 800-88\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB Circular A-108\u003c/li\u003e\u003cli\u003eOMB M-02-01\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eOMB M-10-22\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-16-17\u003c/li\u003e\u003cli\u003eOMB M-14-03\u003c/li\u003e\u003cli\u003eOMB M-16-17\u003c/li\u003e\u003cli\u003eOMB M-14-03\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003e5 CFR § 930.301\u003c/li\u003e\u003cli\u003ePublic Law 113-291 Title VIII Subtitle D\u003c/li\u003e\u003cli\u003eSection 508 of the Rehabilitation Act of 1973\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Portfolio Management (PfM)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2021-09-005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Describes the Captital Planning and Investment Control (CPIC) principles and requirements, and establishes standard methodologies for conducting OAs, evaluating Investment Risks, certifying adequate Incremental Development, and successfully implementing TBM\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 9/23/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e \u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition\"\u003eCyberGeek - Risk Management Handbook Chapter 15: System \u0026amp; Services Acquisition\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGovernment Performance and Results Act of 1993\u003c/li\u003e\u003cli\u003eFederal Acquisition Streamlining Act of 1994\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act of 1995\u003c/li\u003e\u003cli\u003eFederal Financial Management Improvement Act of 1996\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFITARA 2014\u003c/li\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003ePolicies \u0026amp; Priorities, Technology Business Management. CIO. GOV\u003c/li\u003e\u003cli\u003eRecords Management Act of 1950\u003c/li\u003e\u003cli\u003eSection 508 of the Rehabilitation Act\u003c/li\u003e\u003cli\u003eEO 13636\u003c/li\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eGAO-04-394G\u003c/li\u003e\u003cli\u003eAIMD-10.1.13\u003c/li\u003e\u003cli\u003eGAO-13-87\u003c/li\u003e\u003cli\u003eGAO Report 16-469\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-94\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB Federal Cloud Computing Strategy - Cloud Smart\u003c/li\u003e\u003cli\u003eOMB M-97-02\u003c/li\u003e\u003cli\u003eOMB M-05-23\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eFederal Continuity Directive 1\u003c/li\u003e\u003cli\u003eFederal Continuity Directive 2\u003c/li\u003e\u003cli\u003eFIPS 140-2\u003c/li\u003e\u003cli\u003eNIST S.P. 800-30\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-39\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-56A\u003c/li\u003e\u003cli\u003eSection 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)\u003c/li\u003e\u003cli\u003eHHS Section 508 Electronic and IT\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation\u003c/li\u003e\u003cli\u003eHHS OCIO Roles and Responsibilities\u003c/li\u003e\u003cli\u003eHHS OCIO Enterprise Performance Life Cycle Framework Overview Document\u003c/li\u003e\u003cli\u003eHHS IT Strategic Plan\u003c/li\u003e\u003cli\u003eHHS IT Policy for Enterprise Architecture\u003c/li\u003e\u003cli\u003eHHS Office of Acquisition Management and Policy (OAMP) Acquisition Policy Memorandum\u003c/li\u003e\u003cli\u003eHHS IT Acquisition Reviews (ITAR)\u003c/li\u003e\u003cli\u003eHHS IT Enterprise Performance Life Cycle\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Records Management\u003c/li\u003e\u003cli\u003eHHS Enterprise Risk Management Framework\u003c/li\u003e\u003cli\u003eHHS Cloud Computing and FedRamp Guidance\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy Language\u003c/li\u003e\u003cli\u003eHHS Cyber Supply Chain Risk Management\u003c/li\u003e\u003cli\u003eHHS High Value Asset (HVA) Program\u003c/li\u003e\u003cli\u003eOCIO FITARA Approval Guidance\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eTransition to IPv6\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2021-08-004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides guidance to which HHS Operating Divisions (OpDivs) and Staff Divsions (StaffDivs) must follow to meet the requirements and milestones laid out in the OMB Memorandum 21-07, Completing the Transition to IPv6 (M-21-07)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/1/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eFederal Acquisition Regulation (FAR)\u003c/li\u003e\u003cli\u003eNIST S.P. 500-267A\u003c/li\u003e\u003cli\u003eNIST S.P. 500-267B\u003c/li\u003e\u003cli\u003eNIST S.P. 500-281A\u003c/li\u003e\u003cli\u003eNIST S.P. 500-281B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-21-07\u003c/li\u003e\u003cli\u003eOMB M-05-22\u003c/li\u003e\u003cli\u003eHHS IT Acquisition Reviews (ITAR)\u003c/li\u003e\u003cli\u003eHHS IT Asset Management (ITAM)\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy Language\u003c/li\u003e\u003cli\u003eHHS IT System Inventory Management\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eImplementation of DHS Directive on Vulnerability Disclosure\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-05-003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the HHS compliance requirements under the DHS B.O.D 20-01\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/4/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCarnegie Mellon SEI, The CERT Guide to Coordinated Vulnerable Disclosure\u003c/li\u003e\u003cli\u003eB.O.D. 20-01\u003c/li\u003e\u003cli\u003eDOJ A Framework for a Vulnerability Disclosure Program for Online Systems\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eISO/IEC 29147:2018\u003c/li\u003e\u003cli\u003eNIST Framework for Improving Critical Infrastructure Cybersecurity\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-20-32\u003c/li\u003e\u003cli\u003eEO 13800\u003c/li\u003e\u003cli\u003eTitle 44, U.S. Code, Section 3553(b)(2) Authority and Functions of the Director and the Secretary\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eImplementation of Trusted Internet Connections (TIC)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-03-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the requirements to which HHS Operating Divisions (OpDivs) must adhere when implementing TICs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/17/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e6 USC 1523(b)(1)(D)\u003c/li\u003e\u003cli\u003eOMB M-19-26\u003c/li\u003e\u003cli\u003eCommittee on National Security Systems (CNSS), Internet Engineering Task Force (IETF) RFC 4949\u003c/li\u003e\u003cli\u003eDHS CISA TIC Reference Architecture Document\u003c/li\u003e\u003cli\u003eDHS CISA TIC Volume 1-5\u003c/li\u003e\u003cli\u003eDHS CISA TIC Interim Telework Guidance\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA) Enterprise Infrastructure Solutions (EIS) Management and Operations Handbook\u003c/li\u003e\u003cli\u003eGSA, Transition Handbook, Network, WITS 3, and GSA Regional Local Services to EIS Contracts\u003c/li\u003e\u003cli\u003eNational Cybersecurity Protection System (NCPS) Cloud Interface Reference Architecture\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-41\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-145\u003c/li\u003e\u003cli\u003eNIST S.P. 800-152\u003c/li\u003e\u003cli\u003eNIST S.P. 800-207\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Internet and Email Security\u003c/li\u003e\u003cli\u003eHHS POA\u0026amp;M Standard\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Procurements - Security And Privacy Language\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-03-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Mandates the standard security and privacy language for information and information technology (IT) procurements throughout HHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/3/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/security-and-privacy-requirements-it-procurements\"\u003eCyberGeek - Security and Privacy Requirements for IT Procurements\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eBuy American Act\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eFASCSA 2018\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePublic Law 115-232 § 889\u003c/li\u003e\u003cli\u003ePublic Law 115-390\u003c/li\u003e\u003cli\u003eU.S.C of CFR\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eIT System Inventory Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2020-12-011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Direct HHS entities (i.e., Operating Divisions [OpDiv] and Staff Divisions [StaffDiv]) to establish and maintain an enterprise-wide inventory of HHS IT systems by providing guidance and baseline standards for maintaining a comprehensive inventory of all IT systems and related information\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA 2014\u003c/li\u003e\u003cli\u003eFITARA Enhancement Act of 2017\u003c/li\u003e\u003cli\u003eMEGABYTE Act of 2016\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-17-09\u003c/li\u003e\u003cli\u003eOMB M-19-01\u003c/li\u003e\u003cli\u003eOMB M-19-21\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eHHS CPIC\u003c/li\u003e\u003cli\u003eHHS HVA\u003c/li\u003e\u003cli\u003eHHS ITAM\u003c/li\u003e\u003cli\u003eHHS Records Management\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Asset Management (ITAM)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OCPO-2020-08-008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the HHS program for the management of IT and Telecommunication assets in compliance with the Cap Goal 7: Category Management - Leveraging Common Contracts and Best Practices to Drive Saving and Efficiencies, within the Presidents Management Agenda (PMA); to buy common goods and services as an enterprise to eliminate redundancies, increase efficiency, and to deliver more value and savings from the governments acquisition programs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/19/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003eE-Government Act\u003c/li\u003e\u003cli\u003eMEGABYTE Act of 2016\u003c/li\u003e\u003cli\u003eSection 508 of the Rehabilitation Act\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eFederal Accounting Standards Advisory Board (FASAB), Statement of Federal Financial Accounting Standards (SFFAS) No. 10, Accounting for Internal Use Software\u003c/li\u003e\u003cli\u003eFASAB, Federal Finacial Accounting Technical Release 16, Implementation Guidance for Internal Use Software\u003c/li\u003e\u003cli\u003eGAO 14-413\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-16-12\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-19-13\u003c/li\u003e\u003cli\u003eHHS FITARA Implementation-Revised HHS IT Governance Framework\u003c/li\u003e\u003cli\u003eHHS FITAR Implementation Plan\u003c/li\u003e\u003cli\u003eGAO audit recommendations of HHSs Telecommunications inventory management and IT Strategic Planning\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eVulnerability Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-08-009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the baseline requirements for maintaining and effective vulnerability management program to implement and support activities pertaining to vulnerability scanning and remediation and to continually manage risks impacting HHS IT resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/19/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eSection International Organization for Standardization (ISO) 27002\u003c/li\u003e\u003cli\u003eNIST S.P. 800-40\u003c/li\u003e\u003cli\u003eNIST S.P. 800-51\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-126\u003c/li\u003e\u003cli\u003eNIST S.P. 800-128\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eCyber Supply Chain Risk Management (C-SCRM)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-08-010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the baseline requirements for securing the information and communications technology (ICT) products and services supply chain in order to protect HHS information systems and information from the risks involving ICT procurement supply chain\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/18/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eSECURE Technology Act\u003c/li\u003e\u003cli\u003eBuy American Act\u003c/li\u003e\u003cli\u003ePublic Law 115-232 § 889\u003c/li\u003e\u003cli\u003eFASCSA 2018\u003c/li\u003e\u003cli\u003eComprehensive National Cybersecurity Initiative (CNCI)\u003c/li\u003e\u003cli\u003eCISA National Risk Management Center\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eNIST S.P. 800-161\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eHHS ISP2\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSection 508 Compliance and Accessibility of Information and Communications Technology (ICT)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2020-07-007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Implement uniformity and conformity of accessibility compliance across all of HHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCommunications Act of 1934\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003e36 CFR § 1193-1194\u003c/li\u003e\u003cli\u003eOMB M-17-06\u003c/li\u003e\u003cli\u003eOMB M-13-13\u003c/li\u003e\u003cli\u003eOMB M-16-20\u003c/li\u003e\u003cli\u003eOMB Memorandum, Improving the Accessibility of Government Information\u003c/li\u003e\u003cli\u003eOMB Strategic Plan for Improving Management of Section 508 of the Rehabilitation Act\u003c/li\u003e\u003cli\u003eRehabilitation Act of 1973\u003c/li\u003e\u003cli\u003eWorkforce Innovation and Opportunities Act\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Acquisition Reviews (ITAR)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2020-06-006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the HHS ITAR Program, which ensures HHS conducts its due diligence to manage and maintain oversight and governance over the procurement of IT therefore contributing to effective planning, budgeting, and execution of IT resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eNational Defense Authorization Act for Fiscal Year 2015\u003c/li\u003e\u003cli\u003eEO 13833\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-16-12\u003c/li\u003e\u003cli\u003eHHS FITARA Implementation-Revised HHS IT Governance Framework\u003c/li\u003e\u003cli\u003eHHS FITARA HHS Implementation Plan\u003c/li\u003e\u003cli\u003eHHS Memorandum for Record, HHS Chief Information Officer Delegation of Authorities to Operating Divsiion Chief Information Officers\u003c/li\u003e\u003cli\u003eHHS CPIC\u003c/li\u003e\u003cli\u003eHHS EPLC\u003c/li\u003e\u003cli\u003eHHS Procedures, Guidance and Instructions (PGI)\u003c/li\u003e\u003cli\u003eInformation Technology Decision Criteria and Clause Matrix\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy language\u003c/li\u003e\u003cli\u003eHHS Standard for Encryption of computing Devices and Information\u003c/li\u003e\u003cli\u003eHHS Minumun Security Configuration Standards Guidance\u003c/li\u003e\u003cli\u003eHHS Software Development Secure Coding Practices\u003c/li\u003e\u003cli\u003eHHS Directive for Acquisition Strategy\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePreparing for and Responding to a Breach\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-PIM-2020-05-003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Addresses OMB M-17-22, Preparing for and Responding to a Breach of PII, and sets forth the approach of HHS in preparing for and responding to breaches of PII in any medium or form\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\"\u003eCyberGeek - Risk Management Handbook Chapter 8: Incident Response (IR)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-20-04\u003c/li\u003e\u003cli\u003eOMB M-16-14\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePPD-41\u003c/li\u003e\u003cli\u003eNIST S.P. 800-34\u003c/li\u003e\u003cli\u003eNIST S.P. 800-61\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eUS-CERT Federal Incident Notification Guidelines\u003c/li\u003e\u003cli\u003eNational Cybersecurity and Communications Integration Center (NCCIC) Cyber Incident Scoring System\u003c/li\u003e\u003cli\u003eIdentity Protection Services (IPS) Multiple Award Blanket Purchase Agreement (BPA)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSecuring Wireless Local Area Networks\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-01-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Updates the requirements and specification for securing all HHS WLANs in compliance with the NIST S.P. 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs) and the Institute of Electrical and Electronic Engineers (IEEE) 802.11 WLANs standards\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/13/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-153\u003c/li\u003e\u003cli\u003eNIST S.P. 800-97\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Memorandum, Addendum to the HHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEnterprise Data Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-02-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the requirements for the efficient and secure management and protection of enterprise data\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/13/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-13-13\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eDomain Name System (DNS) and DNS Security Extensions (DNSSEC) Services\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2019-11-011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the minumum requirements for implementing the DNS and DNSEC services across the HHS and the OpDiv networks\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eDHS DNS Security Reference Architecture\u003c/li\u003e\u003cli\u003eNIST S.P. 800-81\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eDHS B.O.D. 19-01\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInternet and Email Security\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2019-10-009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the minimum requirements for securing the internet and email services throughout HHS, including OpDivs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-16-system-communications-protection\"\u003eCyberGeek - RMH Chapter 16: System \u0026amp; Communications Protection\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/email-encryption-requirements-cms\"\u003eCyberGeek - Email Encryption Requirements at CMS\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13800\u003c/li\u003e\u003cli\u003eOMB M-15-13\u003c/li\u003e\u003cli\u003eDHS B.O.D 19-01\u003c/li\u003e\u003cli\u003eDHS B.O.D 18-01\u003c/li\u003e\u003cli\u003eNIST S.P. 800-177\u003c/li\u003e\u003cli\u003eNIST S.P. 800-119\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC) Bureau of Consumer Protections, Businesses Can Help Stop Phishing and Protect their Brands Using Email Authentication\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior (ROB)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHigh Value Asset (HVA) Program\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2018-09-006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides HHS OpDivs and StaffDivs with the policy for governance of HHS HVAs along with the requirements for the identification, categorization, prioritization, reporting, assessment, and the remediation of finding of HVAs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-16-04\u003c/li\u003e\u003cli\u003eOMB M-19-02\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-13-13\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eDHS B.O.D. 18-02\u003c/li\u003e\u003cli\u003eCybersecurity Strategy and Implementation Plan for the Federal Civilian Government (CSIP)\u003c/li\u003e\u003cli\u003eCybersecurity National Action Plan (CNAP)\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Continuity of Operation Program\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy Language\u003c/li\u003e\u003cli\u003eSenior Accountable Official for Risk Management (SAORM) Designee for Department of Homeland Security B.O.D. 18-02 Securing HVAs\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMobile Devices and Removable Media\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2019-09-0005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Protects HHS information and information systems from risks related to the use of mobile devices for government businesses and the risks of using mobile devices to access HHS information systems remotely from outside of HHS facilities\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-5-configuration-management-cm\"\u003eCyberGeek - Risk Management Handbook Chapter 5: Configuration Management (CM)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-10-media-protection-mp\"\u003eCyberGeek - Risk Management Handbook Chapter 10: Media Protection (MP)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-access-control-handbook\"\u003eCyberGeek - CMS Access Control Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFederal Records Act of 1950\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-124\u003c/li\u003e\u003cli\u003eEO 13556\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior for Use of HHS Information and IT Resources Policy\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSoftware Development Secure Coding Practices\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2019-08-005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the minimum baseline secure coding practices that must be implemented to ensure secure code is “built in” in the early phases of the software development lifecycle in order to protect and secure all HHS information, IT systems, and networks\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMobile Applications Privacy Policy\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-PIM-2018-09-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Sets forth HHS policy for protecting privacy in HHS Mobile Applications\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eCOPPA 1998\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eOMB M-17-06\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB A-108\u003c/li\u003e\u003cli\u003eDigital Government: Building a 21st Century Platform to Better Serve the American People\u003c/li\u003e\u003cli\u003eNIST 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-163\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-61\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eHHS Policy and Plan for Preparing for and Responding to Breaches of PII\u003c/li\u003e\u003cli\u003eHHS Privacy Impact Assessment Guidance\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Privacy Impact Assessments (PIA)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology (IT) Policy for Enterprise Performance Life Cycle (EPLC)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2008-004.002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e All HHS IT projects shall be managed using the HHS EPLC Framework, including life cycle phases, reviews, deliverables, activities, responsibilities, and tailoring, regardless of the specific development methodology used\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.cms.gov/data-research/cms-information-technology/tlc\"\u003eCMS.gov - Target Life Cycle (TLC)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition\"\u003eCyberGeek - Risk Management Handbook Chapter 15: System \u0026amp; Services Acquisition\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-16-system-communications-protection\"\u003eCyberGeek - RMH Chapter 16: System \u0026amp; Communications Protection\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003eFederal Acquisition Certification-Program and Project Manager Program (FAC-P/PM)\u003c/li\u003e\u003cli\u003eHHS IT Capital Planning and Investment Control\u003c/li\u003e\u003cli\u003eHHS IRM Policy for Conducting IT Alternatives Analysis\u003c/li\u003e\u003cli\u003eHHS IT Performance Management (PfM)\u003c/li\u003e\u003cli\u003eHHS Enterprise Architecture (EA)\u003c/li\u003e\u003cli\u003eHHS IT System Inventory Management\u003c/li\u003e\u003cli\u003eHHS Records Mangement\u003c/li\u003e\u003cli\u003eHHS Implementing Email Records Management\u003c/li\u003e\u003cli\u003eHHS Section 508 and Accessibility of Technology and Communications Technology (ICT)\u003c/li\u003e\u003cli\u003eHHS Security Policies, Standards, Charters and Training Resources\u003c/li\u003e\u003cli\u003eHHS Incident Reporting, Policy and Incident Management Reference\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eGAO Cost Estimating and Assessment Guide\u003c/li\u003e\u003cli\u003eOMB M-05-23\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-127\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEnvironmental Practices of Electronics\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the framework for the implementation of sound environmental practices in the acquisition, operations and maintenance, and end-of-life management of HHS-purchased electronic products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/5/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Property Management\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13423\u003c/li\u003e\u003cli\u003eEO 13514\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eElectronic Stewardship\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2011-0002.001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the framework for the implementation of sound environmental practices in the acquisition, operations and maintenance, and end-of-life management of HHS-purchased electronic products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Property Management\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13423\u003c/li\u003e\u003cli\u003eEO 13514\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for FOIA Investigatory \u0026amp; Audit Matters\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides HHS staff with a policy for legal holds and to inform HHS staff about FOIA, investigatory, and audit matters that require holds on HHS records and other related documentary materials\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/26/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Freedom of Information Group\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFOIA\u003c/li\u003e\u003cli\u003e44 U.S.C Chapter 31\u003c/li\u003e\u003cli\u003e44 U.S.C Chapter 33\u003c/li\u003e\u003cli\u003e5 U.S.C Chapter 552\u003c/li\u003e\u003cli\u003e36 CFR Chapter XII, subchapter B\u003c/li\u003e\u003cli\u003eFederal Rules of Civil Procedure (FRCP)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for Networks Program Designated Agency Representatives\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2010-0005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Identifies and provides supplemental information in the establishment of titles, roles and responsibilities of Designated Agency Representatives (DARs) for the move from the FTS-2001 contract to the Networx contract and its transition program\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/10/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA) guidelines regarding Networx contracts, policies, and procedures\u003c/li\u003e\u003cli\u003eGSA DAR Guidelines for Network Services Contracts of the Office of ITS FAA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for Enterprise Architecture\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2008-0003.001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Outlines the roles and responsibilities for ensuring compliance with legislative and executive level guidance on Enterprise Architecture (EA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/7/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGRPA 1993\u003c/li\u003e\u003cli\u003eFASA V 1994\u003c/li\u003e\u003cli\u003ePRA 1995\u003c/li\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003eGovernment Paperwork Elimination Act of 1998\u003c/li\u003e\u003cli\u003eGISRA 2000\u003c/li\u003e\u003cli\u003eFISMA 2002\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eEO 13011\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-109\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-127\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-00-07\u003c/li\u003e\u003cli\u003eOMB M-97-02\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for eGov Forms\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2006-0003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensures that HHS maintains accurate form content for those HHS forms that are in the E-Gov Forms Catalogue, managed by the Small Business Administration (SBA) and the General Services Administration (GSA) under the Business Gateway (BG) initiative\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/7/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFederal Property and Administrative Services Act of 1949\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eSection 508 Rehabilitation Act\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act of 1980\u003c/li\u003e\u003cli\u003eInformation Quality Act\u003c/li\u003e\u003cli\u003e5 U.S.C. 552a(e)(1)\u003c/li\u003e\u003cli\u003e44 U.S.C. 3508\u003c/li\u003e\u003cli\u003eSmall Business Paperwork Relief Act of 2002\u003c/li\u003e\u003cli\u003e36 CFR Parts 1220-1238\u003c/li\u003e\u003cli\u003e5 CFR part 1320\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for HHSMail Change Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO 2006-0002.001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the policy for change management within the HHS HHSMail project\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eHHS Standards\u003c/h3\u003e\u003ch4\u003eHHS Standard for Plan of Action and Milestones (POAM) Management and Reporting\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2019-0002.001S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides OpDivs with the baseline standards and guidelines for properly documenting and managing POA\u0026amp;Ms and support the OpDivs in their development and management of POA\u0026amp;Ms within their respective organizations\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/3/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-plan-action-and-milestones-poam-handbook\"\u003eCyberGeek - CMS Plan of Action and Milestones (POA\u0026amp;M) Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eEO 13800\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-14-04\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Standard for System Inventory Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2018-0001.002S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides guidance and the baseline standards for maintaining a comprehensive inventory of all systems throughout HHS and enable management to have continuous accounting of all information systems and information assets\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/27/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Memorandum, FY15 Cybersecurity IT Priorities\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMinimum Security Configuration Standards Guidance\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2017-0001.001S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides personnel involved in configuring or connecting servers, workstations, or network devices to the HHS infrastructure with minimum security configuration standards for each respective device\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/5/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCyber Security Research and Development Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eCNSS Instruction No. 4009\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-52\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-60\u003c/li\u003e\u003cli\u003eNIST S.P. 800-70\u003c/li\u003e\u003cli\u003eNIST S.P. 800-115\u003c/li\u003e\u003cli\u003eNIST S.P. 800-128\u003c/li\u003e\u003cli\u003eNIST S.P. 800-152\u003c/li\u003e\u003cli\u003eNIST S.P. 800-175A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-179\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Minimum Security Configuration Standards for Palo Alto Networks\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2017-0001-002S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides OpDivs with specific technical configuration guidance for implementing the Palo Alto Networks Uniform Resource Locator (URL) filtering and Transport Layer Security (TLS) decryption solution\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/31/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-privacy-impact-assessment-pia-handbook\"\u003eCyberGeek - CMS Privacy Impact Assessment (PIA) Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eNIST S.P. 800-66\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eHHS Memoranda\u003c/h3\u003e\u003ch4\u003eHHS Approved Physical Access and Logical Access Authentication Mechanisms\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/15/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-access-control-handbook\"\u003eCyberGeek - CMS Access Control Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHSPD-12\u003c/li\u003e\u003cli\u003eOMB M-19-17\u003c/li\u003e\u003cli\u003eOMB M-22-09\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63-3\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63C\u003c/li\u003e\u003cli\u003eNIST S.P. 800-157\u003c/li\u003e\u003cli\u003eNIST S.P. 800-217\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eReminder of Existing HHS IT User Policies Relevant for Third-Party Generative AI Tools\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/20/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e40 U.S.C § 11319(b)(1)(A)\u003c/li\u003e\u003cli\u003e40 U.S.C § 11319\u003c/li\u003e\u003cli\u003e40 U.S.C § 11315(c)(2)\u003c/li\u003e\u003cli\u003eHHS Securing AI Technology\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior for Use of Information and IT Resources\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMemorandum M-23-13 “No TikTok on Government Devices” Implementation\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/31/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNo TikTok on Government Devices Act\u003c/li\u003e\u003cli\u003eOMB M-23-13\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eIS2P / NIST S.P. 800-53 Revision 5 - Compliance Timeline\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/20/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eHHS IS2P \u0026nbsp;\u003c/li\u003e\u003cli\u003eHHS Control Catalog\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eUpdated Department Standard Warning Banner for HHS Systems\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 9/12/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRescission of Outdated and Superseded Policy\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/9/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Control Catalog\u003c/li\u003e\u003cli\u003eHHS Minimum Security Configuration Standards Guidance\u003c/li\u003e\u003cli\u003eHHS Minimum Security Configuration Standards for Palo Alto Networks\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Social Security Number (SSN) Reduction and Elimination\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/10/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act of 1995\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eOMB M-07-16\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eEO 9397\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eHHS Sensitive PII Definition and Guidance\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eComplete Transition to IPv 6 Memorandum\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 4/29/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-21-07\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRoles \u0026amp; Repsonsibilities of OpDiv SOPs\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/3/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eImplementing Recommendations of the 9/11 Commission Act of 2007\u003c/li\u003e\u003cli\u003eEO 13636\u003c/li\u003e\u003cli\u003eEO 9397\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-20-04\u003c/li\u003e\u003cli\u003eOMB M-16-24\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-10-22\u003c/li\u003e\u003cli\u003eOMB M-07-16\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS IT Acquisition Reviews (ITAR)\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS High Value Asset (HVA) Program\u003c/li\u003e\u003cli\u003eHHS IT Procurements Security and Privacy Language\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003eHHS Mobile Applications Privacy Policy\u003c/li\u003e\u003cli\u003eHHS POA\u0026amp;M Standard\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eHHS Sensitive PII Definition and Guidance\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eUse of Government Furnished Equipment (GFE) During Foreign Travel\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 2/10/21\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Counterintelligence and Insider Threat - Foreign Travel\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140-2\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRescission of Security and Privacy Outdated and Superseded Policies\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/25/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS IT Security and Privacy Incident Reporting and Response\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Minimum Security Configurations Standards Guidance\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSensitive PII Definition and Guidance\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/4/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST S.P. 800-88\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAddendum to the HHS IS2P\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/24/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003ch4\u003eRequirement for Role-Based Training of Personnel with Significant Security Responsibilities\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/28/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/role-based-training-rbt\"\u003eCyberGeek - Role Based Training (RBT)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFCWAA 2015\u003c/li\u003e\u003cli\u003e5 CFR 930.301\u003c/li\u003e\u003cli\u003eNIST S.P. 800-181\u003c/li\u003e\u003cli\u003eNIST S.P. 800-16\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Cloud Computing and Federal Risk and Authorization Management Program Guidance\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/15/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/fedramp\"\u003eCyberGeek - Federal Risk and Authorization Management Program (FedRAMP)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFedRAMP\u003c/li\u003e\u003cli\u003eNIST S.P. 800-144\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eHHS Cloud Computing Strategy\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEnd-of-Life Operating Systems, Software and Applications Policy\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/19/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eFY15 Cybersecurity IT Priorities\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/1/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eEO 13636\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Usage of Unauthorized External Information Systems to Conduct Department Business Memorandum\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/8/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Security Data Warehouse Escalation Memorandum\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/15/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for Monitoring Employee Use of HHS IT Resources (2013)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/26/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIG Act 1978\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eWhistleblower Protection Act\u003c/li\u003e\u003cli\u003eFOIA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eDetermining Non-Sensitive Data on Mobile Computers/Devices\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/11/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-06-16\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eImplementation of OMB M-10-22 and M-10-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/21/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-10-22\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-07-16\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eResolving Security Audit Finding Disputes\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/13/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-08-21\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eUpdated Departmental Standard for the Definition of Sensitive Information\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/18/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003ch4\u003eApplicability of FISMA to HHS Grantees\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/29/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2002\u003c/li\u003e\u003cli\u003eOMB M-07-19\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eHHS Guides, Forms, and Templates\u003c/h3\u003e\u003ch4\u003eInformation Security \u0026amp; Privacy Certification Checklist\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/1/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition\"\u003eCyberGeek - Risk Management Handbook Chapter 15: System \u0026amp; Services Acquisition\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eNIST S.P. 800-60\u003c/li\u003e\u003cli\u003eNIST S.P. 800-88\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy Exception-Risk Based Decision Request\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/10/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e44 U.S. C, Sec. 3502\u003c/li\u003e\u003cli\u003eOMB A-127\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Guidance for Selection of e-Authentication Assurance Levels\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13681\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63-3\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63C\u003c/li\u003e\u003cli\u003eOMB M-04-04\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Guidance for e-Authentication RA Template\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-63\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63-3\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63C\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eCharter Establishing the EPLC Change Control Board\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e \u003ca href=\"https://www.cms.gov/data-research/cms-information-technology/tlc\"\u003eCMS.gov - Target Life Cycle\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eNon-Disclosure Agreement\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e N/A\u003c/p\u003e"])</script><script>self.__next_f.push([1,"1b:T3796b,"])</script><script>self.__next_f.push([1,"\u003cp\u003eThere are federal laws, regulations, and policies outside of CMS that shape how security and privacy is managed inside CMS. This page contains a comprehensive list of these external requirements, and shows how they relate to the security and privacy policies and guidance at CMS.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDISCLAIMER:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cem\u003eThe laws, regulations, standards, and guidelines provided herein are considered a work in progress and are subject to continuous updates. While we strive to ensure the accuracy and relevance of the information presented, it is important to note that legislative changes, regulatory updates, or evolving standards may impact the content provided. Users are encouraged to regularly check for the latest revisions and consult official sources to ensure compliance with the most current legal and regulatory requirements. The information offered is intended for general informational purposes only and should not be construed as legal advice. Any reliance on the content provided is at the user's own risk. We reserve the right to modify, amend, or update the information without prior notice.\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eQUESTIONS OR COMMENTS?\u003c/strong\u003e Check out CMS Slack channel:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://cmsgov.slack.com/archives/C06KFL4RSSC\"\u003e# cms_fed_laws_policies\u003c/a\u003e\u003c/p\u003e\u003ch2\u003eFederal Laws\u003c/h2\u003e\u003cp\u003eLaws are passed by both branches of Congress and signed by the President. Laws establish requirements or prohibitions. This list contains all federal laws that relate to information security and privacy at CMS.\u003c/p\u003e\u003ch3\u003eFISMA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.cisa.gov/topics/cyber-threats-and-advisories/federal-information-security-modernization-act\"\u003eFederal Information Security Modernization Act of 2014 (FISMA 2014\u003c/a\u003e)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eFederal legislation that defines a framework of guidelines and security standards to protect government information and operations\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eFISMA 2014 amends the FISMA of 2002\u003c/p\u003e\u003ch3\u003eThe Privacy Act of 1974\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.justice.gov/opcl/overview-privacy-act-1974-2020-edition/introduction\"\u003eThe Privacy Act of 1974\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eEstablishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Sep 1975\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eHIPAA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html\"\u003eHealth Insurance Portability and Accountability Act (HIPAA) of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eFederal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patients consent or knowledge\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eHHS issued the Privacy Rule and the Security Rule to implement the requirement of HIPAA\u003c/p\u003e\u003ch3\u003eE-Government Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.justice.gov/opcl/e-government-act-2002\"\u003eE-Government Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eImproves the management of Federal e-government services and processes involving the collection, maintenance, or dissemination of public or personal information\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eSection 208 requires Privacy Impact Assessments (PIAs)\u003c/p\u003e\u003ch3\u003eFedRAMP\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.fedramp.gov/program-basics/\"\u003eFederal Risk and Authorization Management Program (FedRAMP)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eA government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003e2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eJoint Authorization Board (JAB)\u003c/li\u003e\u003cli\u003eDepartment of Defense (DoD)\u003c/li\u003e\u003cli\u003eDepartment of Homeland Security (DHS)\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eComputer Matching and Privacy Protection Act of 1988\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.congress.gov/bill/100th-congress/senate-bill/496\"\u003eComputer Matching and Privacy Protection Act of 1988\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eRequires agencies engaged in computer matching activities to provide notice to individuals if their information is being disclosed to other federal and state agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eSep 1988\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eGovernment Accountability Office (GAO)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSection 508\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.section508.gov/manage/laws-and-policies/\"\u003eSection 508 of the Rehabilitation Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eA federal law that requires agencies to provide individuals with disabilities equal access to electronic information and data comparable to those who do not have disabilities, unless an undue burden would be imposed on the agency\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003e1988\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eU.S. Access Board\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eAmended in 2000\u003c/p\u003e\u003ch3\u003eHSPD-12\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.dhs.gov/homeland-security-presidential-directive-12\"\u003eHomeland Security Presidential Directive 12 (HSPD-12)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eA Government-wide standard for a secure and reliable form of identification issued by the Federal government to its employees and employees of Federal contractors for access to Federally-controlled facilities and Government information systems\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFASCSA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.congress.gov/bill/115th-congress/senate-bill/3085/text\"\u003eFederal Acquisition Supply Chain Security Act (FASCSA) of 2018\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eTo establish a Federal Acquisition Security Council and to provide executive agencies with authorities relating to mitigating supply chain risks in the procurement of information technology, and for other purposes\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eGovernment Accountability Office (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFITARA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.cio.gov/handbook/it-laws/fitara-2014/\"\u003eFederal Information Technology Acquisition Reform Act (FITARA) of 2014\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eStrengthens the role of agency Chief Information Officers (CIOs) and provided greater accountability for the delivery of IT capabilities across the Federal Government\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eOMB M-15-14 implements\u003c/p\u003e\u003ch3\u003eMMA of 2003\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.ssa.gov/privacy/pia/Medicare%20Modernization%20Act%20(MMA)%20FY07.htm\"\u003eMedicare Prescription Drug, Improvement, and Modernization Act (MMA) of 2003\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eAmended section 1144 of the Social Security Act to require the Commissioner of Social Security to conduct additional outreach efforts to identify individuals entitled to benefits, or enrolled under the Medicare program under Title XVIII, who may be eligible for transitional assistance under the Medicare Prescription Drug Discount Card Program and premium and cost-sharing subsidies under the Prescription Drug Card Part D Program\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Health and Human Services (HHS) - Centers for MEDICARE \u0026amp; MEDICAID Services (CMS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eBuy America Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.gao.gov/products/105519\"\u003eBuy America Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eRequires Federal agencies to procure domestic materials and products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApr 1978\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eGovernment Accountability Office (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eNo TikTok on Government Devices Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.congress.gov/bill/117th-congress/senate-bill/1143\"\u003eNo TikTok on Government Devices Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eRequires the social media video application TikTok to be removed from the information technology of federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFOIA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.foia.gov/\"\u003eFreedom of Information Act (FOIA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eProvides that any person has the right to request access to federal agency records or information except to the extent the records are protected from disclosure by any of nine exemptions contained in the law or by one of three special law enforcement record exclusions\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1967\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Justice (DOJ)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eIG Act of 1978\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.ignet.gov/content/inspector-general-act-1978\"\u003eInspectors General Act (IG Act) of 1978\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eCreates Inspector General positions and offices in more than a dozen specific departments and agencies. The Act gave these inspectors general the authority to review the internal documents of their departments or offices. They were given responsibility to investigate fraud, to give policy advice (5 U.S.C. § 404; IG Act, sec. 4), to handle certain complaints by employees, and to report to the heads of their agencies and to Congress on their activities every six months\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1978\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eDOTGOV Act of 2020\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.federalregister.gov/documents/2022/07/26/2022-15670/federal-management-regulation-fmr-internet-gov-domain\"\u003eDOTGOV Online Trust in Government Act of 2020\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eTransfers the DotGov internet domain program, as operated by the General Services Administration under title 41, Code of Federal Regulations, to DHS CISA. The Act also orders that on the date CISA begins operational administration of the DotGov internet domain program, the GSA Administrator shall rescind the requirements in part 102173 of title 41, Code of Federal Regulations applicable to any Federal, State, local, or territorial government entity, or other publicly controlled entity, including any Tribal government recognized by the Federal Government or a State government that is registering or operating a DotGov internet domain. Finally, the DOTGOV orders that in place of the requirements in part 102173 of title 41, Code of Federal Regulations, CISA, in consultation with the Director of Management and Budget (OMB), shall establish and publish a new set of requirements for the registration and operation of DotGov domains.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003ePart of the Consolidated Appropriations Act, 2021\u003c/p\u003e\u003ch3\u003eGovernment Performance and Results Act (GPRA) of 1993\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.federalreserve.gov/publications/gpra.htm\"\u003eGovernment Performance and Results Act (GPRA) of 1993\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to prepare a strategic plan covering a multiyear period and requires each agency to submit an annual performance plan and an annual performance report.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 1993\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Acquisition Streamlining Act (FASA) of 1994\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/103rd-congress/senate-bill/1587\"\u003eFederal Acquisition Streamlining Act (FASA) of 1994\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Streamlines the federal governments acquisition system and dramatically changes the way the government performs its contracting functions. Generally, the statute seeks to: (1) increase the governments reliance on commercial goods and services; (2) streamline the procurement process for high volume, low value acquisitions; (3) improve access by small businesses to government contracting opportunities; (4) improve the bid protest process; and (5) extend the Truth in Negotiations Act to civilian agencies and raise the threshold for submitting certified cost or pricing data under that Act.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1994\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePaperwork Reduction Act (PRA) of 1995\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/104th-congress/senate-bill/244\"\u003ePaperwork Reduction Act (PRA) of 1995\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires that agencies obtain Office of Management and Budget (OMB) approval before requesting most types of information from the public. “Information collections” include forms, interviews, and record keeping, to name a few categories.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 1995\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Financial Management Improvement Act of 1996\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/104th-congress/house-bill/4319\"\u003eFederal Financial Management Improvement Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Advances Federal financial management by ensuring that Federal financial management systems provide accurate, reliable, and timely financial management information to the governments managers.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eSep 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eClinger-Cohen Act of 1996\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/clinger-cohen-act/\"\u003eClinger-Cohen Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The IT Management Reform Act (ITMRA) and the Federal Acquisition Reform Act (FARA) together make up the Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Records Act (FRA) (Records Management Act of 1950)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://presidentialtransition.org/wp-content/uploads/sites/6/2020/11/Federal-Records-Act-Overview.pdf\"\u003eRecords Management Act of 1950 / Federal Records Act (FRA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Designed to ensure that institutional records of vital historical, fiscal and legal value are identified and preserved by the government, providing the public with a historical record of federal; decision-making.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1950\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eNational Archives and Records Administration (NARA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSection 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.acquisition.gov/Section-889-Policies\"\u003eSection 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prohibits the Federal Government from procuring or obtaining, or extending or renewing a contract to procure or obtain “any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system,” on or after August 13, 2019, unless an exception applies or a waiver is granted.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Defense (DoD)\u003c/li\u003e\u003cli\u003eNational Aeronautics and Space Administration (NASA)\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFITARA Enhancement Act of 2017\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/115th-congress/house-bill/3243\"\u003eFITARA Enhancement Act of 2017\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e An act to amend title 40, United States Code, to eliminate the sunset of certain provisions relating to information technology, to amend the National Defense Authorization Act for Fiscal Year 2015 to extend the sunset relating to the Federal Data Center Consolidation Initiative, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eMaking Electronic Government Accountable by Yielding Tangible Efficiencies (MEGABYTE) Act of 2016\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/114th-congress/house-bill/4904/text\"\u003eMaking Electronic Government Accountable by Yielding Tangible Efficiencies (MEGABYTE) Act of 2016\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the Director of the Office of Management and Budget to issue a directive on the management of software licenses by the US federal government.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eStrengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure (SECURE) Technology Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/115th-congress/house-bill/7327/text\"\u003eStrengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure (SECURE) Technology Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the Secretary of Homeland Security to establish a security vulnerability disclosure policy, to establish a bug bounty program for the Department of Homeland Security, to amend title 41, United States Code, to provide for Federal acquisition supply chain security, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eCommunications Act of 1934\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1288\"\u003eCommunications Act of 1934\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Combined and organized federal regulation of telephone, telegraph, and radio communications. The Act created the Federal Communications Commission (FCC) to oversee and regulate these industries. The Act is updated periodically to add provisions governing new communications technologies, such as broadcast, cable and satellite television.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJun 1934\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eFederal Communications Commission (FCC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eWorkforce Innovation and Opportunities Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.dol.gov/agencies/eta/wioa\"\u003eWorkforce Innovation and Opportunities Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Designed to strengthen and improve our nation's public workforce system and help get Americans, including youth and those with significant barriers to employment, into high-quality jobs and careers and help employers hire and retain skilled workers.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Labor (DOL)\u003c/li\u003e\u003cli\u003eDepartment of Education (ED)\u003c/li\u003e\u003cli\u003eDepartment of Health and Human Services (HHS)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eChildrens Online Privacy Protection Act (COPPA) of 1998\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa\"\u003eChildrens Online Privacy Protection Act (COPPA) of 1998\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApr 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eFederal Trade Commission (FTC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGovernment Paperwork Elimination Act of 1998\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/gpea/\"\u003eGovernment Paperwork Elimination Act of 1998\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e It requires Federal agencies, by October 21, 2003, to provide individuals or entities that deal with agencies the option to submit information or transact with the agency electronically, and to maintain records electronically, when practicable.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Property and Administrative Services Act of 1949\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/USCODE-2011-title40/html/USCODE-2011-title40-subtitleI-chap1.htm\"\u003eFederal Property and Administrative Services Act of 1949\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the General Services Administration (GSA). The act also provides for various Federal Standards to be published by the GSA.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1949\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eGeneral Services Administration (GSA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eInformation Quality Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/information-quality-act/\"\u003eInformation Quality Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the OMB to promulgate guidance to agencies ensuring the quality, objectivity, utility, and integrity of information (including statistical information) disseminated by Federal agencies.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSmall Business Paperwork Relief Act of 2002\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.sba.gov/document/policy-guidance--small-business-paperwork-relief-act-2002\"\u003eSmall Business Paperwork Relief Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Institutes a process to reduce paperwork, and introduces measures to make it easier for small businesses to comply with the law.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJun 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eCyber Security Research and Development Act of 2002\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/107th-congress/house-bill/3394\"\u003eCyber Security Research and Development Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Authorizes appropriations to the National Science Foundation (NSF) and to the Secretary of Commerce for the National Institute of Standards and Technology (NIST) to establish new programs, and to increase funding for certain current programs, for computer and network security (CNS) research and development and CNS research fellowships.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eNational Science Foundation (NSF)\u003c/li\u003e\u003cli\u003eNational Institute of Standards and Technology (NIST)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eImplementing Recommendations of the 9/11 Commission Act of 2007\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/110th-congress/house-bill/1\"\u003eImplementing Recommendations of the 9/11 Commission Act of 2007\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides for implementation of recommendations of the National Commission on Terrorist Attacks Upon the United States (9/11 Commission).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Cybersecurity Workforce Assessment Act (FCWAA) of 2015\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/113/plaws/publ246/PLAW-113publ246.pdf\"\u003eFederal Cybersecurity Workforce Assessment Act (FCWAA) of 2015\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the Secretary of Homeland Security to assess the cybersecurity workforce of the Department of Homeland Security and develop a comprehensive workforce strategy, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eWhistleblower Protection Act of 1989\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/101st-congress/senate-bill/20\"\u003eWhistleblower Protection Act of 1989\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prohibits retaliation against most executive branch employees when they blow the whistle on \u0026nbsp;ignificant agency wrongdoing or when they engage in protected conduct.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApr 1989\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Special Counsel\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eComputer Security Act of 1987\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/100th-congress/house-bill/145/all-info\"\u003eComputer Security Act of 1987\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides for a computer standards program within the National Bureau of Standards, to provide for Government-wide computer security, and to provide for the training in security matters of persons who are involved in the management, operation, and use of Federal computer systems, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJan 1988\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eNational Institute of Standards and Technology (NIST)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eOffice of Federal Procurement Policy Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/omb/management/office-federal-procurement-policy/\"\u003eOffice of Federal Procurement Policy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The Office of Federal Procurement Policy (OFPP) was established by Congress in 1974 to provide overall direction for government-wide procurement policies, regulations and procedures and to promote economy, efficiency, and effectiveness in acquisition processes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Aug 1974\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Activities Inventory Reform (FAIR) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/105/plaws/publ270/PLAW-105publ270.pdf\"\u003eFederal Activities Inventory Reform (FAIR) Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to submit to the Office of Management and Budget inventories of commercial activities performed by federal employees every year by June 30.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Oct 1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eBudget and Accounting Act of 1921\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/D03855.pdf\"\u003eBudget and Accounting Act of 1921\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides a national budget system and an independent audit of Government accounts, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jun 1921\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Managers' Financial Integrity Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/omb/financial_fmfia1982\"\u003eFederal Managers Financial Integrity Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the statutory basis for managements responsibility for and assessment of accounting and administrative internal controls. Such controls include program, operational, and administrative areas, as well as accounting and financial management.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Sep 1982\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSarbanes-Oxley Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://sarbanes-oxley-act.com/\"\u003eSarbanes-Oxley Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Contains provisions affecting corporate governance, risk management, auditing, and financial reporting of public companies, including provisions intended to deter and punish corporate accounting fraud and corruption.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jul 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003ePublic Company Accounting Oversight Board (PCAOB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eDigital Accountability and Transparency Act (DATA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/113/plaws/publ101/PLAW-113publ101.pdf\"\u003eDigital Accountability and Transparency Act (DATA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to prepare and submit standardized, accurate information about their spending.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e May 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eDepartment of Treasury\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eElectronic Signatures in Global and National Commerce (E-Sign) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/PLAW-106publ229/pdf/PLAW-106publ229.pdf\"\u003eElectronic Signatures in Global and National Commerce (E-Sign) Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Facilitates the use of electronic records and signatures in interstate or foreign commerce.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jun 2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Commerce\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eSpecifies that, in the United States, the use of an electronic signature (e-signature) is as legally valid as a traditional signature written in ink on paper.\u003c/p\u003e\u003ch3\u003eChief Financial Officers Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/cfo-act/\"\u003eChief Financial Officers Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Gives OMB new authority and responsibility for directing federal financial management, modernizing the governments financial management systems, and strengthening financial reporting.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 1990\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eHomeland Security Act of 2002\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.dhs.gov/homeland-security-act-2002\"\u003eHomeland Security Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Established the Department of Homeland Security\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eHealth Information Technology for Economic and Clinical Health (HITECH) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html\"\u003eHITECH Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Part of the American Recovery and Reinvestment Act of 2009 that incentivized the meaningful use of Electronic Health Records (EHRs) and strengthened the privacy and security provisions of HIPAA.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Health and Human Services (HHS)\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePatient Protection and Affordable Care Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/3590\"\u003ePatient Protection and Affordable Care Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensures that all Americans have access to quality, affordable health care and will create the transformation within the health care system necessary to contain costs.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMar 2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGovernment Performance and Results Act (GPRA) Modernization Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/111/plaws/publ352/PLAW-111publ352.pdf\"\u003eGovernment Performance and Results Act (GPRA) Modernization Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e An amended version of the Government Performance and Results Act of 1993, it requires each executive agency to make its strategic plan available on its public website and to the OMB on the first Monday in February of any year following that in which the term of the President commences and to notify the President and Congress.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJan 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGenetic Information Nondiscrimination Act (GINA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/PLAW-110publ233/pdf/PLAW-110publ233.pdf\"\u003eGenetic Information Nondiscrimination Act (GINA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Protects individuals against discrimination based on their genetic information in health coverage and in employment.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eEconomy Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.acquisition.gov/node/29803/printable/pdf\"\u003eEconomy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Authorizes agencies to enter into agreements to obtain \u003cem\u003esupplies\u003c/em\u003e or services from another agency.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 1933\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Federal Acquistition Regulations (FAR)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eIPERIA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/112/plaws/publ248/PLAW-112publ248.pdf\"\u003eImproper Payments Elimination and Recovery Improvement Act (IPERIA) of 2012\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides guidance on monitoring and reporting improper payments, and requires agencies to continue their review of programs and activities annually to identify those susceptible to significant improper payments and updates the definition of significant improper payments.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJan 2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eAntideficiency Act (ADA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/legal/appropriations-law/resources\"\u003eAntideficiency Act (ADA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prohibits federal agencies from obligating or expending federal funds in advance or in excess of an appropriation, and from accepting voluntary services.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eSep 1982\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Government Accountability Offices (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eBudget Control Act of 2011\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/112/plaws/publ25/PLAW-112publ25.pdf\"\u003eBudget Control Act of 2011\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Amends the Balanced Budget and Emergency Deficit Control Act of 1985 (Gramm-Rudman-Hollings Act) to revise sequestration requirements for enforcement of discretionary spending limits (spending caps).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Activities Inventory Reform (FAIR) Act of 1998\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/105/plaws/publ270/PLAW-105publ270.pdf\"\u003eFederal Activities Inventory Reform (FAIR) Act of 1998\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to submit to the Office of Management and Budget inventories of commercial activities performed by federal employees every year by June 30.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eTelework Enhancement Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/1722/text\"\u003eTelework Enhancement Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the head of each executive agency to: (1) establish a policy under which eligible agency employees may be authorized to telework; (2) determine employee eligibility to participate in telework; and (3) notify all employees of their eligibility to telework.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Personnel Management (OPM)\u003c/li\u003e\u003cli\u003eFederal Emergency Management Agency (FEMA)\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eNational Archives and Records Administration (NARA)\u003c/li\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eDepartment of Homeland Security (DHS)\u003c/li\u003e\u003cli\u003eNational Institute of Standards and Technology (NIST)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePlain Writing Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/PLAW-111publ274/pdf/PLAW-111publ274.pdf\"\u003ePlain Writing Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the effectiveness and accountability of Federal agencies to the public by promoting clear Government communication that the public can understand and use.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eConsolidated Appropriations Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/111/plaws/publ117/PLAW-111publ117.pdf\"\u003eConsolidated Appropriations Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e An act making appropriations for the Departments of Transportation, and Housing and Urban Development, and related agencies for the fiscal year ending September 30, 2010, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Dec 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/3288\"\u003eMultiple agencies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e Many agencies oversee the guidance for this Act\u003c/p\u003e\u003ch3\u003eAmerican Recovery and Reinvestment Act of 2009\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/1/text\"\u003eAmerican Recovery and Reinvestment Act of 2009\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Developed in response to the Great Recession, the primary objective of this federal statute was to save existing jobs and create new ones as soon as possible. Other objectives were to provide temporary relief programs for those most affected by the recession and invest in infrastructure, education, health, and renewable energy.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/1\"\u003eMultiple agencies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e Many agencies oversee the guidance for this Act\u003c/p\u003e\u003ch3\u003eProject BioShield Act of 2004\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/108th-congress/senate-bill/15/text\"\u003eProject BioShield Act of 2004\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Project BioShield was established to help incentivize private industry to develop vitally needed medical countermeasures by providing multi-year funding to support advanced research, clinical development, manufacture and procurement.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003ePublic Health Service Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.ssa.gov/policy/docs/ssb/v7n8/v7n8p15.pdf\"\u003ePublic Health Service Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Consolidates and revises the laws relating to the Public Health Service.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1944\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003eIntelligence Reform and Terrorism Prevention Act of 2004\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/108th-congress/senate-bill/2845/text\"\u003eIntelligence Reform and Terrorism Prevention Act of 2004\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Reforms the intelligence community and the intelligence and intelligence-related activities of the United States Government, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003eElectronic Freedom of Information Act Amendments of 1996\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/104/plaws/publ231/PLAW-104publ231.htm\"\u003eElectronic Freedom of Information Act Amendments of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The Freedom of Information Act (FOIA) established the public's right of access to government information, on the basis of openness and accountability. The 1996 Electronic Freedom of Information Act (e-FOIA) Amendments extended these principles to include electronic access to information.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Oct 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Justice (DoJ)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003eClarifying Lawful Overseas Use of Data (CLOUD) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2022/07/06/2022-14320/office-of-the-attorney-general-clarifying-lawful-overseas-use-of-data-act-attorney-general\"\u003eClarifying Lawful Overseas Use of Data (CLOUD) Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Lifts certain restrictions under U.S. law on companies disclosing electronic data, in response to qualifying, lawful orders in investigations of serious crime, directly to a qualifying foreign government with which the United States has entered into an executive agreement governing access by the foreign government to covered data.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jul 2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Justice (DoJ)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eFederal Regulations\u003c/h2\u003e\u003cp\u003eRegulations are published by executive branch agencies to clarify their interpretation of a law and how a law will be implemented. Regulations also state requirements or prohibitions. This list contains all federal regulations that relate to information security and privacy at CMS.\u003c/p\u003e\u003ch3\u003eB.O.D. 18-01\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/news-events/directives/bod-18-01-enhance-email-and-web-security\"\u003eBinding Operational Directive (B.O.D) 18-01: Enhance Email and Web Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Enhances the security of federal agencies' email and web systems to protect against cyber threats. The directive outlines specific actions that federal agencies must take to improve their email and web security posture, including implementing specific security protocols, enhancing monitoring capabilities, and strengthening authentication mechanisms.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Oct 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eB.O.D. 18-02\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.cisa.gov/news-events/directives/bod-18-02-securing-high-value-assets\"\u003eBinding Operation Directive (B.O.D.) 18-02 - Security High Value Assets (HVAs)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eEnhances the Department of Homeland Security's coordinated approach to securing the federal governments HVAs from cybersecurity threats\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eFISMA 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eB.O.D. 20-01\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/news-events/directives/bod-20-01-develop-and-publish-vulnerability-disclosure-policy\"\u003eBinding Operation Directive (B.O.D) 20-01: Develop and Publish a Vulnerability Disclosure Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires each agency to develop and publish a vulnerability disclosure policy (VDP) and maintain supporting handling procedures.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Sep 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law:\u003c/strong\u003e OMB M-20-32\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.D. 19-01\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/news-events/directives/ed-19-01-mitigate-dns-infrastructure-tampering\"\u003eEmergency Directive (E.D.) 19-01: Mitigate DNS Infrastructure Tampering\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires agencies take near-term actions to mitigate risks from undiscovered tampering, enable agencies to prevent illegitimate DNS activity for their domains, and detect unauthorized certificates.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jan 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law:\u003c/strong\u003e Homeland Security Act of 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eThe Privacy Rule\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html\"\u003eThe Privacy Rule\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eAssures that individuals' health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well being\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eHIPAA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Health and Human Services (DHHS or HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eRegulation that implements HIPAA requirements\u003c/p\u003e\u003ch3\u003eThe Security Rule\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html\"\u003eThe Security Rule\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eEstablishes standards and safeguards for the secure handling of electronic protected health information (ePHI) by healthcare entities, aiming to ensure the confidentiality, integrity, and availability of sensitive health data\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eHIPAA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Health and Human Services (DHHS or HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eRegulation that implements HIPAA requirements\u003c/p\u003e\u003ch3\u003eFAR\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.acquisition.gov/sites/default/files/current/far/pdf/FAR.pdf\"\u003eFederal Acquisition Regulation (FAR)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003ePrimary regulation for use by all executive agencies in their acquisition of supplies and services with appropriated funds\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApril 1984\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eCompetition in Contracting Act of 1984 - FAR: Title 48 of the Code of Federal Regulations (CFR).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eGeneral Services Administration (GSA), Department of \u0026nbsp;Defense (DOD), \u0026amp; National Aeronautics and Space Administration (NASA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Accounting Standards Advisory Board (FASAB)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://fasab.gov/accounting-standards/\"\u003eFederal Accounting Standards Advisory Board (FASAB)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Primary regulation for use by all executive agencies in their acquisition of supplies and services with appropriated funds\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1990\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eCompetition in Contracting Act of 1984 - FAR: Title 48 of the Code of Federal Regulations (CFR).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Treasury, Office of Management and Budget (OMB), \u0026amp; Government Accountability Office (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eFederal Information Processing Standards (FIPS) Publications\u003c/h2\u003e\u003cp\u003eFederal Information Processing Standards (FIPS) are standards and guidelines for federal computer systems that are developed by \u003ca href=\"https://security.cms.gov/learn/national-institute-standards-and-technology-nist\"\u003eNational Institute of Standards and Technology (NIST)\u003c/a\u003e in accordance with the \u003ca href=\"https://security.cms.gov/learn/federal-information-security-modernization-act-fisma\"\u003eFederal Information Security Management Act (FISMA)\u003c/a\u003e and approved by the Secretary of Commerce.\u003c/p\u003e\u003cp\u003eFIPS Standards can be viewed and downloaded from the NIST Computer Security Resource Center (CSRC) website here: \u003ca href=\"https://csrc.nist.gov/publications/fips\"\u003eFIPS publications\u003c/a\u003e\u003c/p\u003e\u003cp\u003eAnswers to Frequently Asked Questions about FIPS can be found on the NIST website here: \u003ca href=\"https://www.nist.gov/standardsgov/compliance-faqs-federal-information-processing-standards-fips\"\u003eFIPS FAQs\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThis list contains all FIPS publications that relate to information security and privacy at CMS.\u003c/p\u003e\u003ch3\u003eFIPS-202\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/202/final\"\u003eSHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e8/4/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 201-3\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/201-3/final\"\u003ePersonal Identity Verification (PIV) of Federal Employees and Contractors\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e1/24/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 200\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/200/final\"\u003eMinimum Security Requirements for Federal Information and Information Systems\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e3/1/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 199\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/199/final\"\u003eStandards for Security Categorization of Federal Information and Information Systems\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e2/1/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 198-1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/198-1/final\"\u003eThe Keyed-Hash Message Authentication Code (HMAC)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e7/16/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 197\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/197/final\"\u003eAdvanced Encryption Standard (AES)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e5/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 186-5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/186-5/final\"\u003eDigital Signature Standard (DSS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e2/13/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 180-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/180-4/upd1/final\"\u003eSecure Hash Standard (SHS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e8/4/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 140-3\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/140-3/final\"\u003eSecurity Requirements for Cryptographic Modules\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e3/22/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eNIST S.P. Guidelines\u003c/h2\u003e\u003cp\u003eFIPS Publications may reference specific NIST Special Publications (S.P.) guidelines (SP800) and/or practices (SP1800), in which that guideline or practice becomes a governance policy for CMS FISMA systems.\u003c/p\u003e\u003cp\u003eAll NIST Special Publications (SP 500, SP800 and SP1800) can be viewed and downloaded from the NIST Computer Security Resource Center (CSRC) website here: \u003ca href=\"https://csrc.nist.gov/publications/sp\"\u003eNIST S.P. list\u003c/a\u003e\u003c/p\u003e\u003cp\u003eNIST S.P. descriptions can be found on the NIST website here: \u003ca href=\"https://www.nist.gov/nist-research-library/nist-special-publication-subseries-descriptions\"\u003eNIST S.P. descriptions\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThe following list consists of NIST S.P.s that are CMS FISMA governance policy by way of FIPS references.\u003c/p\u003e\u003ch3\u003e500-267A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-267Ar1.pdf\"\u003eNIST IPv6 Profile\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e500-267B\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-267Br1.pdf\"\u003eUSGv6 Profile\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e500-281A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=929798\"\u003eUSGv6 Test Program Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e500-281B\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-281Br1.pdf\"\u003eUSGv6 Test Methods: General Description and Validation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-16\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/16/final\"\u003eInformation Technology Security Training Requirements: a Role- and Performance-Based Model\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-18 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/18/r1/final\"\u003eGuide for Developing Security Plans for Federal Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 200\u003c/p\u003e\u003ch3\u003e800-30\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/30/r1/final\"\u003eGuide for Conducting Risk Assessments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-34\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://www.nist.gov/privacy-framework/nist-sp-800-34\"\u003eContingency Planning Guide for Federal Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-37 Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/37/r2/final\"\u003eRisk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-38 (A-G)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/publications/sp800\"\u003eRecommendation for Block Cipher Modes: *\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 197\u003c/p\u003e\u003ch3\u003e800-39\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/39/final\"\u003eManaging Information Security Risk: Organization, Mission, and Information System View\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-40\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/40/r4/final\"\u003eGuide to Enterprise Patch Management Planning: Preventive Maintenance for Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-41\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/41/r1/final\"\u003eGuidelines on Firewalls and Firewall Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-46\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/46/r2/final\"\u003eGuide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-50\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/50/final\"\u003eBuilding an Information Technology Security Awareness and Training Program\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-51\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/51/r1/final\"\u003eGuide to Using Vulnerability Naming Schemes\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-52\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/52/r2/final\"\u003eGuidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-53 Rev. 5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final\"\u003eSecurity and Privacy Controls for Information Systems and Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-53A Rev. 5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/a/r5/final\"\u003eAssessing Security and Privacy Controls in Information Systems and\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/a/r5/final\"\u003eOrganizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-56A\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/56/a/r3/final\"\u003eRecommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-56B Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/56/b/r2/final\"\u003eRecommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-57 Part 1 Rev. 5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/57/pt1/r5/final\"\u003eRecommendation for Key Management - Part 1: General\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-57 Part 3 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/57/pt3/r1/final\"\u003eRecommendation for Key Management, Part 3: Application-Specific Key Management Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-59\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/59/final\"\u003eGuideline for Identifying an Information System as a National Security System\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-60 Vol. 1 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/60/v1/r1/final\"\u003eGuide for Mapping Types of Information and Information Systems to Security Categories\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 200\u003c/p\u003e\u003ch3\u003e800-61\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/61/r2/final\"\u003eComputer Security Incident Handling Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-63-3\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\"\u003eDigital Identity Guidelines\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-63A\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/a/upd2/final\"\u003eDigital Identity Guidelines: Enrollment and Identity Proofing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-63B\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/b/upd2/final\"\u003eDigital Identity Guidelines: Authentication and Lifecycle Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-63C\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/c/upd2/final\"\u003eDigital Identity Guidelines: Federation and Assertions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-70\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/70/r4/final\"\u003eNational Checklist Program for IT Products: Guidelines for Checklist Users and Developers\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-73-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/73/4/upd1/final\"\u003eInterfaces for Personal Identity Verification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-76-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/76/2/final\"\u003eBiometric Specifications for Personal Identity Verification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-78-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/78/4/final\"\u003eCryptographic Algorithms and Key Sizes for Personal Identity Verification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-79-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/79/2/final\"\u003eGuidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-81\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/81/2/final\"\u003eSecure Domain Name System (DNS) Deployment Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-85A-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/85/a/4/final\"\u003ePIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-87 Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/87/r2/final\"\u003eCodes for Identification of Federal and Federally-Assisted Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-88\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/88/r1/final\"\u003eGuidelines for Media Sanitization\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-89\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/89/final\"\u003eRecommendation for Obtaining Assurances for Digital Signature\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://csrc.nist.gov/pubs/sp/800/89/final\"\u003eApplications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-90A Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/90/a/r1/final\"\u003eRecommendation for Random Number Generation Using Deterministic Random Bit Generators\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-94\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/94/final\"\u003eGuide to Intrusion Detection and Prevention Systems (IDPS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-96\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/96/final\"\u003ePIV Card to Reader Interoperability Guidelines\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-97\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/97/final\"\u003eEstablishing Wireless Robust Security Networks: A Guide to IEEE 802.11i\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-102\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/102/final\"\u003eRecommendation for Digital Signature Timeliness\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-107\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/107/r1/final\"\u003eRecommendation for Applications Using Approved Hash Algorithms\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003cli\u003eFIPS 202\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-111\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/111/final\"\u003eGuide to Storage Encryption Technologies for End User Devices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 197\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-115\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/115/final\"\u003eTechnical Guide to Information Security Testing and Assessment\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-116 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/116/r1/final\"\u003eGuidelines for the Use of PIV Credentials in Facility Access\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-119\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/119/final\"\u003eGuidelines for the Secure Deployment of IPv6\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-122\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/122/final\"\u003eGuide to Protecting the Confidentiality of Personally Identifiable Information (PII)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-124\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/124/r2/final\"\u003eGuidelines for Managing the Security of Mobile Devices in the Enterprise\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-126\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/126/r3/final\"\u003eThe Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-128\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/128/upd1/final\"\u003eGuide for Security-Focused Configuration Management of Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-131A Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/131/a/r2/final\"\u003eTransitioning the Use of Cryptographic Algorithms and Key Lengths\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-133 Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/133/r2/final\"\u003eRecommendation for Cryptographic Key Generation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 197\u003c/p\u003e\u003ch3\u003e800-137\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/137/final\"\u003eInformation Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-140\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/final\"\u003eFIPS 140-3 Derived Test Requirements (DTR): CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/a/final\"\u003eCMVP Documentation Requirements: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140B Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/b/r1/final\"\u003eCryptographic Module Validation Program (CMVP) Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140C Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/c/r2/final\"\u003eCryptographic Module Validation Program (CMVP)-Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140D Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/d/r2/final\"\u003eCryptographic Module Validation Program (CMVP)-Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140E\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/e/final\"\u003eCMVP Approved Authentication Mechanisms: CMVP Validation Authority Requirements for ISO/IEC 19790 Annex E and ISO/IEC 24579 Section 6.17\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140F\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/f/final\"\u003eCMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-144\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/144/final\"\u003eGuidelines on Security and Privacy in Public Cloud Computing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-145\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/145/final\"\u003eThe NIST Definition of Cloud Computing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-152\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/152/final\"\u003eA Profile for U.S. Federal Cryptographic Key Management Systems (CKMS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 197\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-153\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/153/final\"\u003eGuidelines for Securing Wireless Local Area Networks (WLANs)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-156\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/156/final\"\u003eRepresentation of PIV Chain-of-Trust for Import and Export\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-157\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/157/final\"\u003eGuidelines for Derived Personal Identity Verification (PIV) Credentials\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-157\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/157/final\"\u003eGuidelines for Derived Personal Identity Verification (PIV) Credentials\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-163\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/163/r1/final\"\u003eVetting the Security of Mobile Applications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-167\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/167/final\"\u003eGuide to Application Whitelisting\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-171\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final\"\u003eProtecting Controlled Unclassified Information in Nonfederal Systems and Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-175A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/175/a/final\"\u003eGuideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-175B\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/175/b/r1/final\"\u003eGuideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 197\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 202\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-177\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/177/r1/final\"\u003eTrustworthy Email\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-181\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/181/r1/final\"\u003eWorkforce Framework for Cybersecurity (NICE Framework)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-186\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/186/final\"\u003eRecommendations for Discrete-Logarithm Based Cryptography: Elliptic Curve Domain Parameters\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 186\u003c/p\u003e\u003ch3\u003e800-207\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/207/final\"\u003eZero Trust Architecture\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-217\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/217/ipd\"\u003eGuidelines for the Use of Personal Identity Verification (PIV) Credentials with Federation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-219\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/219/r1/final\"\u003eAutomated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eExecutive Orders (E.O.)\u003c/h2\u003e\u003cp\u003eAn Executive Order (E.O.) is a signed, written, and published directive from the President of the United States that manages operations of the federal government. They are numbered consecutively, so executive orders may be referenced by their assigned number, or their topic. This list contains all E.O.s that relate to information security and privacy.\u003c/p\u003e\u003ch3\u003eE.O 9397\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.ssa.gov/foia/html/EO9397.htm\"\u003eNumbering System for Federal Accounts Relating to Individual Persons\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes a centralized numbering system for federal accounts relating to individual persons in the United States.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e November 30, 1943\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Social Security Administration (SSA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 11609\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.archives.gov/federal-register/codification/executive-order/11609.html\"\u003eDelegating certain functions vested in the President to other officers of the Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Grants certain, presidential authorities to the GSA without approval, ratification, or other action of the President.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 22, 1971\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e General Services Administration (GSA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13011\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/CFR-1997-title3-vol1/html/CFR-1997-title3-vol1-eo13011.htm\"\u003eFederal Information Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Aimed to improve the management and utilization of IT resources across federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 16, 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eDHS\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eE.O 13381\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2005/06/30/05-13098/strengthening-processes-relating-to-determining-eligibility-for-access-to-classified-national\"\u003eStrengthening Processes Relating to Determining Eligibility for Access to Classified National Security Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Assists in determining eligibility for access to classified national security information, while taking appropriate account of title III of Public Law 108-458\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jun 2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13402\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2006/05/15/06-4552/strengthening-federal-efforts-to-protect-against-identity-theft\"\u003eStrengthening Federal Efforts To Protect Against Identity Theft\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Strengthens efforts to protect against identity theft\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13439\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2007/07/20/07-3593/establishing-an-interagency-working-group-on-import-safety\"\u003eEstablishing an Interagency Working Group on Import Safety\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensures that the executive branch takes all appropriate steps to promote the safety of imported products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jul 2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e HHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13520\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/executive-order-reducing-improper-payments\"\u003eReducing Improper Payments and Eliminating Waste in Federal Programs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Reduces payment errors and eliminating waste, fraud, and abuse in Federal programs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Nov 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13526\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.archives.gov/isoo/policy-documents/cnsi-eo.html\"\u003eClassified National Security Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prescribes a uniform system for classifying, safeguarding, and declassifying national security information, including information relating to defense against transnational terrorism\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Dec 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Information Security Oversight Office\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13556\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.commerce.gov/sites/default/files/2022-02/Controlled-Unclassified-Information-Policy.pdf\"\u003eControlled Unclassified Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes an open and uniform program for managing unclassified information requiring safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Aug 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e National Archives \u0026amp; Records Administration (NARA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13571\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/04/27/executive-order-13571-streamlining-service-delivery-and-improving-custom\"\u003eStreamlining Service Delivery and Improving Customer Service\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the quality of service to the public by the Federal Government\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Apr 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13576\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/06/13/executive-order-13576-delivering-efficient-effective-and-accountable-gov\"\u003eDelivering an Efficient, Effective, and Accountable Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Aims to cut waste, streamline Government operations, and reinforce the performance and management reform gains the Obama Administration has achieved\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jun 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13583\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/08/18/executive-order-13583-establishing-coordinated-government-wide-initiativ\"\u003eEstablishing a Coordinated Government-wide Initiative to Promote Diversity and Inclusion in the Federal Workforce\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Promotes the Federal workplace as a model of equal opportunity, diversity, and inclusion\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Aug 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOPM\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003ePresidents Management Council (PMC)\u003c/li\u003e\u003cli\u003eEqual Employment Opportunity Commission (EEOC)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13589\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/11/09/executive-order-13589-promoting-efficient-spending\"\u003ePromoting Efficient Spending\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Further promote efficient spending in the Federal Government\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Nov 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13636\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity\"\u003eImproving Critical Infrastructure Cybersecurity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Designed to increase the level of core capabilities for our critical infrastructure to manage cyber risk. It does this by focusing on three key areas: (1) information sharing, (2) privacy, and (3) the adoption of cybersecurity practices.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 12, 2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eDHS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13642\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/01/31/executive-order-13564-presidents-council-jobs-and-competitiveness\"\u003eThe President's Council on Jobs and Competitiveness\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Aims to strengthen the Nation's economy and ensure the competitiveness of the United States and to create jobs, opportunity, and prosperity for the American people by ensuring the availability of non partisan advice to the President from participants in and experts on the economy\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jan 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Department of Treasury\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13681\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2014/10/17/executive-order-improving-security-consumer-financial-transactions\"\u003eImproving the Security of Consumer Financial Transactions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the security of consumer financial transactions in both the private and public sectors\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e October 17, 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Treasury\u003c/li\u003e\u003cli\u003eDepartment of Justice\u003c/li\u003e\u003cli\u003eDepartment of Commerce\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eSocial Security Administration (SSA)\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC)\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003eDHS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13719\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2016/02/09/executive-order-establishment-federal-privacy-council\"\u003eEstablishment of the Federal Privacy Council\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The Federal Privacy Council is the principal interagency forum to improve the privacy practices of agencies and entities acting on their behalf.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 9, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Federal Privacy Council (FPC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13800\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/topics/cybersecurity-best-practices/executive-order-strengthening-cybersecurity-federal-networks-and-critical-infrastructure\"\u003eStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Modernizes federal information technology infrastructure, working with state and local government and private sector partners to more fully secure critical infrastructure, and collaborating with foreign allies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 11, 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13833\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2018/05/18/2018-10855/enhancing-the-effectiveness-of-agency-chief-information-officers\"\u003eEnhancing the Effectiveness of Agency Chief Information Officers\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Strengthens the role and responsibilities of Chief Information Officers (CIOs) within federal agencies to improve the efficiency and effectiveness of IT management\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 15, 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13834\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2018/05/22/2018-11101/efficient-federal-operations\"\u003eEfficient Federal Operations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the efficiency, effectiveness, and accountability of federal agencies in managing their operations and resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 17, 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13859\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2019/02/14/2019-02544/maintaining-american-leadership-in-artificial-intelligence\"\u003eMaintaining American Leadership in Artificial Intelligence\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Identifies five key lines of effort, including increasing AI research investment, unleashing Federal AI computing and data resources, setting AI technical standards, building Americas AI workforce, and engaging with international allies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Feb 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e National AI Initiative Office\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eTo oversee and implement the U.S. national AI strategy, the White House established the National Artificial Intelligence Initiative Office in early January 2021, in accordance with the National AI Initiative Act of 2020 (still a bill as of Feb 2024)\u003c/p\u003e\u003ch3\u003eE.O 13873\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2019/05/17/2019-10538/securing-the-information-and-communications-technology-and-services-supply-chain\"\u003eSecuring the Information and Communications Technology and Services Supply Chain\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Strengthens efforts to prevent foreign adversaries from exploiting vulnerabilities in the ICT supply chain and protect the vast amount of sensitive information being stored in and communicated through ICT products and services\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Commerce\u003c/li\u003e\u003cli\u003eCISA\u003c/li\u003e\u003cli\u003eICT SCRM Task Force\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13960\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2020/12/08/2020-27065/promoting-the-use-of-trustworthy-artificial-intelligence-in-the-federal-government\"\u003ePromoting the Use of Trustworthy Artificial Intelligence in the Federal Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes principles for the use of AI in the Federal Government, establishes a common policy for implementing the principles, directs agencies to catalogue their AI use cases\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e December 3, 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 14028\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity\"\u003eImproving the Nation's Cybersecurity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Charges multiple agencies, including NIST, with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e NIST\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 14034\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2021/06/11/2021-12506/protecting-americans-sensitive-data-from-foreign-adversaries\"\u003eProtecting Americans' Sensitive Data From Foreign Adversaries\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires government agencies to issue regulations that prohibit, or otherwise restrict, certain categories of data transactions that pose an unacceptable risk to national security.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e June 2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003eDepartment of Justice\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 14110\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://crsreports.congress.gov/product/pdf/R/R47843\"\u003eSafe, Secure, and Trustworthy Development and Use of Artificial Intelligence\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes a government-wide effort to guide responsible artificial intelligence (AI) development and deployment through federal agency leadership, regulation of industry, and engagement with\u003cbr\u003einternational partners\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e October 30, 2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eOffice of Science and Technology Policy (OSTP)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eGovernment Accountability Office (GAO) and GAO Accounting and Information Management Division (AIMD)\u003c/h2\u003e\u003cp\u003eThe U.S. Government Accountability Office (GAO) provides Congress, the heads of executive agencies, and the public with timely, fact-based, non-partisan information that can be used to improve government and save taxpayers billions of dollars. The GAO reports provide findings from their audits.\u003c/p\u003e\u003ch3\u003eAIMD-10.1.13\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/aimd-10.1.13.pdf\"\u003eAssessing Risks and Returns: A Guide for Evaluating Federal Agencies IT Investment Decision-making\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 3, 1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePaperwork Reduction Act (PRA)\u003c/li\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eGovernment Performance and Results Act (GPRA)\u003c/li\u003e\u003cli\u003eChief Financial Officers Act\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 04-394G\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-04-394g.pdf\"\u003eInformation Technology Investment Management: A Framework for Assessing and Improving Process Maturity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e March 1, 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 05-471\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-05-471.pdf\"\u003eINTERNET PROTOCOL VERSION 6 - Federal Agencies Need to Plan for Transition and Manage\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://www.gao.gov/assets/gao-05-471.pdf\"\u003eSecurity Risks\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 20, 2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 13-87\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-04-394g.pdf\"\u003eInformation Technology Investment Management: A Framework for Assessing and Improving Process Maturity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e March 1, 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 14-413\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/d14413.pdf\"\u003eFederal Software Licenses: Better Management Needed to Achieve Significant Savings Government-Wide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 22, 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 16-469\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-16-469.pdf\"\u003eInformation Technology Reform: Agencies Need to Increase Their Use of Incremental Development Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e August 16, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e FITARA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 20-195G\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-20-195g.pdf\"\u003eCost Estimating and Assessment Guide: Best Practices for Developing and Managing Program Costs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e March 12, 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eFederal Continuity Directives\u003c/h2\u003e\u003cp\u003eFederal Continuity Directives (FCDs) and Presidential Policy Directives (PPDs) and are both types of directives issued by the President of the United States to guide and coordinate specific policies, programs, and activities across the federal government.\u003c/p\u003e\u003cp\u003ePPDs are presidential statements that set forth national policies and decisions, while FCDs are agency-level directives aimed at ensuring the continuity and resilience of government operations during emergencies and crises.\u003c/p\u003e\u003ch3\u003eFCD-1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gpo.gov/docs/default-source/accessibility-privacy-coop-files/January2017FCD1-2.pdf\"\u003eFederal Executive Branch National Continuity Program and Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e January 17, 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFCD-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.fema.gov/sites/default/files/2020-07/Federal_Continuity_Directive-2_June132017.pdf\"\u003eFederal Executive Branch Mission Essential Functions and Candidate Primary Mission Essential Functions\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://www.fema.gov/sites/default/files/2020-07/Federal_Continuity_Directive-2_June132017.pdf\"\u003eIdentification and Submission Process\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e June 13, 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://irp.fas.org/offdocs/ppd/ppd-1.pdf\"\u003eOrganization of the National Security Council System\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 13, 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e National Security Council (NSC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://irp.fas.org/offdocs/ppd/ppd-2.pdf\"\u003eImplementation of the National Strategy for Countering Biological Threats\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e November 23, 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e National Security Staff Executive Secretary\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-40\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.fema.gov/emergency-managers/national-preparedness/continuity/toolkit/chapter-1\"\u003eNational Continuity Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 15, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e Federal Emergency Management Agency (FEMA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-41\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2016/07/26/presidential-policy-directive-united-states-cyber-incident\"\u003eUnited States Cyber Incident Coordination\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 26, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eOMB Circulars\u003c/h2\u003e\u003cp\u003eOMB Circulars are a series of guidance documents issued by the Office of Management and Budget (OMB) of the United States federal government. They provide instructions, requirements, and policies for federal agencies in specific areas of financial management, budgeting, procurement, grants management, and administrative operations.\u003c/p\u003e\u003ch3\u003eA-11\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/06/a11.pdf\"\u003ePreparation, Submission, and Execution of the Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/11/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GRPA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-19\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/Circular-019.pdf\"\u003eLegislative Coordination and Clearance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/20/1979\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Budget Control Act of 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-76\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A76/a76_incl_tech_correction.pdf\"\u003ePerformance of Commercial Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/14/2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFederal Procurement Policy Act\u003c/li\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eEO 11609\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-94\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/11/CircularA-94.pdf\"\u003eGuidelines and Discount Rates for Benefit-Cost Analysis of Federal Programs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Budget and Accounting Act of 1921\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-108\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A108/omb_circular_a-108.pdf\"\u003eFederal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/1975\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act (PRA)\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-123\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/omb/circulars_a123_rev\"\u003eManagements Responsibility for Internal Control\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/21/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eSarbanes-Oxley Act\u003c/li\u003e\u003cli\u003eFederal Managers' Financial Integrity Act\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-130\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf\"\u003eManaging Information as a Strategic Resource\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/28/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eE-Government Act\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003ePRA\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eDigital Accountability and Transparency Act\u003c/li\u003e\u003cli\u003eElectronic Signatures in Global and National Commerce Act\u003c/li\u003e\u003cli\u003eGovernment Paperwork Elimination Act\u003c/li\u003e\u003cli\u003eGPRA\u003c/li\u003e\u003cli\u003eOffice of Federal Procurement Policy Act\u003c/li\u003e\u003cli\u003eBudget and Accounting Procedures Act\u003c/li\u003e\u003cli\u003eChief Financial Officers Act\u003c/li\u003e\u003cli\u003eEO 13719\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-136\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2024/05/A-136-for-FY-2024.pdf\"\u003eFinancial Reporting Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/30/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eChief Financial Officers Act of 1990\u003c/li\u003e\u003cli\u003eGovernment Management Reform Act of 1994\u003c/li\u003e\u003cli\u003eAccountability of Tax Dollars Act of 2002\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eOMB Memos\u003c/h2\u003e\u003cp\u003eThe Office of Management and Budget (OMB) memoranda provide Federal agencies with instructions and implementation guidance for specific management priorities or legislative requirements. They provide annual updates, such as for FISMA reporting requirements, or have longer term guidance for agency implementation.\u003c/p\u003e\u003ch3\u003e2024\u003c/h3\u003e\u003ch4\u003eM-24-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/12/M-24-08-Strengthening-Digital-Accessibility-and-the-Management-of-Section-508-of-the-Rehabilitation-Act.pdf\"\u003eStrengthening Digital Accessibility and the Management of Section 508 of the Rehabilitation Act (digital)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/21/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Section 508 of the Rehabilitation Act\u003c/p\u003e\u003ch4\u003eM-24-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/12/M-24-04-FY24-FISMA-Guidance.pdf\"\u003eFiscal Year 2024 Guidance on Federal Information Security and Privacy Management Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/4/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-24-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/10/M-24-02-Buy-America-Implementation-Guidance-Update.pdf\"\u003eImplementation Guidance on Application of Buy America Preference in Federal Financial Assistance Programs for Infrastructure\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/25/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Buy America Act\u003c/p\u003e\u003ch3\u003e2023\u003c/h3\u003e\u003ch4\u003eM-23-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/09/M-23-22-Delivering-a-Digital-First-Public-Experience.pdf\"\u003eDelivering a Digital-First Public Experience (digital)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/22/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e 21st Century Integrated Digital Experience Act\u003c/p\u003e\u003ch4\u003eM-23-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/08/M-23-20.pdf\"\u003eMulti-Agency Research and Development Priorities for the FY 2025 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/17/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-23-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-18-Administration-Cybersecurity-Priorities-for-the-FY-2025-Budget-s.pdf\"\u003eAdministration Cybersecurity Priorities for the FY 2025 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/27/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e National Cybersecurity Strategy (NCS)\u003c/p\u003e\u003ch4\u003eM-23-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-16-Update-to-M-22-18-Enhancing-Software-Security.pdf\"\u003eUpdate to Memorandum M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements: \u003c/strong\u003eE.O. 14028\u003c/p\u003e\u003ch4\u003eM-23-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/02/M-23-13-No-TikTok-on-Government-Devices-Implementation-Guidance_final.pdf\"\u003e“No TikTok on Government Devices” Implementation Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/27/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e No Tiktok on Government Devices\u003c/p\u003e\u003ch4\u003eM-23-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/02/M-23-10-DOTGOV-Act-Guidance.pdf\"\u003eThe Registration and Use of .gov Domains in the Federal Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/8/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e DOTGOV Online Trust in Government Act of 2020\u003c/p\u003e\u003ch4\u003eM-23-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/12/M_23_07-M-Memo-Electronic-Records_final.pdf\"\u003eUpdate to Transition to Electronic Records\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/23/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-23-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/11/M-23-02-M-Memo-on-Migrating-to-Post-Quantum-Cryptography.pdf\"\u003eMigrating to Post-Quantum Cryptography\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/18/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2022\u003c/h3\u003e\u003ch4\u003eM-22-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/09/M-22-18.pdf\"\u003eEnhancing the Security of the Software Supply Chain through Secure Software Development Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/14/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-22-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/07/M-22-16.pdf\"\u003eAdministration Cybersecurity Priorities for the FY 2024 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/22/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch4\u003eM-22-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/07/M-22-15.pdf\"\u003eMulti-Agency Research and Development Priorities for the FY 2024 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/22/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-22-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf\"\u003eMoving the U.S. Government Toward Zero Trust Cybersecurity Principles\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/26/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-22-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/12/M-22-04-IG-Cooperation.pdf\"\u003ePromoting Accountability through Cooperation among Agencies and Inspectors General\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/3/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e IG Act\u003c/p\u003e\u003ch4\u003eM-22-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/10/M-22-01.pdf\"\u003eImproving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Systems through Endpoint Detection and Response\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/8/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch3\u003e2021\u003c/h3\u003e\u003ch4\u003eM-21-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/07/M-21-32-Multi-Agency-Research-and-Development-Prioirties-for-FY-2023-Budget-.pdf\"\u003eMulti-Agency Research and Development Priorities for the FY 2023 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/27/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-21-31\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf\"\u003eImproving the Federal Governments Investigative and Remediation Capabilities Related to Cybersecurity Incident\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/27/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch4\u003eM-21-30\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-30.pdf\"\u003eProtecting Critical Software Through Enhanced Security Measures\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/10/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch4\u003eM-21-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-07.pdf\"\u003eCompleting the Transition to Internet Protocol Version 6 (IPv6)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/19/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FAR\u003c/p\u003e\u003ch4\u003eM-21-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-06.pdf\"\u003eGuidance for Regulation of Artificial Intelligence Applications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/17/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 13859\u003c/p\u003e\u003ch4\u003eM-21-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-05.pdf\"\u003eExtension of Data Center Optimization Initiative (DCOI)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/13/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch4\u003eM-21-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-04.pdf\"\u003eModernizing Access to and Consent for Disclosure of Records Subject to the Privacy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/12/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e The Privacy Act of 1974\u003c/p\u003e\u003ch3\u003e2020\u003c/h3\u003e\u003ch4\u003eM-20-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/09/M-20-32.pdf\"\u003eImproving Vulnerability Identification, Management, and Remediation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/2/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA\u003c/p\u003e\u003ch4\u003eM-20-29\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/08/M-20-29.pdf\"\u003eR \u0026amp; D Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/14/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-20-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/03/M-20-19.pdf\"\u003eHarnessing Technology to Support Mission Continuity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/22/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-20-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/11/M-20-04.pdf\"\u003eFiscal Year 2019-2020 Guidance on Federal Information Security and Privacy Management Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/19/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2019\u003c/h3\u003e\u003ch4\u003eM-19-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/09/M-19-26.pdf\"\u003eUpdate to the Trusted Internet Connections (TIC) Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/12/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-19-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/08/M-19-21-new-2.pdf\"\u003eTransition of Electronic Records\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/28/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e NARA\u003c/p\u003e\u003ch4\u003eM-19-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/06/M-19-19-Data-Centers.pdf\"\u003eUpdate to Data Center Optimization Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/25/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch4\u003eM-19-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/06/M-19-18.pdf\"\u003eFederal Data Strategy A Framework for Consistency\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/4/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-19-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/05/M-19-17.pdf\"\u003eEnabling Mission Delivery through Improved Identity, Credential, and Access Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/21/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-19-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/02/M-19-10.pdf\"\u003eGuidance for Achieving Interoperability with the National Freedom of Information Act (FOIA) Portal on FOIA.gov\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/12/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FOIA\u003c/p\u003e\u003ch4\u003eM-19-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/12/M-19-03.pdf\"\u003eStrengthening the Cybersecurity of Federal Agencies by enhancing the High Value Asset Program\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/10/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e High Value Asset (HVA) program\u003c/p\u003e\u003ch4\u003eM-19-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/10/M-19-02.pdf\"\u003eFiscal Year 2018-2019 Guidance on Federal Information Security and Privacy Management Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/25/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-19-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/10/M-19-01.pdf\"\u003eRequest for Agency Feedback on the Federal Data Strategy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/16/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Federal Data Strategy\u003c/p\u003e\u003ch3\u003e2018\u003c/h3\u003e\u003ch4\u003eM-18-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/09/M-18-26.pdf\"\u003eIncentivizing Workforce Participation and Expanding Recruitment Sources for the 2020 Decennial Census\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/28/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-18-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/07/M-18-22.pdf\"\u003eFY 2020 Administration Research and Development Budget Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/31/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-18-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/06/M-18-20.pdf\"\u003eAppendix C to OMB Circular No. A-123, Requirements for Payment Integrity Improvement\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/26/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch3\u003e2017\u003c/h3\u003e\u003ch4\u003eM-17-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-32.pdf\"\u003eTravel on Government-Owned Rented, Leased or Chartered Aircraft\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/29/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-126\u003c/p\u003e\u003ch4\u003eM-17-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-25.pdf\"\u003eReporting Guidance for Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/19/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-17-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-23.pdf\"\u003eGuidance on Regulatory Reform Accountability under Executive Order 13777, titled “Enforcing the Regulatory Reform Agenda”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/28/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13777\u003c/p\u003e\u003ch4\u003eM-17-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-22.pdf\"\u003eComprehensive Plan for Reforming the Federal Government and Reducing the Federal Civilian Workforce\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/12/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GPRA Modernization Act of 2010\u003c/p\u003e\u003ch4\u003eM-17-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-21-OMB.pdf\"\u003eImplementing Executive Order 13771, Titled “Reducing Regulation and Controlling Regulatory Costs”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/5/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13771\u003c/p\u003e\u003ch4\u003eM-17-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-19-OMB.pdf\"\u003eLegislative Coordination and Clearance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/28/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-19\u003c/p\u003e\u003ch4\u003eM-17-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-15.pdf\"\u003eRescission of Memoranda Relating to Identity Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/19/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-17-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-12_0.pdf\"\u003ePreparing for and Responding to a Breach of Personally Identifiable Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/3/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-17-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-09.pdf\"\u003eManagement of Federal High Value Assets\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/9/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eB.O.D. 18-02\u003c/li\u003e\u003cli\u003eHHS HVA Program\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-17-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-04.pdf\"\u003eAdditional Guidance for Data Act Implementation: Further Requirements For Reporting And Assuring Data Reliability\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/4/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e DATA Act\u003c/p\u003e\u003ch4\u003eM-17-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-03.pdf\"\u003eInstitutionalizing Hiring Excellence To Achieve Mission Outcomes\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/1/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda (PMA) Cross Agency Priority (CAP)\u003c/p\u003e\u003ch4\u003eM-17-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-02.pdf\"\u003ePrecision Medicine Initiative Privacy and Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/21/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eGenetic Information Nondiscrimination Act\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2016\u003c/h3\u003e\u003ch4\u003eM-16-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_24_0.pdf\"\u003eRole and Designation of Senior Agency Officials for Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/15/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13719\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-16-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_23.pdf\"\u003ePrioritizing Federal Investments in Promise Zones\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/2/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-16-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_21.pdf\"\u003eFederal Source Code Policy: Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/8/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger Cohen Act\u003c/p\u003e\u003ch4\u003eM-16-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-17.pdf\"\u003eOMB Circular No. A-123, Managements Responsibility for Enterprise Risk Management and Internal Control\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/15/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-16-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-15.pdf\"\u003eFederal Cybersecurity Workforce Strategy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/12/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-16-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-14.pdf\"\u003eCategory Management Policy 16-2: Providing Comprehensive Identity Protection Services, Identity Monitoring, and Data Breach Response\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-16-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-12_1.pdf\"\u003eCategory Management Policy 16-1: Improving the Acquisition and Management of Common Information Technology: Software Licensing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/2/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GAO 14-413\u003c/p\u003e\u003ch4\u003eM-16-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-11.pdf\"\u003eImproving Administrative Functions Through Shared Services\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/4/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Federal Cloud Computing Strategy - Cloud Smart\u003c/p\u003e\u003ch4\u003eM-16-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-08.pdf\"\u003eEstablishment of the Core Federal Services Council\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/30/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda (PMA) Cross Agency Priority (CAP)\u003c/p\u003e\u003ch4\u003eM-16-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-04.pdf\"\u003eCybersecurity Strategy and Implementation Plan (CSIP) for the Federal Civilian Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/30/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-16-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-02.pdf\"\u003eCategory Management Policy 15-1: Improving the Acquisition and Management of Common Information Technology: Laptops and Desktops\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/16/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch3\u003e2015\u003c/h3\u003e\u003ch4\u003eM-15-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-18.pdf\"\u003eFiscal Year 2017 Budget Guidance for Countering Biological Threats Resource Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/9/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e PPD-2\u003c/p\u003e\u003ch4\u003eM-15-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-16.pdf\"\u003eMulti-Agency Science and Technology Priorities for the FY 2017 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/9/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-15-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-15.pdf\"\u003eImproving Statistical Activities through Interagency Collaboration\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/8/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Economy Act\u003c/p\u003e\u003ch4\u003eM-15-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-14.pdf\"\u003eManagement and Oversight of Federal Information Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/10/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch4\u003eM-15-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-13.pdf\"\u003ePolicy to Require Secure Connections across Federal Websites and Web Services\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/8/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-15-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-11.pdf\"\u003eFiscal Year 2017 Budget Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/1/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDATA Act\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-15-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-09.pdf\"\u003eGuidance on Implementing the Federal Customer Service Awards Program\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/19/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13571\u003c/p\u003e\u003ch4\u003eM-15-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-07.pdf\"\u003eEstablishment of a Diversity and Inclusion in Government Council\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/6/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13583\u003c/p\u003e\u003ch4\u003eM-15-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-02.pdf\"\u003eAppendix C to Circular No. A-123, Requirements for Effective Estimation and Remediation of Improper Payments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/20/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch3\u003e2014\u003c/h3\u003e\u003ch4\u003eM-14-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-17.pdf\"\u003eMetrics for Uniform Guidance (2 C.F.R. 200\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/30/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13520\u003c/p\u003e\u003ch4\u003eM-14-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-16.pdf\"\u003eGuidance on Managing Email\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/15/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Managing Government Records Directive of 2012\u003c/p\u003e\u003ch4\u003eM-14-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-15.pdf\"\u003eEnsuring That Employment and Training Programs Are Job-Driven\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/22/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-14.pdf\"\u003eFiscal Year 2016 Budget Guidance for Countering Biological Threats Resource Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e PPD-2\u003c/p\u003e\u003ch4\u003eM-14-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/M-14-13.pdf\"\u003eFiscal Year 2016 Budget Guidance for Combating Antibiotic Resistant Bacteria Resource Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e PPD-1\u003c/p\u003e\u003ch4\u003eM-14-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-12.pdf\"\u003eManagement Agenda Priorities for the FY 2016 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-11.pdf\"\u003eScience and Technology Priorities for FY 2016 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-06.pdf\"\u003eGuidance for Providing and Using Administrative Data for Statistical Purposes\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/14/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-04.pdf\"\u003eFiscal Year 2013 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/18/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-14-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-03.pdf\"\u003eEnhancing the Security of Federal Information and Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/1/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GPRA Modernization Act 0f 2010\u003c/p\u003e\u003ch3\u003e2013\u003c/h3\u003e\u003ch4\u003eM-13-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-20.pdf\"\u003eProtecting Privacy while Reducing Improper Payments with the Do Not Pay Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/16/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIPERIA 2012\u003c/li\u003e\u003cli\u003eDo Not Pay (DNP) Initiative\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-13-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-17.pdf\"\u003eNext Steps in the Evidence and Innovation Agenda\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/26/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-13-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-16.pdf\"\u003eScience and Technology Priorities for the FY 2015 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/26/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-13-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-13.pdf\"\u003eOpen Data Policy Managing Information as an Asset\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/9/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13642\u003c/p\u003e\u003ch4\u003eM-13-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-10.pdf\"\u003eAntideficiency Act Implications of Certain Online Terms of Service Agreements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/4/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Antideficiency Act\u003c/p\u003e\u003ch4\u003eM-13-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-09.pdf\"\u003eFiscal Year 2013 PortfolioStat Guidance: Strengthening Federal IT Portfolio Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/27/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-13-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-06.pdf\"\u003eIssuance of the Sequestration Order Pursuant To Section 251A of the Balanced Budget and Emergency Deficit Control Act of 1985, as Amended\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/1/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Budget Control Act of 2011\u003c/p\u003e\u003ch4\u003eM-13-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-02_0.pdf\"\u003eImproving Acquisition through Strategic Sourcing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/5/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e2012\u003c/h3\u003e\u003ch4\u003eM-12-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-20.pdf\"\u003eFY 2012 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/27/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-12-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-18.pdf\"\u003eManaging Government Records Directive\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/24/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidential Memorandum - Managing Government Records\u003c/p\u003e\u003ch4\u003eM-12-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-15.pdf\"\u003eScience and Technology Priorities for the FY 2014 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/6/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-12-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-14_1.pdf\"\u003eUse of Evidence and Evaluation in the 2014 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/18/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-12-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-12_0.pdf\"\u003ePromoting Efficient Spending to Support Agency Operations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/11/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13589\u003c/p\u003e\u003ch4\u003eM-12-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-11_1.pdf\"\u003eReducing Improper Payments through the “Do Not Pay List”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/12/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13520\u003c/p\u003e\u003ch4\u003eM-12-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-09_0.pdf\"\u003eFederal Activities Inventory Reform (FAIR) Act Submission for Fiscal Year 2012\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/26/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-12-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-01.pdf\"\u003eCreation of the Council on Financial Assistance Reform\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/27/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13576\u003c/p\u003e\u003ch3\u003e2011\u003c/h3\u003e\u003ch4\u003eM-11-33\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-33.pdf\"\u003eFY 2011 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/14/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-11-27\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-27.pdf\"\u003eImplementing the Telework Enhancement Act of 2010: Security Guidelines\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/15/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Telework Enhancement Act of 2010\u003c/p\u003e\u003ch4\u003eM-11-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-26.pdf\"\u003eNew Fast-Track Process for Collecting Service Delivery Feedback Under the Paperwork Reduction Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/15/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003eM-11-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-21.pdf\"\u003eImplementing the Presidential Memorandum “Administrative Flexibility, Lower Costs, and Better Results for State, Local, and Tribal Governments”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/29/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidential Memorandum - Administrative Flexibility\u003c/p\u003e\u003ch4\u003eM-11-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-16.pdf\"\u003e2011 Issuance of Revised Parts I and II to Appendix C of OMB Circular A-123\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/14/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-11-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-15.pdf\"\u003e2011 Final Guidance on Implementing the Plain Writing Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/13/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Plain Writing Act of 2010\u003c/p\u003e\u003ch4\u003eM-11-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-11.pdf\"\u003eContinued Implementation of Homeland Security Presidential Directive (HSPD) 12Policy for a Common Identification Standard for Federal Employees and Contractors\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/3/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-11-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-08.pdf\"\u003eInitial Assessments of Safeguarding and Counterintelligence Postures for Classified National Security Information in Automated Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/3/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13526\u003c/p\u003e\u003ch4\u003eM-11-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-04.pdf\"\u003eIncreasing Efforts to Recapture Improper Payments by Intensifying and Expanding Payment Recapture Audits\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/16/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e IPERIA 2012\u003c/p\u003e\u003ch4\u003eM-11-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-02.pdf\"\u003eSharing Data While Protecting Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/3/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Privacy Act of 1974\u003c/p\u003e\u003ch4\u003eM-11-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-01.pdf\"\u003ePilot Projects for the Partnership Fund for Program Integrity Innovation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/19/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Consolidated Appropriations Act of 2010\u003c/p\u003e\u003ch3\u003e2010\u003c/h3\u003e\u003ch4\u003eM-10-34\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-34.pdf\"\u003eUpdated Guidance on the American Recovery and Reinvestment Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/24/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-30\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-30.pdf\"\u003eScience and Technology Priorities for the FY 2012 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-10-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m-10-26.pdf\"\u003eImmediate Review of Financial Systems IT Projects\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/28/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-10-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-23.pdf\"\u003eGuidance for Agency Use of Third-Party Websites and Applications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/25/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003eM-10-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-22.pdf\"\u003eGuidance for Online Use of Web Measurement and Customization Technologies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/25/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB M-10-06\u003c/p\u003e\u003ch4\u003eM-10-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-21.pdf\"\u003eDeveloping Effective Place-Based Policies for the FY 2012 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/21/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-10-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-16.pdf\"\u003eGrants.gov Return to Normal Operations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/23/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-14.pdf\"\u003eUpdated Guidance on the American Recovery and Reinvestment Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/22/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-13.pdf\"\u003eIssuance of Part III to OMB Circular A-123, Appendix C\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/22/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-10-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-10.pdf\"\u003eFederal Agency Coordination on Health Information Technology (HIT)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/19/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HITECH\u003c/p\u003e\u003ch4\u003eM-10-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-03.pdf\"\u003ePayments to State Grantees for their Administrative Costs for Recovery Act Funding Alternative Allocation Methodologies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/13/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-01.pdf\"\u003eIncreased Emphasis on Program Evaluations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/7/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e2009\u003c/h3\u003e\u003ch4\u003eM-09-33\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-33.pdf\"\u003eTechnical Amendments to OMB Bulletin No. 07-04, Audit Requirements for Federal Financial Statements\u003c/a\u003e\u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-01.pdf\"\u003eIncreased Emphasis on Program Evaluations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/23/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-136\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-09-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-32.pdf\"\u003eUpdate on the Trusted Internet Connections Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/16/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch4\u003eM-09-27\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-27.pdf\"\u003eScience and Technology Priorities for the FY 2011 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/4/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-09-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-18.pdf\"\u003ePayments to State Grantees for Administrative Costs of Recovery Act Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/11/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-17.pdf\"\u003eImproving Grants.gov\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/8/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-15.pdf\"\u003eUpdated Implementing Guidance for the American Recovery and Reinvestment Act of 2009\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/3/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-14.pdf\"\u003eRecovery Act Implementation Improving Grants.gov and Other Critical Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/9/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-14.pdf\"\u003eRecovery Act Implementation Improving Grants.gov and Other Critical Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/9/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-10.pdf\"\u003eInitial Implementing Guidance for the American Recovery and Reinvestment Act of 2009\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/18/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch3\u003e2008\u003c/h3\u003e\u003ch4\u003eM-08-27\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-27.pdf\"\u003eGuidance for Trusted Internet Connection (TIC) Compliance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/30/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch4\u003eM-08-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-25.pdf\"\u003eGuidance for Completing FY 2008 Financial and Performance Reports\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/252008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-08-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-24.pdf\"\u003eTechnical Amendments to OMB Bulletin No. 07-04, Audit Requirements for Federal Financial Statements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB Bulletin No. 07-04\u003c/p\u003e\u003ch4\u003eM-08-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-16.pdf\"\u003eGuidance for Trusted Internet Connection Statement of Capability Form (SOC)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/4/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch4\u003eM-08-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-15.pdf\"\u003eTools Available for Implementing Electronic Records Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/31/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-08-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-14.pdf\"\u003e2008 Inventories of Commercial and Inherently Governmental Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/26/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-08-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-13.pdf\"\u003eUpdate to Civilian Position Full Fringe Benefit Cost Factor, Federal Pay Raise Assumptions, and Inflation Factors used in OMB Circular No. A-76, “Performance of Commercial Activities”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/11/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements: \u003c/strong\u003eOMB A-76\u003c/p\u003e\u003ch4\u003eM-08-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-11.pdf\"\u003eCompetitive Sourcing Requirements in Division D of Public Law 110-161\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/20/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Consolidated Appropriations Act of 2010\u003c/p\u003e\u003ch4\u003eM-08-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-09.pdf\"\u003eNew FISMA Privacy Reporting Requirements for FY 2008\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/18/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-08-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-05.pdf\"\u003eImplementation of Trusted Internet Connections (TIC)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/20/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch3\u003e2007\u003c/h3\u003e\u003ch4\u003eM-07-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-25.pdf\"\u003eBioShield Procurement Approval Anthrax Vaccine Adsorbed\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/20/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eProject BioShield Act of 2004\u003c/li\u003e\u003cli\u003ePublic Health Service Act\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-07-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-24.pdf\"\u003eUpdated Principles for Risk Analysis\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/19/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB Memorandum - Principles for Risk Analysis\u003c/p\u003e\u003ch4\u003eM-07-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-23.pdf\"\u003eRequiring Agency Use of the International Trade Data System\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/10/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13439\u003c/p\u003e\u003ch4\u003eM-07-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-21.pdf\"\u003eVerifying the Employment Eligibility of Federal Employees\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/10/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-07-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-20.pdf\"\u003eFY 2007 E-Government Act Reporting Instructions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/14/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-07-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-18.pdf\"\u003eEnsuring New Acquisitions Include Common Security Configurations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/1/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-07-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-16.pdf\"\u003eSafeguarding Against and Responding to the Breach of Personally Identifiable Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/22/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/business_migrations.pdf\"\u003eCompetition Framework for Human Resources Management Line of Business Migrations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/18/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-07-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-14.pdf\"\u003e2007 Inventories of Commercial and Inherently Governmental Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/3/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-07-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-02.pdf\"\u003eUpdate to Civilian Position Full Fringe Benefit Cost Factor, Federal Pay Raise Assumptions, Inflation Factors, and Tax Rates used in OMB Circular No. A-76, “Performance of Commercial Activities”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/31/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-76\u003c/p\u003e\u003ch3\u003e2006\u003c/h3\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/task_force_theft_memo.pdf\"\u003eRecommendations for Identity Theft Related Data Breach Notification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/20/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13402\u003c/p\u003e\u003ch4\u003eM-06-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-25.pdf\"\u003eFY 2006 E-Government Act Reporting Instructions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-06-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-21.pdf\"\u003eReciprocal Recognition of Existing Personnel Security Clearances\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/17/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 12958\u003c/p\u003e\u003ch4\u003eM-06-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-19.pdf\"\u003eReporting Incidents Involving Personally Identifiable Information Incorporating the Cost for Security in Agency Information Technology Investments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/12/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-06-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-18.pdf\"\u003eAcquisition of Products and Services for Implementation of HSPD-12\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/30/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-06-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m-06-15.pdf\"\u003eSafeguarding Personally Identifiable Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/22/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Privacy Act of 1974\u003c/p\u003e\u003ch4\u003eM-06-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-12.pdf\"\u003eFollow-up Memorandum on “Implementation of the Presidents Executive Order “Improving Agency Disclosure of Information”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/13/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FOIA\u003c/p\u003e\u003ch4\u003eM-06-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-06.pdf\"\u003eSample Privacy Documents for Agency Implementation of Homeland Security Presidential Directive (HSPD) 12\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/17/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-06-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-04.pdf\"\u003eImplementation of the Presidents Executive Order “Improving Agency Disclosure of Information”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/30/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FOIA\u003c/p\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/reciprocal121205.pdf\"\u003eReciprocal Recognition of Existing Personnel Security Clearances\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/12/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Intelligence Reform and Terrorism Prevention Act of 2004\u003c/p\u003e\u003ch4\u003eM-06-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-02.pdf\"\u003eImproving Public Access to and Dissemination of Government Information and Using the Federal Enterprise Architecture Data Reference Model\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/16/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2005\u003c/h3\u003e\u003ch4\u003eM-05-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-25.pdf\"\u003eSmartBUY Agreement with Oracle\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-05-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-24.pdf\"\u003eImplementation of Homeland Security Presidential Directive (HSPD) 12 Policy for a Common Identification Standard for Federal Employees and Contractors\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-05-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-23.pdf\"\u003eImproving Information Technology (IT) Project Planning and Execution\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/4/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-05-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-22.pdf\"\u003eTransition Planning for Internet Protocol Version 6 (IPv6)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/2/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GAO 05-471\u003c/p\u003e\u003ch4\u003eM-05-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-17.pdf\"\u003eAllocation of Responsibilities For Security Clearances Under the Executive Order, Strengthening Processes Relating to Determining Eligibility for Access to Classified National Security Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/30/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13381\u003c/p\u003e\u003ch4\u003eM-05-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-16.pdf\"\u003eRegulation on Maintaining Telecommunication Services During a Crisis or Emergency in Federally-owned Buildings\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/30/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Section 414 of the Transportation, Treasury, Independent Agencies, and General Government Appropriations Act\u003c/p\u003e\u003ch4\u003eM-05-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-08.pdf\"\u003eDesignation of Senior Agency Officials for Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/11/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Privacy Act of 1974\u003c/p\u003e\u003ch4\u003eM-05-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-05.pdf\"\u003eElectronic Signatures: How to Mitigate the Risk of Commercial Managed Services\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/20/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-05-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-04.pdf\"\u003ePolicies for Federal Agency Public Websites\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/17/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch3\u003e2004\u003c/h3\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-25_template.xls\"\u003eSection E — FY04 FISMA Reporting Template\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-04-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/omb/memoranda_fy04_m04-24/\"\u003eExpanded Electronic Government (E-Gov) Presidents Management Agenda (PMA) Scorecard Cost, Schedule and Performance Standard for Success\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/23/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda - Expanded Electronic Government (E-Gov) Initiative\u003c/p\u003e\u003ch4\u003eM-04-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-19.pdf\"\u003eInformation Technology (IT) Project Manager (PM) Qualification Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/21/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-04-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m-04-18.pdf\"\u003eMedicare Modernization Act and Federal Programs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/19/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Medicare Prescription Drug, Improvement, and Modernization Act (MMA)\u003c/p\u003e\u003ch4\u003eM-04-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2004-M-04-16-Software-Acquisition-.pdf\"\u003eSoftware Acquisition\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-04-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m-04-15.pdf\"\u003eDevelopment of Homeland Security Presidential Directive(HSPD) 7 Critical Infrastructure Protection Plans to Protect Federal Critical Infrastructures and Key Resources\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/17/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-04-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-08.pdf\"\u003eMaximizing Use of SmartBuy and Avoiding Duplication of Agency Activities with the Presidents 24 E-Gov Initiatives\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/25/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda - Expanded Electronic Government (E-Gov) Initiative\u003c/p\u003e\u003ch4\u003eM-04-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-04.pdf\"\u003eE-Authentication Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/16/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003ePaperwork Elimination Act of 1998\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2003\u003c/h3\u003e\u003ch4\u003eM-03-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/203-M-03-22-OMB-Guidance-for-Implementing-the-Privacy-Provisions-of-the-E-Government-Act-of-2002-1.pdf\"\u003eOMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/16/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-03-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2003/m03-18.pdf\"\u003eImplementation Guidance for the E-Government Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/1/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-03-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2003-M-03-04-Determination-Orders-Organizing-the-Department-of-Homeland-Security-1.pdf\"\u003eDetermination Orders Organizing the Department of Homeland Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/7/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Public Law 107-296 - Establishing the Department of Homeland Security\u003c/p\u003e\u003ch3\u003e2002\u003c/h3\u003e\u003ch4\u003eM-02-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2002/m02-14.pdf\"\u003eAdditional Information Requirements for Overseas Combating Terrorism and Homeland Security for the FY 2004 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/8/2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-02-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2002/m02-11.pdf\"\u003eDepartment of Homeland Security Transition Issues\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/16/2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Public Law 107-296 - Establishing the Department of Homeland Security\u003c/p\u003e\u003ch4\u003eM-02-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2002-M-02-01-Guidance-for-Preparing-and-Submitting-Security-Plans-of-Action-and-Milestones-1.pdf\"\u003eGuidance for Preparing and Submitting Security Plans of Action and Milestones\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/17/2001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Government Information Security Reform Act\u003c/p\u003e\u003ch3\u003e2001\u003c/h3\u003e\u003ch4\u003eM-01-28\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2001-M-01-28-Citizen-Centered-E-Government-Developing-the-Action-Plan.pdf\"\u003eCitizen-Centered E-Government: Developing the Action Plan\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e President Management Agenda - e-Government\u003c/p\u003e\u003ch4\u003eM-01-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2001-M-01-05-Guidance-on-Inter-Agency-Sharing-of-Personal-Data-Protecting-Personal-Privacy.pdf\"\u003eGuidance on Inter-Agency Sharing of Personal Data Protecting Personal Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/20/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Computer Matching and Privacy Protection Act\u003c/p\u003e\u003ch3\u003e2000\u003c/h3\u003e\u003ch4\u003eM-00-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-15-OMB-Guidance-on-Implementing-the-Electronic-Signatures-in-Global-and-National-Commerce-Act.pdf\"\u003eOMB Guidance on Implementing the Electronic Signatures in Global and National Commerce Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/25/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Sign Act\u003c/p\u003e\u003ch4\u003eM-00-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-13-Privacy-Policies-and-Data-Collection-on-Federal-Web-Sites.pdf\"\u003ePrivacy Policies and Data Collection on Federal Web Sites\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/22/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eChildrens Online Privacy Protection Act\u003c/li\u003e\u003cli\u003ePrivacy Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-00-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-10-OMB-Procedures-and-Guidance-on-Implementing-the-Government-Paperwork-Elimination-Act.pdf\"\u003eOMB Procedures and Guidance on Implementing the Government Paperwork Elimination Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/25/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003eM-00-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-03-Reporting-Y2K-Compliance-of-Non-mission-Critical-Systems.pdf\"\u003eReporting Y2K Compliance of Non-mission Critical Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/10/1999\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e1999\u003c/h3\u003e\u003ch4\u003eM-99-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1999-M-99-18-Privacy-Policies-on-Federal-Web-Sites.pdf\"\u003ePrivacy Policies on Federal Web Sites\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/2/1999\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-99-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1999-M-99-01-New-Statutory-Language-on-Paperwork-Reduction-FY-1999-ICB.pdf\"\u003eNew Statutory Language on Paperwork Reduction FY 1999 ICB\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/16/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003e1998\u003c/h4\u003e\u003ch4\u003eM-98-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1995-1998-M-98-14-Comprehensive-Plans-and-Associated-Funding-Requirements-for-Achieving-Year-2000-Computer-Compliance.pdf\"\u003eComprehensive Plans and Associated Funding Requirements for Achieving Year 2000 Computer Compliance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/13/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-11\u003c/p\u003e\u003ch4\u003eM-98-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1995-1998-M-98-09-Updated-Guidance-on-Developing-a-Handbook-for-Individuals-Seeking-Access-of-Public-Information.pdf\"\u003eUpdated Guidance on Developing a Handbook for Individuals Seeking Access of Public Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/23/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eElectronic Freedom of Information Act Amendments of 1996\u003c/li\u003e\u003cli\u003eFOIA\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-98-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1998-M-98-04-Annual-Performance-Plans-Required-by-the-Government-Performance-and-Results-Act-GPRA.pdf\"\u003eAnnual Performance Plans Required by the Government Performance and Results Act (GPRA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/29/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GPRA Modernization Act of 2010\u003c/p\u003e\u003ch3\u003e1997\u003c/h3\u003e\u003ch4\u003eM-97-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/1995-1998/m97-15.pdf\"\u003eLocal Telecommunications Services Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/12/1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch4\u003eM-97-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-09-Interagency-Support-for-Information-Technology.pdf\"\u003eInteragency Support for Information Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/10/1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch4\u003eM-97-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-07-Multiagency-Contracts-Under-the-Information-Technology-Management-Reform-Act-of-1996.pdf\"\u003eMultiagency Contracts Under the Information Technology Management Reform Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/26/1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch4\u003eM-97-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-02-Funding-Information-Systems-Investments.pdf\"\u003eFunding Information Systems Investments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/25/1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eGPRA Modernization Act of 2010\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e1996\u003c/h3\u003e\u003ch4\u003eM-96-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1996-M-96-20-Implementation-of-the-Information-Technology-Management-Reform-Act-of-1996.pdf\"\u003eImplementation of the Information Technology Management Reform Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/4/1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch3\u003e1995\u003c/h3\u003e\u003ch4\u003eM-95-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/1995-1998/m95-17.pdf\"\u003eContingency Planning for Agency Operations in Fiscal Year 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/17/1995\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch2\u003eHHS Policies, Standards, Memorandum, and Guides\u003c/h2\u003e\u003ch3\u003eHHS Policies\u003c/h3\u003e\u003cp\u003eThe HHS Cybersecurity Program develops policies, standards, memoranda, guides, and standard operating procedures. They are collectively referred to as policy documents. HHS policy documents help to apply Federal legislation, OMB regulations, NIST standards, and U.S. Computer Emergency Readiness Team (US-CERT) guidelines in the context of the HHS environment, thus standardizing the implementation of information security and privacy practices across the Department.\u003c/p\u003e\u003cp\u003eNOTE: The HHS Polices can be found at \u003cem\u003ehttp://intranet.hhs.gov/working-at-hhs/cybersecurity/ocio-policies\u003c/em\u003e and are only accessible through the HHS intranet/CMS network and cannot be accessed with a public internet connection.\u003c/p\u003e\u003ch4\u003eCybersecurity Awareness and Training\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2024-03-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Identifies the baseline requirements for providing HHS personnel with the requirements for Awareness Training and of their responsibility to help protect the confidentiality, integrity, and availability of HHS information systems and data\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/role-based-training-rbt\"\u003eCyberGeek - Role Based Training (RBT)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-2-awareness-and-training\"\u003eCyberGeek - Risk Management Handbook (RMH) Chapter 2: Awareness \u0026amp; Training (AT)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e5 CFR 930.301\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS Policy for Information Security and Privacy Protection (IS2P)\u003c/li\u003e\u003cli\u003eNIST S.P. 800-16\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-50\u003c/li\u003e\u003cli\u003eNIST SP 800-181 rev 1\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRecords Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-CDO-2024-02-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the principles, responsibilities, and requirements for managing HHS records\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 2/1/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003eCMS Records and Information Management Program\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B\u003c/li\u003e\u003cli\u003e32 CFR Part 2002\u003c/li\u003e\u003cli\u003e18 U.S. Code § 641\u003c/li\u003e\u003cli\u003e18 U.S. Code § 2071\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 2901-2910\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 3101-3107\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 3106\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 3301-3324\u003c/li\u003e\u003cli\u003e44 U.S. Code § 3301\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eFederal Rules of Civil Procedures\u003c/li\u003e\u003cli\u003eNARA Bulletin 2010-05\u003c/li\u003e\u003cli\u003eNARA Bulletin 2013-02\u003c/li\u003e\u003cli\u003eNARA Bulletin 2014-02\u003c/li\u003e\u003cli\u003eNARA Bulletin 2015-02\u003c/li\u003e\u003cli\u003eNARA Bulletin 2023-02\u003c/li\u003e\u003cli\u003eNARA Criteria for Successfully Managing Permanent Electronic Records\u003c/li\u003e\u003cli\u003eNARA Guidance on Records Management Language for Contracts\u003c/li\u003e\u003cli\u003eNARA Universal Electronic Records Management Requirements\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB M-19-21\u003c/li\u003e\u003cli\u003eOMB M-23-07\u003c/li\u003e\u003cli\u003eHHS Policy for Litigation Holds\u003c/li\u003e\u003cli\u003eHHS Policy for Rules of Behavior for Use of Information and IT Resources\u003c/li\u003e\u003cli\u003eHHS Policy for Mobile Devices and Removable Media\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePrivacy Impact Assessments\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2023-09-005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Set forth the minimum HHS Privacy Threshold Analysis (PTA), PIA, and Internal PIA requirements, as well as accompanying approval and publication processes\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/privacy-impact-assessment-pia\"\u003eCyberGeek - Privacy Impact Assessment (PIA)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS Policy for Information Security and Privacy Protection (IS2P)\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53 Rev. 5\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management v1.0\u003c/li\u003e\u003cli\u003eOMB Circular A-108\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eOMB M-17-06\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act (PRA)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eLitigation Holds\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-CDO-2023-08-004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish that HHS takes all reasonable steps to preserve potentially relevant information in the possession, custody, or control of HHS when civil litigation has commenced or when there is reasonable anticipation of litigation\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/10/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Litigation Holds and Essential Records Program\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B §§ 1220.30-1220.34\u003c/li\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B §§ 1230.1-1230.18\u003c/li\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B §§ 1236.2-1236.36\u003c/li\u003e\u003cli\u003e18 USC § 641\u003c/li\u003e\u003cli\u003e18 USC § 2071\u003c/li\u003e\u003cli\u003e44 USC §§ 2071-2120\u003c/li\u003e\u003cli\u003e44 USC §§ 2901-2912\u003c/li\u003e\u003cli\u003e44 USC §§ 3101-3107\u003c/li\u003e\u003cli\u003e44 USC §§ 3301-3314\u003c/li\u003e\u003cli\u003e44 USC §§ 3501-3583\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eDuty to Disclose, Rule 26\u003c/li\u003e\u003cli\u003eProducing Documents, Rule 34\u003c/li\u003e\u003cli\u003eFailure to Make Disclosures or to Cooperate in Discovery, Rule 37\u003c/li\u003e\u003cli\u003eDelivering Government Solutions in 21st Century\u003c/li\u003e\u003cli\u003eNARA 2010-05\u003c/li\u003e\u003cli\u003eNARA 2014-02\u003c/li\u003e\u003cli\u003eNARA 2015-02\u003c/li\u003e\u003cli\u003eNARA Criteria for Successfully Managing Permanent Electronic Records\u003c/li\u003e\u003cli\u003eNARA Guidance on Records Management Language for Contracts\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMA/NARA M-23-07\u003c/li\u003e\u003cli\u003ePublic Law 113-187\u003c/li\u003e\u003cli\u003eUniversal Electronic Records Management Requirements\u003c/li\u003e\u003cli\u003eNARA General Records Schedules\u003c/li\u003e\u003cli\u003eGeneral Record Schedule 6.1\u003c/li\u003e\u003cli\u003eHHS Implementing Email Records Management\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior for Use of Information and IT Resources\u003c/li\u003e\u003cli\u003eHHS Mobile Devices and Removable Media\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eData Loss Prevention\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2022-05-003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish comprehensive DLP requirements for HHS systems and information that are compliant with FISMA 2014, NIST S.P. 800-53, EO 14028\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/16/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eEO 13556\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHSS IS2P\u003c/li\u003e\u003cli\u003eNARA CUI Program\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB M-22-09\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRules of Behavior for Use of Information and IT Resources\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2023-02-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Defines the acceptable use of HHS information and IT resources and establishes the baseline requirements for developing Rules of Behavior that all users, including privileged users, are required to sign prior to accessing HHS information systems and resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 2/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/hhs-policy-rules-behavior-use-information-it-resources\"\u003eCyberGeek - HHS Policy for Rules of Behavior for Use of Information and IT Resources\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eNIST S.P. 800-18\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003ePublic Law § 115-232 889\u003c/li\u003e\u003cli\u003e5 USC § 552a\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eCommon Data Use Agreement (DUA) Structure and Repository\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-CDO-2023-01-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Defines a DUA as a document that establishes the terms and conditions under which the Data Provider will provide, and the Data Recipient will receive and use, the data covered under the Agreement, which is nonpublic, restricted HHS data shared for a limited government purpose\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/23/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/cms-data-use-agreement-dua\"\u003eCyberGeek - CMS Data Use Agreement (DUA)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e44 USC § 3520\u003c/li\u003e\u003cli\u003e44 USC § 3576\u003c/li\u003e\u003cli\u003eOMB M-14-06\u003c/li\u003e\u003cli\u003eOMB M-01-05\u003c/li\u003e\u003cli\u003eHHS Enterprise Data Management\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEncryption of Computing Devices and Information\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2022-12-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish comprehensive encryption requirements for HHS systems and information that are compliant with FISMA 2014, NIST S.P. 800-53, EO 14028, OMB M-22-09\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/9/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-15-13\u003c/li\u003e\u003cli\u003eOMB M-22-09\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSecuring AI Technology\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-12-007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensure secure implementation of AI technology within HHS, secure HHS networks and information, protect privacy, and address risks\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/14/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13859\u003c/li\u003e\u003cli\u003eEO 13960\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST Privacy Framework\u003c/li\u003e\u003cli\u003eNIST S.P. 800-167\u003c/li\u003e\u003cli\u003eNIST S.P. 800-94\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eDHS AI Using Standards to Mitigate Risks\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Security and Privacy Protection (IS2P)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-11-0006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish comprehensive security and privacy requirements for HHS systems and information that are compliant with FISMA 2014 and NIST S.P. 800-53\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/18/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eEO 13556\u003c/li\u003e\u003cli\u003eFERPA\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eBuy American Act\u003c/li\u003e\u003cli\u003eFASCSA 2018\u003c/li\u003e\u003cli\u003ePublic Law 115-232 § 889\u003c/li\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eHSPD-12\u003c/li\u003e\u003cli\u003eNARA\u003c/li\u003e\u003cli\u003eB.O.D 18-02\u003c/li\u003e\u003cli\u003eFIPS 140-2, 199, 200, 201-1\u003c/li\u003e\u003cli\u003eNIST S.P. 800-111\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST S.P. 800-144\u003c/li\u003e\u003cli\u003eNIST S.P. 800-152\u003c/li\u003e\u003cli\u003eNIST S.P. 800-171\u003c/li\u003e\u003cli\u003eNIST S.P. 800-175A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-175B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-46\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-79-2\u003c/li\u003e\u003cli\u003eNIST S.P. 800-88\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB Circular A-108\u003c/li\u003e\u003cli\u003eOMB M-02-01\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eOMB M-10-22\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-16-17\u003c/li\u003e\u003cli\u003eOMB M-14-03\u003c/li\u003e\u003cli\u003eOMB M-16-17\u003c/li\u003e\u003cli\u003eOMB M-14-03\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003e5 CFR § 930.301\u003c/li\u003e\u003cli\u003ePublic Law 113-291 Title VIII Subtitle D\u003c/li\u003e\u003cli\u003eSection 508 of the Rehabilitation Act of 1973\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Portfolio Management (PfM)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2021-09-005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Describes the Captital Planning and Investment Control (CPIC) principles and requirements, and establishes standard methodologies for conducting OAs, evaluating Investment Risks, certifying adequate Incremental Development, and successfully implementing TBM\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 9/23/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e \u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition\"\u003eCyberGeek - Risk Management Handbook Chapter 15: System \u0026amp; Services Acquisition\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGovernment Performance and Results Act of 1993\u003c/li\u003e\u003cli\u003eFederal Acquisition Streamlining Act of 1994\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act of 1995\u003c/li\u003e\u003cli\u003eFederal Financial Management Improvement Act of 1996\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFITARA 2014\u003c/li\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003ePolicies \u0026amp; Priorities, Technology Business Management. CIO. GOV\u003c/li\u003e\u003cli\u003eRecords Management Act of 1950\u003c/li\u003e\u003cli\u003eSection 508 of the Rehabilitation Act\u003c/li\u003e\u003cli\u003eEO 13636\u003c/li\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eGAO-04-394G\u003c/li\u003e\u003cli\u003eAIMD-10.1.13\u003c/li\u003e\u003cli\u003eGAO-13-87\u003c/li\u003e\u003cli\u003eGAO Report 16-469\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-94\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB Federal Cloud Computing Strategy - Cloud Smart\u003c/li\u003e\u003cli\u003eOMB M-97-02\u003c/li\u003e\u003cli\u003eOMB M-05-23\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eFederal Continuity Directive 1\u003c/li\u003e\u003cli\u003eFederal Continuity Directive 2\u003c/li\u003e\u003cli\u003eFIPS 140-2\u003c/li\u003e\u003cli\u003eNIST S.P. 800-30\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-39\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-56A\u003c/li\u003e\u003cli\u003eSection 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)\u003c/li\u003e\u003cli\u003eHHS Section 508 Electronic and IT\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation\u003c/li\u003e\u003cli\u003eHHS OCIO Roles and Responsibilities\u003c/li\u003e\u003cli\u003eHHS OCIO Enterprise Performance Life Cycle Framework Overview Document\u003c/li\u003e\u003cli\u003eHHS IT Strategic Plan\u003c/li\u003e\u003cli\u003eHHS IT Policy for Enterprise Architecture\u003c/li\u003e\u003cli\u003eHHS Office of Acquisition Management and Policy (OAMP) Acquisition Policy Memorandum\u003c/li\u003e\u003cli\u003eHHS IT Acquisition Reviews (ITAR)\u003c/li\u003e\u003cli\u003eHHS IT Enterprise Performance Life Cycle\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Records Management\u003c/li\u003e\u003cli\u003eHHS Enterprise Risk Management Framework\u003c/li\u003e\u003cli\u003eHHS Cloud Computing and FedRamp Guidance\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy Language\u003c/li\u003e\u003cli\u003eHHS Cyber Supply Chain Risk Management\u003c/li\u003e\u003cli\u003eHHS High Value Asset (HVA) Program\u003c/li\u003e\u003cli\u003eOCIO FITARA Approval Guidance\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eTransition to IPv6\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2021-08-004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides guidance to which HHS Operating Divisions (OpDivs) and Staff Divsions (StaffDivs) must follow to meet the requirements and milestones laid out in the OMB Memorandum 21-07, Completing the Transition to IPv6 (M-21-07)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/1/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eFederal Acquisition Regulation (FAR)\u003c/li\u003e\u003cli\u003eNIST S.P. 500-267A\u003c/li\u003e\u003cli\u003eNIST S.P. 500-267B\u003c/li\u003e\u003cli\u003eNIST S.P. 500-281A\u003c/li\u003e\u003cli\u003eNIST S.P. 500-281B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-21-07\u003c/li\u003e\u003cli\u003eOMB M-05-22\u003c/li\u003e\u003cli\u003eHHS IT Acquisition Reviews (ITAR)\u003c/li\u003e\u003cli\u003eHHS IT Asset Management (ITAM)\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy Language\u003c/li\u003e\u003cli\u003eHHS IT System Inventory Management\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eImplementation of DHS Directive on Vulnerability Disclosure\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-05-003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the HHS compliance requirements under the DHS B.O.D 20-01\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/4/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCarnegie Mellon SEI, The CERT Guide to Coordinated Vulnerable Disclosure\u003c/li\u003e\u003cli\u003eB.O.D. 20-01\u003c/li\u003e\u003cli\u003eDOJ A Framework for a Vulnerability Disclosure Program for Online Systems\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eISO/IEC 29147:2018\u003c/li\u003e\u003cli\u003eNIST Framework for Improving Critical Infrastructure Cybersecurity\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-20-32\u003c/li\u003e\u003cli\u003eEO 13800\u003c/li\u003e\u003cli\u003eTitle 44, U.S. Code, Section 3553(b)(2) Authority and Functions of the Director and the Secretary\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eImplementation of Trusted Internet Connections (TIC)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-03-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the requirements to which HHS Operating Divisions (OpDivs) must adhere when implementing TICs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/17/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e6 USC 1523(b)(1)(D)\u003c/li\u003e\u003cli\u003eOMB M-19-26\u003c/li\u003e\u003cli\u003eCommittee on National Security Systems (CNSS), Internet Engineering Task Force (IETF) RFC 4949\u003c/li\u003e\u003cli\u003eDHS CISA TIC Reference Architecture Document\u003c/li\u003e\u003cli\u003eDHS CISA TIC Volume 1-5\u003c/li\u003e\u003cli\u003eDHS CISA TIC Interim Telework Guidance\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA) Enterprise Infrastructure Solutions (EIS) Management and Operations Handbook\u003c/li\u003e\u003cli\u003eGSA, Transition Handbook, Network, WITS 3, and GSA Regional Local Services to EIS Contracts\u003c/li\u003e\u003cli\u003eNational Cybersecurity Protection System (NCPS) Cloud Interface Reference Architecture\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-41\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-145\u003c/li\u003e\u003cli\u003eNIST S.P. 800-152\u003c/li\u003e\u003cli\u003eNIST S.P. 800-207\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Internet and Email Security\u003c/li\u003e\u003cli\u003eHHS POA\u0026amp;M Standard\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Procurements - Security And Privacy Language\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-03-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Mandates the standard security and privacy language for information and information technology (IT) procurements throughout HHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/3/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/security-and-privacy-requirements-it-procurements\"\u003eCyberGeek - Security and Privacy Requirements for IT Procurements\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eBuy American Act\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eFASCSA 2018\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePublic Law 115-232 § 889\u003c/li\u003e\u003cli\u003ePublic Law 115-390\u003c/li\u003e\u003cli\u003eU.S.C of CFR\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eIT System Inventory Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2020-12-011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Direct HHS entities (i.e., Operating Divisions [OpDiv] and Staff Divisions [StaffDiv]) to establish and maintain an enterprise-wide inventory of HHS IT systems by providing guidance and baseline standards for maintaining a comprehensive inventory of all IT systems and related information\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA 2014\u003c/li\u003e\u003cli\u003eFITARA Enhancement Act of 2017\u003c/li\u003e\u003cli\u003eMEGABYTE Act of 2016\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-17-09\u003c/li\u003e\u003cli\u003eOMB M-19-01\u003c/li\u003e\u003cli\u003eOMB M-19-21\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eHHS CPIC\u003c/li\u003e\u003cli\u003eHHS HVA\u003c/li\u003e\u003cli\u003eHHS ITAM\u003c/li\u003e\u003cli\u003eHHS Records Management\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Asset Management (ITAM)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OCPO-2020-08-008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the HHS program for the management of IT and Telecommunication assets in compliance with the Cap Goal 7: Category Management - Leveraging Common Contracts and Best Practices to Drive Saving and Efficiencies, within the Presidents Management Agenda (PMA); to buy common goods and services as an enterprise to eliminate redundancies, increase efficiency, and to deliver more value and savings from the governments acquisition programs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/19/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003eE-Government Act\u003c/li\u003e\u003cli\u003eMEGABYTE Act of 2016\u003c/li\u003e\u003cli\u003eSection 508 of the Rehabilitation Act\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eFederal Accounting Standards Advisory Board (FASAB), Statement of Federal Financial Accounting Standards (SFFAS) No. 10, Accounting for Internal Use Software\u003c/li\u003e\u003cli\u003eFASAB, Federal Finacial Accounting Technical Release 16, Implementation Guidance for Internal Use Software\u003c/li\u003e\u003cli\u003eGAO 14-413\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-16-12\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-19-13\u003c/li\u003e\u003cli\u003eHHS FITARA Implementation-Revised HHS IT Governance Framework\u003c/li\u003e\u003cli\u003eHHS FITAR Implementation Plan\u003c/li\u003e\u003cli\u003eGAO audit recommendations of HHSs Telecommunications inventory management and IT Strategic Planning\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eVulnerability Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-08-009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the baseline requirements for maintaining and effective vulnerability management program to implement and support activities pertaining to vulnerability scanning and remediation and to continually manage risks impacting HHS IT resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/19/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eSection International Organization for Standardization (ISO) 27002\u003c/li\u003e\u003cli\u003eNIST S.P. 800-40\u003c/li\u003e\u003cli\u003eNIST S.P. 800-51\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-126\u003c/li\u003e\u003cli\u003eNIST S.P. 800-128\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eCyber Supply Chain Risk Management (C-SCRM)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-08-010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the baseline requirements for securing the information and communications technology (ICT) products and services supply chain in order to protect HHS information systems and information from the risks involving ICT procurement supply chain\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/18/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eSECURE Technology Act\u003c/li\u003e\u003cli\u003eBuy American Act\u003c/li\u003e\u003cli\u003ePublic Law 115-232 § 889\u003c/li\u003e\u003cli\u003eFASCSA 2018\u003c/li\u003e\u003cli\u003eComprehensive National Cybersecurity Initiative (CNCI)\u003c/li\u003e\u003cli\u003eCISA National Risk Management Center\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eNIST S.P. 800-161\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eHHS ISP2\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSection 508 Compliance and Accessibility of Information and Communications Technology (ICT)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2020-07-007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Implement uniformity and conformity of accessibility compliance across all of HHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCommunications Act of 1934\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003e36 CFR § 1193-1194\u003c/li\u003e\u003cli\u003eOMB M-17-06\u003c/li\u003e\u003cli\u003eOMB M-13-13\u003c/li\u003e\u003cli\u003eOMB M-16-20\u003c/li\u003e\u003cli\u003eOMB Memorandum, Improving the Accessibility of Government Information\u003c/li\u003e\u003cli\u003eOMB Strategic Plan for Improving Management of Section 508 of the Rehabilitation Act\u003c/li\u003e\u003cli\u003eRehabilitation Act of 1973\u003c/li\u003e\u003cli\u003eWorkforce Innovation and Opportunities Act\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Acquisition Reviews (ITAR)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2020-06-006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the HHS ITAR Program, which ensures HHS conducts its due diligence to manage and maintain oversight and governance over the procurement of IT therefore contributing to effective planning, budgeting, and execution of IT resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eNational Defense Authorization Act for Fiscal Year 2015\u003c/li\u003e\u003cli\u003eEO 13833\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-16-12\u003c/li\u003e\u003cli\u003eHHS FITARA Implementation-Revised HHS IT Governance Framework\u003c/li\u003e\u003cli\u003eHHS FITARA HHS Implementation Plan\u003c/li\u003e\u003cli\u003eHHS Memorandum for Record, HHS Chief Information Officer Delegation of Authorities to Operating Divsiion Chief Information Officers\u003c/li\u003e\u003cli\u003eHHS CPIC\u003c/li\u003e\u003cli\u003eHHS EPLC\u003c/li\u003e\u003cli\u003eHHS Procedures, Guidance and Instructions (PGI)\u003c/li\u003e\u003cli\u003eInformation Technology Decision Criteria and Clause Matrix\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy language\u003c/li\u003e\u003cli\u003eHHS Standard for Encryption of computing Devices and Information\u003c/li\u003e\u003cli\u003eHHS Minumun Security Configuration Standards Guidance\u003c/li\u003e\u003cli\u003eHHS Software Development Secure Coding Practices\u003c/li\u003e\u003cli\u003eHHS Directive for Acquisition Strategy\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePreparing for and Responding to a Breach\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-PIM-2020-05-003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Addresses OMB M-17-22, Preparing for and Responding to a Breach of PII, and sets forth the approach of HHS in preparing for and responding to breaches of PII in any medium or form\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\"\u003eCyberGeek - Risk Management Handbook Chapter 8: Incident Response (IR)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-20-04\u003c/li\u003e\u003cli\u003eOMB M-16-14\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePPD-41\u003c/li\u003e\u003cli\u003eNIST S.P. 800-34\u003c/li\u003e\u003cli\u003eNIST S.P. 800-61\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eUS-CERT Federal Incident Notification Guidelines\u003c/li\u003e\u003cli\u003eNational Cybersecurity and Communications Integration Center (NCCIC) Cyber Incident Scoring System\u003c/li\u003e\u003cli\u003eIdentity Protection Services (IPS) Multiple Award Blanket Purchase Agreement (BPA)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSecuring Wireless Local Area Networks\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-01-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Updates the requirements and specification for securing all HHS WLANs in compliance with the NIST S.P. 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs) and the Institute of Electrical and Electronic Engineers (IEEE) 802.11 WLANs standards\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/13/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-153\u003c/li\u003e\u003cli\u003eNIST S.P. 800-97\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Memorandum, Addendum to the HHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEnterprise Data Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-02-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the requirements for the efficient and secure management and protection of enterprise data\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/13/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-13-13\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eDomain Name System (DNS) and DNS Security Extensions (DNSSEC) Services\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2019-11-011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the minumum requirements for implementing the DNS and DNSEC services across the HHS and the OpDiv networks\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eDHS DNS Security Reference Architecture\u003c/li\u003e\u003cli\u003eNIST S.P. 800-81\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eDHS B.O.D. 19-01\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInternet and Email Security\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2019-10-009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the minimum requirements for securing the internet and email services throughout HHS, including OpDivs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-16-system-communications-protection\"\u003eCyberGeek - RMH Chapter 16: System \u0026amp; Communications Protection\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/email-encryption-requirements-cms\"\u003eCyberGeek - Email Encryption Requirements at CMS\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13800\u003c/li\u003e\u003cli\u003eOMB M-15-13\u003c/li\u003e\u003cli\u003eDHS B.O.D 19-01\u003c/li\u003e\u003cli\u003eDHS B.O.D 18-01\u003c/li\u003e\u003cli\u003eNIST S.P. 800-177\u003c/li\u003e\u003cli\u003eNIST S.P. 800-119\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC) Bureau of Consumer Protections, Businesses Can Help Stop Phishing and Protect their Brands Using Email Authentication\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior (ROB)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHigh Value Asset (HVA) Program\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2018-09-006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides HHS OpDivs and StaffDivs with the policy for governance of HHS HVAs along with the requirements for the identification, categorization, prioritization, reporting, assessment, and the remediation of finding of HVAs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-16-04\u003c/li\u003e\u003cli\u003eOMB M-19-02\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-13-13\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eDHS B.O.D. 18-02\u003c/li\u003e\u003cli\u003eCybersecurity Strategy and Implementation Plan for the Federal Civilian Government (CSIP)\u003c/li\u003e\u003cli\u003eCybersecurity National Action Plan (CNAP)\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Continuity of Operation Program\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy Language\u003c/li\u003e\u003cli\u003eSenior Accountable Official for Risk Management (SAORM) Designee for Department of Homeland Security B.O.D. 18-02 Securing HVAs\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMobile Devices and Removable Media\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2019-09-0005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Protects HHS information and information systems from risks related to the use of mobile devices for government businesses and the risks of using mobile devices to access HHS information systems remotely from outside of HHS facilities\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-5-configuration-management-cm\"\u003eCyberGeek - Risk Management Handbook Chapter 5: Configuration Management (CM)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-10-media-protection-mp\"\u003eCyberGeek - Risk Management Handbook Chapter 10: Media Protection (MP)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-access-control-handbook\"\u003eCyberGeek - CMS Access Control Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFederal Records Act of 1950\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-124\u003c/li\u003e\u003cli\u003eEO 13556\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior for Use of HHS Information and IT Resources Policy\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSoftware Development Secure Coding Practices\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2019-08-005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the minimum baseline secure coding practices that must be implemented to ensure secure code is “built in” in the early phases of the software development lifecycle in order to protect and secure all HHS information, IT systems, and networks\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMobile Applications Privacy Policy\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-PIM-2018-09-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Sets forth HHS policy for protecting privacy in HHS Mobile Applications\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eCOPPA 1998\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eOMB M-17-06\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB A-108\u003c/li\u003e\u003cli\u003eDigital Government: Building a 21st Century Platform to Better Serve the American People\u003c/li\u003e\u003cli\u003eNIST 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-163\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-61\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eHHS Policy and Plan for Preparing for and Responding to Breaches of PII\u003c/li\u003e\u003cli\u003eHHS Privacy Impact Assessment Guidance\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Privacy Impact Assessments (PIA)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology (IT) Policy for Enterprise Performance Life Cycle (EPLC)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2008-004.002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e All HHS IT projects shall be managed using the HHS EPLC Framework, including life cycle phases, reviews, deliverables, activities, responsibilities, and tailoring, regardless of the specific development methodology used\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.cms.gov/data-research/cms-information-technology/tlc\"\u003eCMS.gov - Target Life Cycle (TLC)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition\"\u003eCyberGeek - Risk Management Handbook Chapter 15: System \u0026amp; Services Acquisition\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-16-system-communications-protection\"\u003eCyberGeek - RMH Chapter 16: System \u0026amp; Communications Protection\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003eFederal Acquisition Certification-Program and Project Manager Program (FAC-P/PM)\u003c/li\u003e\u003cli\u003eHHS IT Capital Planning and Investment Control\u003c/li\u003e\u003cli\u003eHHS IRM Policy for Conducting IT Alternatives Analysis\u003c/li\u003e\u003cli\u003eHHS IT Performance Management (PfM)\u003c/li\u003e\u003cli\u003eHHS Enterprise Architecture (EA)\u003c/li\u003e\u003cli\u003eHHS IT System Inventory Management\u003c/li\u003e\u003cli\u003eHHS Records Mangement\u003c/li\u003e\u003cli\u003eHHS Implementing Email Records Management\u003c/li\u003e\u003cli\u003eHHS Section 508 and Accessibility of Technology and Communications Technology (ICT)\u003c/li\u003e\u003cli\u003eHHS Security Policies, Standards, Charters and Training Resources\u003c/li\u003e\u003cli\u003eHHS Incident Reporting, Policy and Incident Management Reference\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eGAO Cost Estimating and Assessment Guide\u003c/li\u003e\u003cli\u003eOMB M-05-23\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-127\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEnvironmental Practices of Electronics\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the framework for the implementation of sound environmental practices in the acquisition, operations and maintenance, and end-of-life management of HHS-purchased electronic products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/5/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Property Management\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13423\u003c/li\u003e\u003cli\u003eEO 13514\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eElectronic Stewardship\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2011-0002.001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the framework for the implementation of sound environmental practices in the acquisition, operations and maintenance, and end-of-life management of HHS-purchased electronic products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Property Management\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13423\u003c/li\u003e\u003cli\u003eEO 13514\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for FOIA Investigatory \u0026amp; Audit Matters\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides HHS staff with a policy for legal holds and to inform HHS staff about FOIA, investigatory, and audit matters that require holds on HHS records and other related documentary materials\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/26/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Freedom of Information Group\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFOIA\u003c/li\u003e\u003cli\u003e44 U.S.C Chapter 31\u003c/li\u003e\u003cli\u003e44 U.S.C Chapter 33\u003c/li\u003e\u003cli\u003e5 U.S.C Chapter 552\u003c/li\u003e\u003cli\u003e36 CFR Chapter XII, subchapter B\u003c/li\u003e\u003cli\u003eFederal Rules of Civil Procedure (FRCP)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for Networks Program Designated Agency Representatives\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2010-0005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Identifies and provides supplemental information in the establishment of titles, roles and responsibilities of Designated Agency Representatives (DARs) for the move from the FTS-2001 contract to the Networx contract and its transition program\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/10/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA) guidelines regarding Networx contracts, policies, and procedures\u003c/li\u003e\u003cli\u003eGSA DAR Guidelines for Network Services Contracts of the Office of ITS FAA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for Enterprise Architecture\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2008-0003.001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Outlines the roles and responsibilities for ensuring compliance with legislative and executive level guidance on Enterprise Architecture (EA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/7/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGRPA 1993\u003c/li\u003e\u003cli\u003eFASA V 1994\u003c/li\u003e\u003cli\u003ePRA 1995\u003c/li\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003eGovernment Paperwork Elimination Act of 1998\u003c/li\u003e\u003cli\u003eGISRA 2000\u003c/li\u003e\u003cli\u003eFISMA 2002\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eEO 13011\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-109\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-127\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-00-07\u003c/li\u003e\u003cli\u003eOMB M-97-02\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for eGov Forms\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2006-0003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensures that HHS maintains accurate form content for those HHS forms that are in the E-Gov Forms Catalogue, managed by the Small Business Administration (SBA) and the General Services Administration (GSA) under the Business Gateway (BG) initiative\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/7/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFederal Property and Administrative Services Act of 1949\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eSection 508 Rehabilitation Act\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act of 1980\u003c/li\u003e\u003cli\u003eInformation Quality Act\u003c/li\u003e\u003cli\u003e5 U.S.C. 552a(e)(1)\u003c/li\u003e\u003cli\u003e44 U.S.C. 3508\u003c/li\u003e\u003cli\u003eSmall Business Paperwork Relief Act of 2002\u003c/li\u003e\u003cli\u003e36 CFR Parts 1220-1238\u003c/li\u003e\u003cli\u003e5 CFR part 1320\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for HHSMail Change Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO 2006-0002.001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the policy for change management within the HHS HHSMail project\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eHHS Standards\u003c/h3\u003e\u003ch4\u003eHHS Standard for Plan of Action and Milestones (POAM) Management and Reporting\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2019-0002.001S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides OpDivs with the baseline standards and guidelines for properly documenting and managing POA\u0026amp;Ms and support the OpDivs in their development and management of POA\u0026amp;Ms within their respective organizations\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/3/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-plan-action-and-milestones-poam-handbook\"\u003eCyberGeek - CMS Plan of Action and Milestones (POA\u0026amp;M) Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eEO 13800\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-14-04\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Standard for System Inventory Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2018-0001.002S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides guidance and the baseline standards for maintaining a comprehensive inventory of all systems throughout HHS and enable management to have continuous accounting of all information systems and information assets\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/27/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Memorandum, FY15 Cybersecurity IT Priorities\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMinimum Security Configuration Standards Guidance\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2017-0001.001S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides personnel involved in configuring or connecting servers, workstations, or network devices to the HHS infrastructure with minimum security configuration standards for each respective device\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/5/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCyber Security Research and Development Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eCNSS Instruction No. 4009\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-52\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-60\u003c/li\u003e\u003cli\u003eNIST S.P. 800-70\u003c/li\u003e\u003cli\u003eNIST S.P. 800-115\u003c/li\u003e\u003cli\u003eNIST S.P. 800-128\u003c/li\u003e\u003cli\u003eNIST S.P. 800-152\u003c/li\u003e\u003cli\u003eNIST S.P. 800-175A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-179\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Minimum Security Configuration Standards for Palo Alto Networks\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2017-0001-002S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides OpDivs with specific technical configuration guidance for implementing the Palo Alto Networks Uniform Resource Locator (URL) filtering and Transport Layer Security (TLS) decryption solution\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/31/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-privacy-impact-assessment-pia-handbook\"\u003eCyberGeek - CMS Privacy Impact Assessment (PIA) Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eNIST S.P. 800-66\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eHHS Memoranda\u003c/h3\u003e\u003ch4\u003eHHS Approved Physical Access and Logical Access Authentication Mechanisms\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/15/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-access-control-handbook\"\u003eCyberGeek - CMS Access Control Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHSPD-12\u003c/li\u003e\u003cli\u003eOMB M-19-17\u003c/li\u003e\u003cli\u003eOMB M-22-09\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63-3\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63C\u003c/li\u003e\u003cli\u003eNIST S.P. 800-157\u003c/li\u003e\u003cli\u003eNIST S.P. 800-217\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eReminder of Existing HHS IT User Policies Relevant for Third-Party Generative AI Tools\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/20/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e40 U.S.C § 11319(b)(1)(A)\u003c/li\u003e\u003cli\u003e40 U.S.C § 11319\u003c/li\u003e\u003cli\u003e40 U.S.C § 11315(c)(2)\u003c/li\u003e\u003cli\u003eHHS Securing AI Technology\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior for Use of Information and IT Resources\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMemorandum M-23-13 “No TikTok on Government Devices” Implementation\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/31/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNo TikTok on Government Devices Act\u003c/li\u003e\u003cli\u003eOMB M-23-13\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eIS2P / NIST S.P. 800-53 Revision 5 - Compliance Timeline\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/20/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eHHS IS2P \u0026nbsp;\u003c/li\u003e\u003cli\u003eHHS Control Catalog\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eUpdated Department Standard Warning Banner for HHS Systems\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 9/12/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRescission of Outdated and Superseded Policy\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/9/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Control Catalog\u003c/li\u003e\u003cli\u003eHHS Minimum Security Configuration Standards Guidance\u003c/li\u003e\u003cli\u003eHHS Minimum Security Configuration Standards for Palo Alto Networks\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Social Security Number (SSN) Reduction and Elimination\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/10/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act of 1995\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eOMB M-07-16\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eEO 9397\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eHHS Sensitive PII Definition and Guidance\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eComplete Transition to IPv 6 Memorandum\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 4/29/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-21-07\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRoles \u0026amp; Repsonsibilities of OpDiv SOPs\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/3/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eImplementing Recommendations of the 9/11 Commission Act of 2007\u003c/li\u003e\u003cli\u003eEO 13636\u003c/li\u003e\u003cli\u003eEO 9397\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-20-04\u003c/li\u003e\u003cli\u003eOMB M-16-24\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-10-22\u003c/li\u003e\u003cli\u003eOMB M-07-16\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS IT Acquisition Reviews (ITAR)\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS High Value Asset (HVA) Program\u003c/li\u003e\u003cli\u003eHHS IT Procurements Security and Privacy Language\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003eHHS Mobile Applications Privacy Policy\u003c/li\u003e\u003cli\u003eHHS POA\u0026amp;M Standard\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eHHS Sensitive PII Definition and Guidance\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eUse of Government Furnished Equipment (GFE) During Foreign Travel\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 2/10/21\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Counterintelligence and Insider Threat - Foreign Travel\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140-2\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRescission of Security and Privacy Outdated and Superseded Policies\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/25/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS IT Security and Privacy Incident Reporting and Response\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Minimum Security Configurations Standards Guidance\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSensitive PII Definition and Guidance\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/4/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST S.P. 800-88\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAddendum to the HHS IS2P\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/24/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003ch4\u003eRequirement for Role-Based Training of Personnel with Significant Security Responsibilities\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/28/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/role-based-training-rbt\"\u003eCyberGeek - Role Based Training (RBT)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFCWAA 2015\u003c/li\u003e\u003cli\u003e5 CFR 930.301\u003c/li\u003e\u003cli\u003eNIST S.P. 800-181\u003c/li\u003e\u003cli\u003eNIST S.P. 800-16\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Cloud Computing and Federal Risk and Authorization Management Program Guidance\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/15/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/fedramp\"\u003eCyberGeek - Federal Risk and Authorization Management Program (FedRAMP)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFedRAMP\u003c/li\u003e\u003cli\u003eNIST S.P. 800-144\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eHHS Cloud Computing Strategy\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEnd-of-Life Operating Systems, Software and Applications Policy\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/19/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eFY15 Cybersecurity IT Priorities\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/1/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eEO 13636\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Usage of Unauthorized External Information Systems to Conduct Department Business Memorandum\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/8/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Security Data Warehouse Escalation Memorandum\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/15/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for Monitoring Employee Use of HHS IT Resources (2013)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/26/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIG Act 1978\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eWhistleblower Protection Act\u003c/li\u003e\u003cli\u003eFOIA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eDetermining Non-Sensitive Data on Mobile Computers/Devices\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/11/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-06-16\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eImplementation of OMB M-10-22 and M-10-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/21/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-10-22\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-07-16\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eResolving Security Audit Finding Disputes\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/13/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-08-21\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eUpdated Departmental Standard for the Definition of Sensitive Information\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/18/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003ch4\u003eApplicability of FISMA to HHS Grantees\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/29/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2002\u003c/li\u003e\u003cli\u003eOMB M-07-19\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eHHS Guides, Forms, and Templates\u003c/h3\u003e\u003ch4\u003eInformation Security \u0026amp; Privacy Certification Checklist\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/1/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition\"\u003eCyberGeek - Risk Management Handbook Chapter 15: System \u0026amp; Services Acquisition\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eNIST S.P. 800-60\u003c/li\u003e\u003cli\u003eNIST S.P. 800-88\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy Exception-Risk Based Decision Request\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/10/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e44 U.S. C, Sec. 3502\u003c/li\u003e\u003cli\u003eOMB A-127\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Guidance for Selection of e-Authentication Assurance Levels\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13681\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63-3\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63C\u003c/li\u003e\u003cli\u003eOMB M-04-04\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Guidance for e-Authentication RA Template\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-63\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63-3\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63C\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eCharter Establishing the EPLC Change Control Board\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e \u003ca href=\"https://www.cms.gov/data-research/cms-information-technology/tlc\"\u003eCMS.gov - Target Life Cycle\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eNon-Disclosure Agreement\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e N/A\u003c/p\u003e"])</script><script>self.__next_f.push([1,"1e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node_type/node_type/d185e460-4998-4d2b-85cb-b04f304dfb1b\"}\n1d:{\"self\":\"$1e\"}\n21:[\"menu_ui\",\"scheduler\"]\n20:{\"module\":\"$21\"}\n24:[]\n23:{\"available_menus\":\"$24\",\"parent\":\"\"}\n25:{\"expand_fieldset\":\"when_required\",\"fields_display_mode\":\"vertical_tab\",\"publish_enable\":false,\"publish_past_date\":\"error\",\"publish_past_date_created\":false,\"publish_required\":false,\"publish_revision\":false,\"publish_touch\":false,\"show_message_after_update\":true,\"unpublish_enable\":false,\"unpublish_required\":false,\"unpublish_revision\":false}\n22:{\"menu_ui\":\"$23\",\"scheduler\":\"$25\"}\n1f:{\"langcode\":\"en\",\"status\":true,\"dependencies\":\"$20\",\"third_party_settings\":\"$22\",\"name\":\"Explainer page\",\"drupal_internal__type\":\"explainer\",\"description\":\"Use \u003ci\u003eExplainer pages\u003c/i\u003e to provide general information in plain language about a policy, program, tool, service, or task related to security and privacy at CMS.\",\"help\":null,\"new_revision\":true,\"preview_mode\":1,\"display_submitted\":true}\n1c:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"links\":\"$1d\",\"attributes\":\"$1f\"}\n28:{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/4420e728-6dc2-4022-bf8d-5bd1329e5e64\"}\n27:{\"self\":\"$28\"}\n29:{\"display_name\":\"jcallan - retired\"}\n26:{\"type\":\"user--user\",\"id\":\"4420e728-6dc2-4022-bf8d-5bd1329e5e64\",\"links\":\"$27\",\"attributes\":\"$29\"}\n2c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/dca2c49b-4a12-4d5f-859d-a759444160a4\"}\n2b:{\"self\":\"$2c\"}\n2d:{\"display_name\":\"meg - retired\"}\n2a:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"links\":\"$2b\",\"attributes\":\"$2d\"}\n30:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22?resourceVersion=id%3A131\"}\n2f:{\"self\":\"$30\"}\n32:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n31:{\"drupal_internal__tid\":131,\"drupal_internal__revision_id\":131,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:13:33+00:00\",\"status\":true,\"name\":\"General Information\",\"description\":null,\"weight\":2,\"changed\":\"2023-03-10T19:04"])</script><script>self.__next_f.push([1,":03+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$32\"}\n36:{\"drupal_internal__target_id\":\"resource_type\"}\n35:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"3a0127c4-ee06-41ed-8239-f796f6d78eb3\",\"meta\":\"$36\"}\n38:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/vid?resourceVersion=id%3A131\"}\n39:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/relationships/vid?resourceVersion=id%3A131\"}\n37:{\"related\":\"$38\",\"self\":\"$39\"}\n34:{\"data\":\"$35\",\"links\":\"$37\"}\n3c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/revision_user?resourceVersion=id%3A131\"}\n3d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/relationships/revision_user?resourceVersion=id%3A131\"}\n3b:{\"related\":\"$3c\",\"self\":\"$3d\"}\n3a:{\"data\":null,\"links\":\"$3b\"}\n44:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n43:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$44\"}\n42:{\"help\":\"$43\"}\n41:{\"links\":\"$42\"}\n40:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"virtual\",\"meta\":\"$41\"}\n3f:[\"$40\"]\n46:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/parent?resourceVersion=id%3A131\"}\n47:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/relationships/parent?resourceVersion=id%3A131\"}\n45:{\"related\":\"$46\",\"self\":\"$47\"}\n3e:{\"data\":\"$3f\",\"links\":\"$45\"}\n33:{\"vid\":\"$34\",\"revision_user\":\"$3a\",\"parent\":\"$3e\"}\n2e:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"links\":\"$2f\",\"attributes\":\"$31\",\"relationships\":\"$33\"}\n4a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5?resourceVersion=id%3A66\"}\n49:{\"self\":\"$4a\"}\n4c:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n4b:{\"drup"])</script><script>self.__next_f.push([1,"al_internal__tid\":66,\"drupal_internal__revision_id\":66,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:26+00:00\",\"status\":true,\"name\":\"Cyber Risk Advisor (CRA)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:26+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$4c\"}\n50:{\"drupal_internal__target_id\":\"roles\"}\n4f:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$50\"}\n52:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/vid?resourceVersion=id%3A66\"}\n53:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/vid?resourceVersion=id%3A66\"}\n51:{\"related\":\"$52\",\"self\":\"$53\"}\n4e:{\"data\":\"$4f\",\"links\":\"$51\"}\n56:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/revision_user?resourceVersion=id%3A66\"}\n57:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/revision_user?resourceVersion=id%3A66\"}\n55:{\"related\":\"$56\",\"self\":\"$57\"}\n54:{\"data\":null,\"links\":\"$55\"}\n5e:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n5d:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$5e\"}\n5c:{\"help\":\"$5d\"}\n5b:{\"links\":\"$5c\"}\n5a:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$5b\"}\n59:[\"$5a\"]\n60:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/parent?resourceVersion=id%3A66\"}\n61:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/parent?resourceVersion=id%3A66\"}\n5f:{\"related\":\"$60\",\"self\":\"$61\"}\n58:{\"data\":\"$59\",\"links\":\"$5f\"}\n4d:{\"vid\":\"$4e\",\"revision_user\":\"$54\",\"parent\":\"$58\"}\n48:{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"links\":\"$49\",\"attributes\":\"$4b\",\"relationships\":\"$4d\"}\n64:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_t"])</script><script>self.__next_f.push([1,"erm/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26?resourceVersion=id%3A81\"}\n63:{\"self\":\"$64\"}\n66:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n65:{\"drupal_internal__tid\":81,\"drupal_internal__revision_id\":81,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:09:11+00:00\",\"status\":true,\"name\":\"Data Guardian\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:09:11+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$66\"}\n6a:{\"drupal_internal__target_id\":\"roles\"}\n69:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$6a\"}\n6c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/vid?resourceVersion=id%3A81\"}\n6d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/relationships/vid?resourceVersion=id%3A81\"}\n6b:{\"related\":\"$6c\",\"self\":\"$6d\"}\n68:{\"data\":\"$69\",\"links\":\"$6b\"}\n70:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/revision_user?resourceVersion=id%3A81\"}\n71:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/relationships/revision_user?resourceVersion=id%3A81\"}\n6f:{\"related\":\"$70\",\"self\":\"$71\"}\n6e:{\"data\":null,\"links\":\"$6f\"}\n78:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n77:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$78\"}\n76:{\"help\":\"$77\"}\n75:{\"links\":\"$76\"}\n74:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$75\"}\n73:[\"$74\"]\n7a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/parent?resourceVersion=id%3A81\"}\n7b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/relationships/parent?resourceVersion=id%3A81\"}\n79:{\"related\":\"$7a\",\"self\":\"$7b\"}\n72:{\"data\":\"$73\",\"links\":\"$79\"}\n67:{\"vid\":\"$68\",\"revision_user\":\"$6e\",\"parent\":\"$72\"}\n62:{\"type\":\"taxonomy_term--roles\",\"id\":\"a2b33f6a-8172-48"])</script><script>self.__next_f.push([1,"62-9c0e-6e5076b6cf26\",\"links\":\"$63\",\"attributes\":\"$65\",\"relationships\":\"$67\"}\n7e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab?resourceVersion=id%3A61\"}\n7d:{\"self\":\"$7e\"}\n80:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n7f:{\"drupal_internal__tid\":61,\"drupal_internal__revision_id\":61,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:12+00:00\",\"status\":true,\"name\":\"Information System Security Officer (ISSO)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:12+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$80\"}\n84:{\"drupal_internal__target_id\":\"roles\"}\n83:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$84\"}\n86:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/vid?resourceVersion=id%3A61\"}\n87:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/vid?resourceVersion=id%3A61\"}\n85:{\"related\":\"$86\",\"self\":\"$87\"}\n82:{\"data\":\"$83\",\"links\":\"$85\"}\n8a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/revision_user?resourceVersion=id%3A61\"}\n8b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/revision_user?resourceVersion=id%3A61\"}\n89:{\"related\":\"$8a\",\"self\":\"$8b\"}\n88:{\"data\":null,\"links\":\"$89\"}\n92:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n91:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$92\"}\n90:{\"help\":\"$91\"}\n8f:{\"links\":\"$90\"}\n8e:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$8f\"}\n8d:[\"$8e\"]\n94:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/parent?resourceVersion=id%3A61\"}\n95:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/parent?resourceVersion=id%3A61\"}\n93:{\"related\""])</script><script>self.__next_f.push([1,":\"$94\",\"self\":\"$95\"}\n8c:{\"data\":\"$8d\",\"links\":\"$93\"}\n81:{\"vid\":\"$82\",\"revision_user\":\"$88\",\"parent\":\"$8c\"}\n7c:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"links\":\"$7d\",\"attributes\":\"$7f\",\"relationships\":\"$81\"}\n98:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34?resourceVersion=id%3A76\"}\n97:{\"self\":\"$98\"}\n9a:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n99:{\"drupal_internal__tid\":76,\"drupal_internal__revision_id\":76,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:55+00:00\",\"status\":true,\"name\":\"System / Business Owner\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:55+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$9a\"}\n9e:{\"drupal_internal__target_id\":\"roles\"}\n9d:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$9e\"}\na0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/vid?resourceVersion=id%3A76\"}\na1:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/vid?resourceVersion=id%3A76\"}\n9f:{\"related\":\"$a0\",\"self\":\"$a1\"}\n9c:{\"data\":\"$9d\",\"links\":\"$9f\"}\na4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/revision_user?resourceVersion=id%3A76\"}\na5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/revision_user?resourceVersion=id%3A76\"}\na3:{\"related\":\"$a4\",\"self\":\"$a5\"}\na2:{\"data\":null,\"links\":\"$a3\"}\nac:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\nab:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$ac\"}\naa:{\"help\":\"$ab\"}\na9:{\"links\":\"$aa\"}\na8:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$a9\"}\na7:[\"$a8\"]\nae:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/parent?resourceVersion=id%3A76\"}\naf:{\"href\":\"https:/"])</script><script>self.__next_f.push([1,"/cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/parent?resourceVersion=id%3A76\"}\nad:{\"related\":\"$ae\",\"self\":\"$af\"}\na6:{\"data\":\"$a7\",\"links\":\"$ad\"}\n9b:{\"vid\":\"$9c\",\"revision_user\":\"$a2\",\"parent\":\"$a6\"}\n96:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"links\":\"$97\",\"attributes\":\"$99\",\"relationships\":\"$9b\"}\nb2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e?resourceVersion=id%3A71\"}\nb1:{\"self\":\"$b2\"}\nb4:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\nb3:{\"drupal_internal__tid\":71,\"drupal_internal__revision_id\":71,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:42+00:00\",\"status\":true,\"name\":\"System Teams\",\"description\":null,\"weight\":0,\"changed\":\"2024-08-02T21:29:47+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$b4\"}\nb8:{\"drupal_internal__target_id\":\"roles\"}\nb7:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$b8\"}\nba:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/vid?resourceVersion=id%3A71\"}\nbb:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/relationships/vid?resourceVersion=id%3A71\"}\nb9:{\"related\":\"$ba\",\"self\":\"$bb\"}\nb6:{\"data\":\"$b7\",\"links\":\"$b9\"}\nbe:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/revision_user?resourceVersion=id%3A71\"}\nbf:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/relationships/revision_user?resourceVersion=id%3A71\"}\nbd:{\"related\":\"$be\",\"self\":\"$bf\"}\nbc:{\"data\":null,\"links\":\"$bd\"}\nc6:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\nc5:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$c6\"}\nc4:{\"help\":\"$c5\"}\nc3:{\"links\":\"$c4\"}\nc2:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$c3\"}\nc1:[\"$c2\"]\nc8:{\"href\":\"https://cy"])</script><script>self.__next_f.push([1,"bergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/parent?resourceVersion=id%3A71\"}\nc9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/relationships/parent?resourceVersion=id%3A71\"}\nc7:{\"related\":\"$c8\",\"self\":\"$c9\"}\nc0:{\"data\":\"$c1\",\"links\":\"$c7\"}\nb5:{\"vid\":\"$b6\",\"revision_user\":\"$bc\",\"parent\":\"$c0\"}\nb0:{\"type\":\"taxonomy_term--roles\",\"id\":\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\",\"links\":\"$b1\",\"attributes\":\"$b3\",\"relationships\":\"$b5\"}\ncc:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38?resourceVersion=id%3A21\"}\ncb:{\"self\":\"$cc\"}\nce:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\ncd:{\"drupal_internal__tid\":21,\"drupal_internal__revision_id\":21,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:05:35+00:00\",\"status\":true,\"name\":\"Federal Policy \u0026 Guidance\",\"description\":null,\"weight\":3,\"changed\":\"2023-03-10T19:04:22+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$ce\"}\nd2:{\"drupal_internal__target_id\":\"topics\"}\nd1:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":\"$d2\"}\nd4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/vid?resourceVersion=id%3A21\"}\nd5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/relationships/vid?resourceVersion=id%3A21\"}\nd3:{\"related\":\"$d4\",\"self\":\"$d5\"}\nd0:{\"data\":\"$d1\",\"links\":\"$d3\"}\nd8:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/revision_user?resourceVersion=id%3A21\"}\nd9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/relationships/revision_user?resourceVersion=id%3A21\"}\nd7:{\"related\":\"$d8\",\"self\":\"$d9\"}\nd6:{\"data\":null,\"links\":\"$d7\"}\ne0:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\ndf:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virt"])</script><script>self.__next_f.push([1,"ual\",\"meta\":\"$e0\"}\nde:{\"help\":\"$df\"}\ndd:{\"links\":\"$de\"}\ndc:{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":\"$dd\"}\ndb:[\"$dc\"]\ne2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/parent?resourceVersion=id%3A21\"}\ne3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/relationships/parent?resourceVersion=id%3A21\"}\ne1:{\"related\":\"$e2\",\"self\":\"$e3\"}\nda:{\"data\":\"$db\",\"links\":\"$e1\"}\ncf:{\"vid\":\"$d0\",\"revision_user\":\"$d6\",\"parent\":\"$da\"}\nca:{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"links\":\"$cb\",\"attributes\":\"$cd\",\"relationships\":\"$cf\"}\ne6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/4ffd074a-8ca7-41ad-8c6c-d270330af3fa?resourceVersion=id%3A19016\"}\ne5:{\"self\":\"$e6\"}\ne8:[]\nea:T1f4c,"])</script><script>self.__next_f.push([1,"\u003ch2\u003e\u003cstrong\u003eWhat is FISMA?\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eThe Federal Information Security Modernization Act (FISMA) defines a framework of guidelines and security standards to protect government information and operations.\u003c/p\u003e\u003cp\u003eFISMA was originally passed as the \u003ca href=\"https://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002\"\u003eFederal Information Security Management Act\u003c/a\u003e in 2002 as part of the E-Government Act. It requires all federal agencies to develop, document, and implement agency-wide information security programs.\u003c/p\u003e\u003cp\u003eThis law has been amended by the \u003ca href=\"https://en.wikipedia.org/wiki/Federal_Information_Security_Modernization_Act_of_2014\"\u003eFederal Information Security Modernization Act of 2014\u003c/a\u003e (sometimes called FISMA Reform), passed in response to the increasing amount of cyber attacks on the federal government.\u0026nbsp;\u003c/p\u003e\u003cp\u003eFISMA defines three security objectives for information and information systems:\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eConfidentiality: \u003c/strong\u003ePreserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eIntegrity: \u003c/strong\u003eGuarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eAvailability: \u003c/strong\u003eEnsuring timely and reliable access to and use of information.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eFISMA compliance\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eA key requirement of FISMA is that program officials, and the head of each agency, must conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels. The Office of Management and Budget (OMB) is the agency responsible for final oversight of the FISMA compliance efforts of each agency.\u003c/p\u003e\u003cp\u003eWhile FISMA sets the legal requirement for annual compliance, the \u003ca href=\"https://security.cms.gov/learn/national-institute-standards-and-technology-nist\"\u003eNational Institute of Standards and Technology\u003c/a\u003e (NIST) is the government body responsible for developing the standards and policies that agencies use to ensure their systems, applications, and networks remain secure. To be FISMA-compliant, agencies must:\u003c/p\u003e\u003ch3\u003eImplement continuous monitoring\u003c/h3\u003e\u003cp\u003eAgencies must continually monitor FISMA accredited systems to identify potential weaknesses. Any changes should be documented in the System Security and Privacy Plan (SSPP). Continuous monitoring will also allow agencies to respond quickly to security incidents or data breaches. CMS is working towards a more robust approach to continuous monitoring through programs like \u003ca href=\"https://security.cms.gov/learn/continuous-diagnostics-and-mitigation-cdm\"\u003eContinuous Diagnostics and Mitigation\u003c/a\u003e and \u003ca href=\"https://security.cms.gov/learn/ongoing-authorization-oa\"\u003eOngoing Authorization\u003c/a\u003e.\u003c/p\u003e\u003ch3\u003eConduct annual security reviews\u003c/h3\u003e\u003cp\u003eProgram officials and agency heads must conduct annual security reviews in order to obtain a FISMA certification. Certification and accreditation are defined in \u003ca href=\"https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final\"\u003eNIST SP 800-37\u003c/a\u003e.\u003c/p\u003e\u003ch3\u003ePerform risk assessment\u003c/h3\u003e\u003cp\u003eSystem risk should be evaluated regularly to validate current security controls and to determine if additional controls are required. At CMS, this is done through assessments such as the \u003ca href=\"https://security.cms.gov/learn/cybersecurity-risk-assessment-program-csrap\"\u003eCybersecurity and Risk Assessment Program\u003c/a\u003e (CSRAP).\u003c/p\u003e\u003ch3\u003eDocument the controls in the system security plan\u003c/h3\u003e\u003cp\u003eDocumentation on the baseline controls used to protect a system must be kept in the form of a \u003ca href=\"https://security.cms.gov/learn/system-security-and-privacy-plan-sspp\"\u003eSystem Security and Privacy Plan\u003c/a\u003e (SSPP). This is a key deliverable in the process of getting \u003ca href=\"https://security.cms.gov/learn/authorization-operate-ato\"\u003eAuthorization to Operate\u003c/a\u003e (ATO) for a FISMA system.\u003c/p\u003e\u003ch3\u003eMeet baseline security controls\u003c/h3\u003e\u003cp\u003eFederal systems must meet minimum security requirements. \u003ca href=\"https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final\"\u003eNIST SP 800-53\u003c/a\u003e outlines the suggested security controls for FISMA compliance. FISMA does not require an agency to implement every single control, but they must implement the controls relevant to their systems and their function. At CMS, standards for security controls are documented in the \u003ca href=\"https://security.cms.gov/policy-guidance/cms-acceptable-risk-safeguards-ars\"\u003eCMS Acceptable Risk Safeguards\u003c/a\u003e (ARS).\u003c/p\u003e\u003ch3\u003ePerform system risk categorization\u003c/h3\u003e\u003cp\u003eInformation systems must be categorized according to their risk levels to ensure that sensitive information and High Value Asset (HVA) systems are given the highest level of security. The categorization process considers the type of information contained in or processed by a system, and will determine what security controls are needed.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe categorization levels follow those prescribed in \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.199.pdf\"\u003eFIPS Publication 199 from NIST\u003c/a\u003e (Standards for Security Categorization of Federal Information and Information Systems).\u003c/p\u003e\u003cp\u003eAt CMS, system categorization happens in CFACTS and results in a categorization of “Low”, “Moderate”, or “High” depending on the level of impact that would occur if the information or the information system were compromised.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eImpact level LOW\u003c/strong\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003eA low impact level occurs when the loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eA limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eCause an interruption to mission capability, but CMS is still able to perform its primary functions\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eEffectiveness of functions is noticeably reduced\u003c/li\u003e\u003cli dir=\"ltr\"\u003eResult in minor damage to organizational assets\u003c/li\u003e\u003cli dir=\"ltr\"\u003eResult in minor financial loss\u003c/li\u003e\u003cli dir=\"ltr\"\u003eResult in minor harm to individuals\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eImpact level MODERATE\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eA moderate impact level occurs when the loss of confidentiality, integrity, or availability could be expected to have a \u003cstrong\u003eserious\u003c/strong\u003e adverse effect on organizational operations, organizational assets, or individuals.\u003c/p\u003e\u003cp\u003eA serious adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCause a \u003cstrong\u003esignificant\u003c/strong\u003e deterioration of mission capability, but CMS is still able to perform its primary functions\u0026nbsp;\u003c/li\u003e\u003cli\u003eEffectiveness of functions is noticeably reduced\u0026nbsp;\u003c/li\u003e\u003cli\u003eResult in significant damage to organizational assets\u003c/li\u003e\u003cli\u003eResult in significant financial loss\u003c/li\u003e\u003cli\u003eResult in significant harm to individuals that does not involve loss of life or serious life threatening injuries\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eImpact level HIGH\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eA high impact level occurs when the loss of confidentiality, integrity, or availability could be expected to have a \u003cstrong\u003esevere or catastrophic\u003c/strong\u003e adverse effect on organizational operations, organizational assets, or individuals.\u003c/p\u003e\u003cp\u003eA severe or catastrophic adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCause a \u003cstrong\u003esevere\u003c/strong\u003e degradation in or total loss of mission capability\u0026nbsp;\u003c/li\u003e\u003cli\u003eThe organization is \u003cstrong\u003enot\u003c/strong\u003e able to perform one or more of its primary functions\u003c/li\u003e\u003cli\u003eResult in \u003cstrong\u003emajor\u003c/strong\u003e damage to organizational assets\u003c/li\u003e\u003cli\u003eResult in major financial loss\u003c/li\u003e\u003cli\u003eResult in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries\u003c/li\u003e\u003c/ul\u003e"])</script><script>self.__next_f.push([1,"eb:T1f4c,"])</script><script>self.__next_f.push([1,"\u003ch2\u003e\u003cstrong\u003eWhat is FISMA?\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eThe Federal Information Security Modernization Act (FISMA) defines a framework of guidelines and security standards to protect government information and operations.\u003c/p\u003e\u003cp\u003eFISMA was originally passed as the \u003ca href=\"https://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002\"\u003eFederal Information Security Management Act\u003c/a\u003e in 2002 as part of the E-Government Act. It requires all federal agencies to develop, document, and implement agency-wide information security programs.\u003c/p\u003e\u003cp\u003eThis law has been amended by the \u003ca href=\"https://en.wikipedia.org/wiki/Federal_Information_Security_Modernization_Act_of_2014\"\u003eFederal Information Security Modernization Act of 2014\u003c/a\u003e (sometimes called FISMA Reform), passed in response to the increasing amount of cyber attacks on the federal government.\u0026nbsp;\u003c/p\u003e\u003cp\u003eFISMA defines three security objectives for information and information systems:\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eConfidentiality: \u003c/strong\u003ePreserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eIntegrity: \u003c/strong\u003eGuarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eAvailability: \u003c/strong\u003eEnsuring timely and reliable access to and use of information.\u003c/p\u003e\u003ch2\u003e\u003cstrong\u003eFISMA compliance\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eA key requirement of FISMA is that program officials, and the head of each agency, must conduct annual reviews of information security programs, with the intent of keeping risks at or below specified acceptable levels. The Office of Management and Budget (OMB) is the agency responsible for final oversight of the FISMA compliance efforts of each agency.\u003c/p\u003e\u003cp\u003eWhile FISMA sets the legal requirement for annual compliance, the \u003ca href=\"https://security.cms.gov/learn/national-institute-standards-and-technology-nist\"\u003eNational Institute of Standards and Technology\u003c/a\u003e (NIST) is the government body responsible for developing the standards and policies that agencies use to ensure their systems, applications, and networks remain secure. To be FISMA-compliant, agencies must:\u003c/p\u003e\u003ch3\u003eImplement continuous monitoring\u003c/h3\u003e\u003cp\u003eAgencies must continually monitor FISMA accredited systems to identify potential weaknesses. Any changes should be documented in the System Security and Privacy Plan (SSPP). Continuous monitoring will also allow agencies to respond quickly to security incidents or data breaches. CMS is working towards a more robust approach to continuous monitoring through programs like \u003ca href=\"https://security.cms.gov/learn/continuous-diagnostics-and-mitigation-cdm\"\u003eContinuous Diagnostics and Mitigation\u003c/a\u003e and \u003ca href=\"https://security.cms.gov/learn/ongoing-authorization-oa\"\u003eOngoing Authorization\u003c/a\u003e.\u003c/p\u003e\u003ch3\u003eConduct annual security reviews\u003c/h3\u003e\u003cp\u003eProgram officials and agency heads must conduct annual security reviews in order to obtain a FISMA certification. Certification and accreditation are defined in \u003ca href=\"https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final\"\u003eNIST SP 800-37\u003c/a\u003e.\u003c/p\u003e\u003ch3\u003ePerform risk assessment\u003c/h3\u003e\u003cp\u003eSystem risk should be evaluated regularly to validate current security controls and to determine if additional controls are required. At CMS, this is done through assessments such as the \u003ca href=\"https://security.cms.gov/learn/cybersecurity-risk-assessment-program-csrap\"\u003eCybersecurity and Risk Assessment Program\u003c/a\u003e (CSRAP).\u003c/p\u003e\u003ch3\u003eDocument the controls in the system security plan\u003c/h3\u003e\u003cp\u003eDocumentation on the baseline controls used to protect a system must be kept in the form of a \u003ca href=\"https://security.cms.gov/learn/system-security-and-privacy-plan-sspp\"\u003eSystem Security and Privacy Plan\u003c/a\u003e (SSPP). This is a key deliverable in the process of getting \u003ca href=\"https://security.cms.gov/learn/authorization-operate-ato\"\u003eAuthorization to Operate\u003c/a\u003e (ATO) for a FISMA system.\u003c/p\u003e\u003ch3\u003eMeet baseline security controls\u003c/h3\u003e\u003cp\u003eFederal systems must meet minimum security requirements. \u003ca href=\"https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final\"\u003eNIST SP 800-53\u003c/a\u003e outlines the suggested security controls for FISMA compliance. FISMA does not require an agency to implement every single control, but they must implement the controls relevant to their systems and their function. At CMS, standards for security controls are documented in the \u003ca href=\"https://security.cms.gov/policy-guidance/cms-acceptable-risk-safeguards-ars\"\u003eCMS Acceptable Risk Safeguards\u003c/a\u003e (ARS).\u003c/p\u003e\u003ch3\u003ePerform system risk categorization\u003c/h3\u003e\u003cp\u003eInformation systems must be categorized according to their risk levels to ensure that sensitive information and High Value Asset (HVA) systems are given the highest level of security. The categorization process considers the type of information contained in or processed by a system, and will determine what security controls are needed.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe categorization levels follow those prescribed in \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.199.pdf\"\u003eFIPS Publication 199 from NIST\u003c/a\u003e (Standards for Security Categorization of Federal Information and Information Systems).\u003c/p\u003e\u003cp\u003eAt CMS, system categorization happens in CFACTS and results in a categorization of “Low”, “Moderate”, or “High” depending on the level of impact that would occur if the information or the information system were compromised.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eImpact level LOW\u003c/strong\u003e\u003c/p\u003e\u003cp dir=\"ltr\"\u003eA low impact level occurs when the loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eA limited adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eCause an interruption to mission capability, but CMS is still able to perform its primary functions\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eEffectiveness of functions is noticeably reduced\u003c/li\u003e\u003cli dir=\"ltr\"\u003eResult in minor damage to organizational assets\u003c/li\u003e\u003cli dir=\"ltr\"\u003eResult in minor financial loss\u003c/li\u003e\u003cli dir=\"ltr\"\u003eResult in minor harm to individuals\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eImpact level MODERATE\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eA moderate impact level occurs when the loss of confidentiality, integrity, or availability could be expected to have a \u003cstrong\u003eserious\u003c/strong\u003e adverse effect on organizational operations, organizational assets, or individuals.\u003c/p\u003e\u003cp\u003eA serious adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCause a \u003cstrong\u003esignificant\u003c/strong\u003e deterioration of mission capability, but CMS is still able to perform its primary functions\u0026nbsp;\u003c/li\u003e\u003cli\u003eEffectiveness of functions is noticeably reduced\u0026nbsp;\u003c/li\u003e\u003cli\u003eResult in significant damage to organizational assets\u003c/li\u003e\u003cli\u003eResult in significant financial loss\u003c/li\u003e\u003cli\u003eResult in significant harm to individuals that does not involve loss of life or serious life threatening injuries\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eImpact level HIGH\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eA high impact level occurs when the loss of confidentiality, integrity, or availability could be expected to have a \u003cstrong\u003esevere or catastrophic\u003c/strong\u003e adverse effect on organizational operations, organizational assets, or individuals.\u003c/p\u003e\u003cp\u003eA severe or catastrophic adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCause a \u003cstrong\u003esevere\u003c/strong\u003e degradation in or total loss of mission capability\u0026nbsp;\u003c/li\u003e\u003cli\u003eThe organization is \u003cstrong\u003enot\u003c/strong\u003e able to perform one or more of its primary functions\u003c/li\u003e\u003cli\u003eResult in \u003cstrong\u003emajor\u003c/strong\u003e damage to organizational assets\u003c/li\u003e\u003cli\u003eResult in major financial loss\u003c/li\u003e\u003cli\u003eResult in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries\u003c/li\u003e\u003c/ul\u003e"])</script><script>self.__next_f.push([1,"e9:{\"value\":\"$ea\",\"format\":\"body_text\",\"processed\":\"$eb\"}\ne7:{\"drupal_internal__id\":1146,\"drupal_internal__revision_id\":19016,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T17:06:13+00:00\",\"parent_id\":\"316\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":\"$e8\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":\"$e9\"}\nef:{\"drupal_internal__target_id\":\"page_section\"}\nee:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":\"$ef\"}\nf1:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/4ffd074a-8ca7-41ad-8c6c-d270330af3fa/paragraph_type?resourceVersion=id%3A19016\"}\nf2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/4ffd074a-8ca7-41ad-8c6c-d270330af3fa/relationships/paragraph_type?resourceVersion=id%3A19016\"}\nf0:{\"related\":\"$f1\",\"self\":\"$f2\"}\ned:{\"data\":\"$ee\",\"links\":\"$f0\"}\nf5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/4ffd074a-8ca7-41ad-8c6c-d270330af3fa/field_specialty_item?resourceVersion=id%3A19016\"}\nf6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/4ffd074a-8ca7-41ad-8c6c-d270330af3fa/relationships/field_specialty_item?resourceVersion=id%3A19016\"}\nf4:{\"related\":\"$f5\",\"self\":\"$f6\"}\nf3:{\"data\":null,\"links\":\"$f4\"}\nec:{\"paragraph_type\":\"$ed\",\"field_specialty_item\":\"$f3\"}\ne4:{\"type\":\"paragraph--page_section\",\"id\":\"4ffd074a-8ca7-41ad-8c6c-d270330af3fa\",\"links\":\"$e5\",\"attributes\":\"$e7\",\"relationships\":\"$ec\"}\nf9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/3d88d941-7844-4a24-8d87-b884cf205f36?resourceVersion=id%3A19017\"}\nf8:{\"self\":\"$f9\"}\nfb:[]\nfa:{\"drupal_internal__id\":1941,\"drupal_internal__revision_id\":19017,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T20:52:21+00:00\",\"parent_id\":\"316\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$fb\",\"default_langcode\":true,\"revision_translation_affected\":true}\nff:{\"drupal_internal__target_id\":\"internal_link\"}\nfe:{\"type\":\"paragraphs_"])</script><script>self.__next_f.push([1,"type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":\"$ff\"}\n101:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/3d88d941-7844-4a24-8d87-b884cf205f36/paragraph_type?resourceVersion=id%3A19017\"}\n102:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/3d88d941-7844-4a24-8d87-b884cf205f36/relationships/paragraph_type?resourceVersion=id%3A19017\"}\n100:{\"related\":\"$101\",\"self\":\"$102\"}\nfd:{\"data\":\"$fe\",\"links\":\"$100\"}\n105:{\"drupal_internal__target_id\":671}\n104:{\"type\":\"node--explainer\",\"id\":\"630cad0d-24c7-44f0-8b25-b3ab2faf97cf\",\"meta\":\"$105\"}\n107:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/3d88d941-7844-4a24-8d87-b884cf205f36/field_link?resourceVersion=id%3A19017\"}\n108:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/3d88d941-7844-4a24-8d87-b884cf205f36/relationships/field_link?resourceVersion=id%3A19017\"}\n106:{\"related\":\"$107\",\"self\":\"$108\"}\n103:{\"data\":\"$104\",\"links\":\"$106\"}\nfc:{\"paragraph_type\":\"$fd\",\"field_link\":\"$103\"}\nf7:{\"type\":\"paragraph--internal_link\",\"id\":\"3d88d941-7844-4a24-8d87-b884cf205f36\",\"links\":\"$f8\",\"attributes\":\"$fa\",\"relationships\":\"$fc\"}\n10b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5087f368-5c99-41a5-b39b-e27bc9df3950?resourceVersion=id%3A19018\"}\n10a:{\"self\":\"$10b\"}\n10d:[]\n10c:{\"drupal_internal__id\":1946,\"drupal_internal__revision_id\":19018,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T20:52:44+00:00\",\"parent_id\":\"316\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$10d\",\"default_langcode\":true,\"revision_translation_affected\":true}\n111:{\"drupal_internal__target_id\":\"internal_link\"}\n110:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":\"$111\"}\n113:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5087f368-5c99-41a5-b39b-e27bc9df3950/paragraph_type?resourceVersion=id%3A19018\"}\n114:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5087f368-5c99-41a5-b39b-e27"])</script><script>self.__next_f.push([1,"bc9df3950/relationships/paragraph_type?resourceVersion=id%3A19018\"}\n112:{\"related\":\"$113\",\"self\":\"$114\"}\n10f:{\"data\":\"$110\",\"links\":\"$112\"}\n117:{\"drupal_internal__target_id\":326}\n116:{\"type\":\"node--explainer\",\"id\":\"a279358b-5b24-49bc-a98e-11681bd7e65c\",\"meta\":\"$117\"}\n119:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5087f368-5c99-41a5-b39b-e27bc9df3950/field_link?resourceVersion=id%3A19018\"}\n11a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5087f368-5c99-41a5-b39b-e27bc9df3950/relationships/field_link?resourceVersion=id%3A19018\"}\n118:{\"related\":\"$119\",\"self\":\"$11a\"}\n115:{\"data\":\"$116\",\"links\":\"$118\"}\n10e:{\"paragraph_type\":\"$10f\",\"field_link\":\"$115\"}\n109:{\"type\":\"paragraph--internal_link\",\"id\":\"5087f368-5c99-41a5-b39b-e27bc9df3950\",\"links\":\"$10a\",\"attributes\":\"$10c\",\"relationships\":\"$10e\"}\n11d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b2ee6b4-cbfd-46c8-a65f-9b2b18e1a793?resourceVersion=id%3A19019\"}\n11c:{\"self\":\"$11d\"}\n11f:[]\n11e:{\"drupal_internal__id\":1951,\"drupal_internal__revision_id\":19019,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T20:53:13+00:00\",\"parent_id\":\"316\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$11f\",\"default_langcode\":true,\"revision_translation_affected\":true}\n123:{\"drupal_internal__target_id\":\"internal_link\"}\n122:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":\"$123\"}\n125:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b2ee6b4-cbfd-46c8-a65f-9b2b18e1a793/paragraph_type?resourceVersion=id%3A19019\"}\n126:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b2ee6b4-cbfd-46c8-a65f-9b2b18e1a793/relationships/paragraph_type?resourceVersion=id%3A19019\"}\n124:{\"related\":\"$125\",\"self\":\"$126\"}\n121:{\"data\":\"$122\",\"links\":\"$124\"}\n129:{\"drupal_internal__target_id\":706}\n128:{\"type\":\"node--explainer\",\"id\":\"adea5bd3-a6c3-4b20-a953-0673e8f5ac17\",\"meta\":\"$129\"}\n12b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragrap"])</script><script>self.__next_f.push([1,"h/internal_link/4b2ee6b4-cbfd-46c8-a65f-9b2b18e1a793/field_link?resourceVersion=id%3A19019\"}\n12c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b2ee6b4-cbfd-46c8-a65f-9b2b18e1a793/relationships/field_link?resourceVersion=id%3A19019\"}\n12a:{\"related\":\"$12b\",\"self\":\"$12c\"}\n127:{\"data\":\"$128\",\"links\":\"$12a\"}\n120:{\"paragraph_type\":\"$121\",\"field_link\":\"$127\"}\n11b:{\"type\":\"paragraph--internal_link\",\"id\":\"4b2ee6b4-cbfd-46c8-a65f-9b2b18e1a793\",\"links\":\"$11c\",\"attributes\":\"$11e\",\"relationships\":\"$120\"}\n12f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dd735dee-c392-4312-bc59-7a2163ad21a6?resourceVersion=id%3A19020\"}\n12e:{\"self\":\"$12f\"}\n131:[]\n130:{\"drupal_internal__id\":3517,\"drupal_internal__revision_id\":19020,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-07-15T18:59:09+00:00\",\"parent_id\":\"316\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$131\",\"default_langcode\":true,\"revision_translation_affected\":true}\n135:{\"drupal_internal__target_id\":\"internal_link\"}\n134:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":\"$135\"}\n137:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dd735dee-c392-4312-bc59-7a2163ad21a6/paragraph_type?resourceVersion=id%3A19020\"}\n138:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dd735dee-c392-4312-bc59-7a2163ad21a6/relationships/paragraph_type?resourceVersion=id%3A19020\"}\n136:{\"related\":\"$137\",\"self\":\"$138\"}\n133:{\"data\":\"$134\",\"links\":\"$136\"}\n13b:{\"drupal_internal__target_id\":381}\n13a:{\"type\":\"node--explainer\",\"id\":\"af385f5f-f61b-47af-a235-7dc48efd251e\",\"meta\":\"$13b\"}\n13d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dd735dee-c392-4312-bc59-7a2163ad21a6/field_link?resourceVersion=id%3A19020\"}\n13e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dd735dee-c392-4312-bc59-7a2163ad21a6/relationships/field_link?resourceVersion=id%3A19020\"}\n13c:{\"related\":\"$13d\",\"self\":\"$13e\"}\n139:{\"data\":\"$13a\",\"links\":\"$13"])</script><script>self.__next_f.push([1,"c\"}\n132:{\"paragraph_type\":\"$133\",\"field_link\":\"$139\"}\n12d:{\"type\":\"paragraph--internal_link\",\"id\":\"dd735dee-c392-4312-bc59-7a2163ad21a6\",\"links\":\"$12e\",\"attributes\":\"$130\",\"relationships\":\"$132\"}\n141:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/b88a7b64-a818-4f85-b969-a2f77482f8ce?resourceVersion=id%3A19021\"}\n140:{\"self\":\"$141\"}\n143:[]\n142:{\"drupal_internal__id\":3518,\"drupal_internal__revision_id\":19021,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-07-15T18:59:18+00:00\",\"parent_id\":\"316\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$143\",\"default_langcode\":true,\"revision_translation_affected\":true}\n147:{\"drupal_internal__target_id\":\"internal_link\"}\n146:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":\"$147\"}\n149:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/b88a7b64-a818-4f85-b969-a2f77482f8ce/paragraph_type?resourceVersion=id%3A19021\"}\n14a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/b88a7b64-a818-4f85-b969-a2f77482f8ce/relationships/paragraph_type?resourceVersion=id%3A19021\"}\n148:{\"related\":\"$149\",\"self\":\"$14a\"}\n145:{\"data\":\"$146\",\"links\":\"$148\"}\n14d:{\"drupal_internal__target_id\":1171}\n14c:{\"type\":\"node--library\",\"id\":\"76ca103f-df48-4164-be97-c4a6902a3f94\",\"meta\":\"$14d\"}\n14f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/b88a7b64-a818-4f85-b969-a2f77482f8ce/field_link?resourceVersion=id%3A19021\"}\n150:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/b88a7b64-a818-4f85-b969-a2f77482f8ce/relationships/field_link?resourceVersion=id%3A19021\"}\n14e:{\"related\":\"$14f\",\"self\":\"$150\"}\n14b:{\"data\":\"$14c\",\"links\":\"$14e\"}\n144:{\"paragraph_type\":\"$145\",\"field_link\":\"$14b\"}\n13f:{\"type\":\"paragraph--internal_link\",\"id\":\"b88a7b64-a818-4f85-b969-a2f77482f8ce\",\"links\":\"$140\",\"attributes\":\"$142\",\"relationships\":\"$144\"}\n153:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf?resourceVersion=id%3A6076\"}\n1"])</script><script>self.__next_f.push([1,"52:{\"self\":\"$153\"}\n155:{\"alias\":\"/learn/zero-trust\",\"pid\":661,\"langcode\":\"en\"}\n156:{\"value\":\"Security paradigm that requires the continuous verification of system users to promote system security\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eSecurity paradigm that requires the continuous verification of system users to promote system security\u003c/p\u003e\\n\"}\n157:[\"#cms-zero-trust\"]\n154:{\"drupal_internal__nid\":671,\"drupal_internal__vid\":6076,\"langcode\":\"en\",\"revision_timestamp\":\"2025-01-15T16:28:16+00:00\",\"status\":true,\"title\":\"Zero Trust \",\"created\":\"2023-02-02T19:12:26+00:00\",\"changed\":\"2025-01-15T16:28:16+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$155\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"ISPGZeroTrust@cms.hhs.gov\",\"field_contact_name\":\"Zero Trust Team\",\"field_short_description\":\"$156\",\"field_slack_channel\":\"$157\"}\n15b:{\"drupal_internal__target_id\":\"explainer\"}\n15a:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":\"$15b\"}\n15d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/node_type?resourceVersion=id%3A6076\"}\n15e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/node_type?resourceVersion=id%3A6076\"}\n15c:{\"related\":\"$15d\",\"self\":\"$15e\"}\n159:{\"data\":\"$15a\",\"links\":\"$15c\"}\n161:{\"drupal_internal__target_id\":138}\n160:{\"type\":\"user--user\",\"id\":\"bebd6b4a-b250-4060-a68d-15e540df32b8\",\"meta\":\"$161\"}\n163:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/revision_uid?resourceVersion=id%3A6076\"}\n164:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/revision_uid?resourceVersion=id%3A6076\"}\n162:{\"related\":\"$163\",\"self\":\"$164\"}\n15f:{\"data\":\"$160\",\"links\":\"$162\"}\n167:{\"drupal_"])</script><script>self.__next_f.push([1,"internal__target_id\":26}\n166:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":\"$167\"}\n169:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/uid?resourceVersion=id%3A6076\"}\n16a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/uid?resourceVersion=id%3A6076\"}\n168:{\"related\":\"$169\",\"self\":\"$16a\"}\n165:{\"data\":\"$166\",\"links\":\"$168\"}\n16e:{\"target_revision_id\":19936,\"drupal_internal__target_id\":536}\n16d:{\"type\":\"paragraph--page_section\",\"id\":\"9271f09e-6087-42ce-9b2a-2ddf6888888d\",\"meta\":\"$16e\"}\n16c:[\"$16d\"]\n170:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_page_section?resourceVersion=id%3A6076\"}\n171:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_page_section?resourceVersion=id%3A6076\"}\n16f:{\"related\":\"$170\",\"self\":\"$171\"}\n16b:{\"data\":\"$16c\",\"links\":\"$16f\"}\n175:{\"target_revision_id\":19941,\"drupal_internal__target_id\":3398}\n174:{\"type\":\"paragraph--internal_link\",\"id\":\"c6911d3e-5198-4b35-ac2a-13d123aedee1\",\"meta\":\"$175\"}\n177:{\"target_revision_id\":19946,\"drupal_internal__target_id\":1616}\n176:{\"type\":\"paragraph--internal_link\",\"id\":\"2bcabaa5-d621-42c9-bdc8-e0b80b3869d3\",\"meta\":\"$177\"}\n179:{\"target_revision_id\":19951,\"drupal_internal__target_id\":3499}\n178:{\"type\":\"paragraph--internal_link\",\"id\":\"670741af-bf41-4d99-a21c-a24dc57f4424\",\"meta\":\"$179\"}\n17b:{\"target_revision_id\":19956,\"drupal_internal__target_id\":1611}\n17a:{\"type\":\"paragraph--internal_link\",\"id\":\"f7a739a6-3d16-4633-bfad-fd8f469ffb64\",\"meta\":\"$17b\"}\n17d:{\"target_revision_id\":19961,\"drupal_internal__target_id\":1621}\n17c:{\"type\":\"paragraph--internal_link\",\"id\":\"80d01d00-9ecf-4254-8e6e-a9242e8289f1\",\"meta\":\"$17d\"}\n17f:{\"target_revision_id\":19966,\"drupal_internal__target_id\":1626}\n17e:{\"type\":\"paragraph--internal_link\",\"id\":\"d576257b-f5ba-4ad4-a81b-7628a82e8dce\",\"meta\":\"$17f\"}\n173:[\"$174\",\"$176\",\"$178\",\"$17a\",\"$17c\",\"$17e\"]"])</script><script>self.__next_f.push([1,"\n181:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_related_collection?resourceVersion=id%3A6076\"}\n182:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_related_collection?resourceVersion=id%3A6076\"}\n180:{\"related\":\"$181\",\"self\":\"$182\"}\n172:{\"data\":\"$173\",\"links\":\"$180\"}\n185:{\"drupal_internal__target_id\":131}\n184:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":\"$185\"}\n187:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_resource_type?resourceVersion=id%3A6076\"}\n188:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_resource_type?resourceVersion=id%3A6076\"}\n186:{\"related\":\"$187\",\"self\":\"$188\"}\n183:{\"data\":\"$184\",\"links\":\"$186\"}\n18c:{\"drupal_internal__target_id\":66}\n18b:{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":\"$18c\"}\n18e:{\"drupal_internal__target_id\":61}\n18d:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":\"$18e\"}\n190:{\"drupal_internal__target_id\":76}\n18f:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":\"$190\"}\n18a:[\"$18b\",\"$18d\",\"$18f\"]\n192:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_roles?resourceVersion=id%3A6076\"}\n193:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_roles?resourceVersion=id%3A6076\"}\n191:{\"related\":\"$192\",\"self\":\"$193\"}\n189:{\"data\":\"$18a\",\"links\":\"$191\"}\n197:{\"drupal_internal__target_id\":21}\n196:{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"meta\":\"$197\"}\n195:[\"$196\"]\n199:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_topics?resourceVersion=id%3A6076\"}\n19a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6"])</script><script>self.__next_f.push([1,"30cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_topics?resourceVersion=id%3A6076\"}\n198:{\"related\":\"$199\",\"self\":\"$19a\"}\n194:{\"data\":\"$195\",\"links\":\"$198\"}\n158:{\"node_type\":\"$159\",\"revision_uid\":\"$15f\",\"uid\":\"$165\",\"field_page_section\":\"$16b\",\"field_related_collection\":\"$172\",\"field_resource_type\":\"$183\",\"field_roles\":\"$189\",\"field_topics\":\"$194\"}\n151:{\"type\":\"node--explainer\",\"id\":\"630cad0d-24c7-44f0-8b25-b3ab2faf97cf\",\"links\":\"$152\",\"attributes\":\"$154\",\"relationships\":\"$158\"}\n19d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c?resourceVersion=id%3A5942\"}\n19c:{\"self\":\"$19d\"}\n19f:{\"alias\":\"/learn/fedramp\",\"pid\":316,\"langcode\":\"en\"}\n1a0:{\"value\":\"Provides a federally-recognized and standardized security framework for all cloud products and services\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eProvides a federally-recognized and standardized security framework for all cloud products and services\u003c/p\u003e\\n\"}\n1a1:[\"#fedramp\"]\n19e:{\"drupal_internal__nid\":326,\"drupal_internal__vid\":5942,\"langcode\":\"en\",\"revision_timestamp\":\"2024-10-17T14:55:23+00:00\",\"status\":true,\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"created\":\"2022-08-29T15:22:00+00:00\",\"changed\":\"2024-10-17T14:55:23+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$19f\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"FedRAMP@cms.hhs.gov\",\"field_contact_name\":\"CMS FedRAMP PMO\",\"field_short_description\":\"$1a0\",\"field_slack_channel\":\"$1a1\"}\n1a5:{\"drupal_internal__target_id\":\"explainer\"}\n1a4:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":\"$1a5\"}\n1a7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/node_type?resourceVersion=id%3A5942\"}\n1a8:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b"])</script><script>self.__next_f.push([1,"24-49bc-a98e-11681bd7e65c/relationships/node_type?resourceVersion=id%3A5942\"}\n1a6:{\"related\":\"$1a7\",\"self\":\"$1a8\"}\n1a3:{\"data\":\"$1a4\",\"links\":\"$1a6\"}\n1ab:{\"drupal_internal__target_id\":114}\n1aa:{\"type\":\"user--user\",\"id\":\"d3421e1d-1fda-4bd0-83ab-e404455b0e66\",\"meta\":\"$1ab\"}\n1ad:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/revision_uid?resourceVersion=id%3A5942\"}\n1ae:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/revision_uid?resourceVersion=id%3A5942\"}\n1ac:{\"related\":\"$1ad\",\"self\":\"$1ae\"}\n1a9:{\"data\":\"$1aa\",\"links\":\"$1ac\"}\n1b1:{\"drupal_internal__target_id\":26}\n1b0:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":\"$1b1\"}\n1b3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/uid?resourceVersion=id%3A5942\"}\n1b4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/uid?resourceVersion=id%3A5942\"}\n1b2:{\"related\":\"$1b3\",\"self\":\"$1b4\"}\n1af:{\"data\":\"$1b0\",\"links\":\"$1b2\"}\n1b8:{\"target_revision_id\":19451,\"drupal_internal__target_id\":1171}\n1b7:{\"type\":\"paragraph--page_section\",\"id\":\"2ce39e48-81e4-4bea-a0ff-04f25ddd0041\",\"meta\":\"$1b8\"}\n1ba:{\"target_revision_id\":19452,\"drupal_internal__target_id\":1211}\n1b9:{\"type\":\"paragraph--page_section\",\"id\":\"77ea2e89-2433-4815-b869-52b2d900029e\",\"meta\":\"$1ba\"}\n1bc:{\"target_revision_id\":19462,\"drupal_internal__target_id\":3431}\n1bb:{\"type\":\"paragraph--page_section\",\"id\":\"deedf0fe-44e9-4015-90a1-f86ce6cbaf24\",\"meta\":\"$1bc\"}\n1be:{\"target_revision_id\":19472,\"drupal_internal__target_id\":1261}\n1bd:{\"type\":\"paragraph--page_section\",\"id\":\"2b2216d8-24c3-4940-930f-6e79f68a279a\",\"meta\":\"$1be\"}\n1c0:{\"target_revision_id\":19474,\"drupal_internal__target_id\":1266}\n1bf:{\"type\":\"paragraph--page_section\",\"id\":\"cbda5c42-489d-4480-85f5-db10db44de3e\",\"meta\":\"$1c0\"}\n1c2:{\"target_revision_id\":19475,\"drupal_internal__target_id\":3433}\n1c1:{\"type\":\"paragraph--page_section\",\"id\":\"37970dd4"])</script><script>self.__next_f.push([1,"-a515-4370-a09f-f5177c2f98c2\",\"meta\":\"$1c2\"}\n1c4:{\"target_revision_id\":19476,\"drupal_internal__target_id\":3434}\n1c3:{\"type\":\"paragraph--page_section\",\"id\":\"434b1960-73e8-43fa-9b9e-253ce35fa55a\",\"meta\":\"$1c4\"}\n1b6:[\"$1b7\",\"$1b9\",\"$1bb\",\"$1bd\",\"$1bf\",\"$1c1\",\"$1c3\"]\n1c6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/field_page_section?resourceVersion=id%3A5942\"}\n1c7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/field_page_section?resourceVersion=id%3A5942\"}\n1c5:{\"related\":\"$1c6\",\"self\":\"$1c7\"}\n1b5:{\"data\":\"$1b6\",\"links\":\"$1c5\"}\n1cb:{\"target_revision_id\":19477,\"drupal_internal__target_id\":1956}\n1ca:{\"type\":\"paragraph--internal_link\",\"id\":\"7a5f06f0-e0ba-4ed2-aade-79b2233ec125\",\"meta\":\"$1cb\"}\n1cd:{\"target_revision_id\":19478,\"drupal_internal__target_id\":1961}\n1cc:{\"type\":\"paragraph--internal_link\",\"id\":\"61509c21-9c9e-48d0-8110-b98574cee727\",\"meta\":\"$1cd\"}\n1cf:{\"target_revision_id\":19479,\"drupal_internal__target_id\":1966}\n1ce:{\"type\":\"paragraph--internal_link\",\"id\":\"c2480fc7-b7c3-49d4-8643-cd42bcd3b56b\",\"meta\":\"$1cf\"}\n1d1:{\"target_revision_id\":19480,\"drupal_internal__target_id\":3435}\n1d0:{\"type\":\"paragraph--internal_link\",\"id\":\"63dffb2c-c587-4991-8523-142b2378a5aa\",\"meta\":\"$1d1\"}\n1c9:[\"$1ca\",\"$1cc\",\"$1ce\",\"$1d0\"]\n1d3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/field_related_collection?resourceVersion=id%3A5942\"}\n1d4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/field_related_collection?resourceVersion=id%3A5942\"}\n1d2:{\"related\":\"$1d3\",\"self\":\"$1d4\"}\n1c8:{\"data\":\"$1c9\",\"links\":\"$1d2\"}\n1d7:{\"drupal_internal__target_id\":131}\n1d6:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":\"$1d7\"}\n1d9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/field_resource_type?resourceVersion=id%3A5942\"}\n1da:{\"href\":\"https://cybergeek.cms"])</script><script>self.__next_f.push([1,".gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/field_resource_type?resourceVersion=id%3A5942\"}\n1d8:{\"related\":\"$1d9\",\"self\":\"$1da\"}\n1d5:{\"data\":\"$1d6\",\"links\":\"$1d8\"}\n1de:{\"drupal_internal__target_id\":66}\n1dd:{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":\"$1de\"}\n1e0:{\"drupal_internal__target_id\":61}\n1df:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":\"$1e0\"}\n1e2:{\"drupal_internal__target_id\":76}\n1e1:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":\"$1e2\"}\n1dc:[\"$1dd\",\"$1df\",\"$1e1\"]\n1e4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/field_roles?resourceVersion=id%3A5942\"}\n1e5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/field_roles?resourceVersion=id%3A5942\"}\n1e3:{\"related\":\"$1e4\",\"self\":\"$1e5\"}\n1db:{\"data\":\"$1dc\",\"links\":\"$1e3\"}\n1e9:{\"drupal_internal__target_id\":21}\n1e8:{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"meta\":\"$1e9\"}\n1e7:[\"$1e8\"]\n1eb:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/field_topics?resourceVersion=id%3A5942\"}\n1ec:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/field_topics?resourceVersion=id%3A5942\"}\n1ea:{\"related\":\"$1eb\",\"self\":\"$1ec\"}\n1e6:{\"data\":\"$1e7\",\"links\":\"$1ea\"}\n1a2:{\"node_type\":\"$1a3\",\"revision_uid\":\"$1a9\",\"uid\":\"$1af\",\"field_page_section\":\"$1b5\",\"field_related_collection\":\"$1c8\",\"field_resource_type\":\"$1d5\",\"field_roles\":\"$1db\",\"field_topics\":\"$1e6\"}\n19b:{\"type\":\"node--explainer\",\"id\":\"a279358b-5b24-49bc-a98e-11681bd7e65c\",\"links\":\"$19c\",\"attributes\":\"$19e\",\"relationships\":\"$1a2\"}\n1ef:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17?resourceVersion=id%3A5740\"}\n1ee:{\"self\":\"$1ef\"}\n1f1:{\"alias\":\"/learn/cms-enterprise-data-encryption-cede\",\"pid\":696,\"langcod"])</script><script>self.__next_f.push([1,"e\":\"en\"}\n1f2:{\"value\":\"How CMS satisfies federal requirements for the encryption of data to keep sensitive information safe\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eHow CMS satisfies federal requirements for the encryption of data to keep sensitive information safe\u003c/p\u003e\\n\"}\n1f3:[\" #ispg-sec_privacy-policy\"]\n1f0:{\"drupal_internal__nid\":706,\"drupal_internal__vid\":5740,\"langcode\":\"en\",\"revision_timestamp\":\"2024-07-31T23:05:04+00:00\",\"status\":true,\"title\":\"CMS Enterprise Data Encryption (CEDE)\",\"created\":\"2023-02-08T23:02:09+00:00\",\"changed\":\"2024-07-31T23:05:04+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$1f1\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CISO@cms.hhs.gov\",\"field_contact_name\":\"ISPG Policy Team\",\"field_short_description\":\"$1f2\",\"field_slack_channel\":\"$1f3\"}\n1f7:{\"drupal_internal__target_id\":\"explainer\"}\n1f6:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":\"$1f7\"}\n1f9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/node_type?resourceVersion=id%3A5740\"}\n1fa:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/relationships/node_type?resourceVersion=id%3A5740\"}\n1f8:{\"related\":\"$1f9\",\"self\":\"$1fa\"}\n1f5:{\"data\":\"$1f6\",\"links\":\"$1f8\"}\n1fd:{\"drupal_internal__target_id\":6}\n1fc:{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":\"$1fd\"}\n1ff:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/revision_uid?resourceVersion=id%3A5740\"}\n200:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/relationships/revision_uid?resourceVersion=id%3A5740\"}\n1fe:{\"related\":\"$1ff\",\"self\":\"$200\"}\n1fb:{\"data\":\"$1fc\",\"links\":\"$1fe\"}\n203:{\"drupal_internal__target_id\":6}\n202:{\"type\":\"user--user\""])</script><script>self.__next_f.push([1,",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":\"$203\"}\n205:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/uid?resourceVersion=id%3A5740\"}\n206:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/relationships/uid?resourceVersion=id%3A5740\"}\n204:{\"related\":\"$205\",\"self\":\"$206\"}\n201:{\"data\":\"$202\",\"links\":\"$204\"}\n20a:{\"target_revision_id\":18947,\"drupal_internal__target_id\":991}\n209:{\"type\":\"paragraph--page_section\",\"id\":\"4b1d8d6e-a8a2-4e11-80a6-27a405215623\",\"meta\":\"$20a\"}\n208:[\"$209\"]\n20c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/field_page_section?resourceVersion=id%3A5740\"}\n20d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/relationships/field_page_section?resourceVersion=id%3A5740\"}\n20b:{\"related\":\"$20c\",\"self\":\"$20d\"}\n207:{\"data\":\"$208\",\"links\":\"$20b\"}\n211:{\"target_revision_id\":18948,\"drupal_internal__target_id\":1766}\n210:{\"type\":\"paragraph--internal_link\",\"id\":\"fd0df184-c977-437e-a3cf-dca03ceb1ece\",\"meta\":\"$211\"}\n213:{\"target_revision_id\":18949,\"drupal_internal__target_id\":1771}\n212:{\"type\":\"paragraph--internal_link\",\"id\":\"30c05b72-b1c5-4a6c-8763-f01546196041\",\"meta\":\"$213\"}\n20f:[\"$210\",\"$212\"]\n215:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/field_related_collection?resourceVersion=id%3A5740\"}\n216:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/relationships/field_related_collection?resourceVersion=id%3A5740\"}\n214:{\"related\":\"$215\",\"self\":\"$216\"}\n20e:{\"data\":\"$20f\",\"links\":\"$214\"}\n219:{\"drupal_internal__target_id\":131}\n218:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":\"$219\"}\n21b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/field_resource_type?resourceVersion=id%3A5740\"}\n21c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explai"])</script><script>self.__next_f.push([1,"ner/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/relationships/field_resource_type?resourceVersion=id%3A5740\"}\n21a:{\"related\":\"$21b\",\"self\":\"$21c\"}\n217:{\"data\":\"$218\",\"links\":\"$21a\"}\n220:{\"drupal_internal__target_id\":61}\n21f:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":\"$220\"}\n222:{\"drupal_internal__target_id\":76}\n221:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":\"$222\"}\n21e:[\"$21f\",\"$221\"]\n224:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/field_roles?resourceVersion=id%3A5740\"}\n225:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/relationships/field_roles?resourceVersion=id%3A5740\"}\n223:{\"related\":\"$224\",\"self\":\"$225\"}\n21d:{\"data\":\"$21e\",\"links\":\"$223\"}\n229:{\"drupal_internal__target_id\":16}\n228:{\"type\":\"taxonomy_term--topics\",\"id\":\"c12221c3-2c7e-4eb0-903f-0470aad63bf0\",\"meta\":\"$229\"}\n227:[\"$228\"]\n22b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/field_topics?resourceVersion=id%3A5740\"}\n22c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/relationships/field_topics?resourceVersion=id%3A5740\"}\n22a:{\"related\":\"$22b\",\"self\":\"$22c\"}\n226:{\"data\":\"$227\",\"links\":\"$22a\"}\n1f4:{\"node_type\":\"$1f5\",\"revision_uid\":\"$1fb\",\"uid\":\"$201\",\"field_page_section\":\"$207\",\"field_related_collection\":\"$20e\",\"field_resource_type\":\"$217\",\"field_roles\":\"$21d\",\"field_topics\":\"$226\"}\n1ed:{\"type\":\"node--explainer\",\"id\":\"adea5bd3-a6c3-4b20-a953-0673e8f5ac17\",\"links\":\"$1ee\",\"attributes\":\"$1f0\",\"relationships\":\"$1f4\"}\n22f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e?resourceVersion=id%3A5993\"}\n22e:{\"self\":\"$22f\"}\n231:{\"alias\":\"/learn/national-institute-standards-and-technology-nist\",\"pid\":371,\"langcode\":\"en\"}\n232:{\"value\":\"Information about NIST and how the agency's policies and guidance relate to security and privacy at CMS\",\"format\":\"plain_text\","])</script><script>self.__next_f.push([1,"\"processed\":\"\u003cp\u003eInformation about NIST and how the agency\u0026#039;s policies and guidance relate to security and privacy at CMS\u003c/p\u003e\\n\"}\n233:[\"#security_community\"]\n230:{\"drupal_internal__nid\":381,\"drupal_internal__vid\":5993,\"langcode\":\"en\",\"revision_timestamp\":\"2024-12-03T14:43:06+00:00\",\"status\":true,\"title\":\"National Institute of Standards and Technology (NIST)\",\"created\":\"2022-08-29T16:46:36+00:00\",\"changed\":\"2024-12-03T14:43:06+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$231\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CISO@cms.hhs.gov\",\"field_contact_name\":\"ISPG Policy Team\",\"field_short_description\":\"$232\",\"field_slack_channel\":\"$233\"}\n237:{\"drupal_internal__target_id\":\"explainer\"}\n236:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":\"$237\"}\n239:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/node_type?resourceVersion=id%3A5993\"}\n23a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/node_type?resourceVersion=id%3A5993\"}\n238:{\"related\":\"$239\",\"self\":\"$23a\"}\n235:{\"data\":\"$236\",\"links\":\"$238\"}\n23d:{\"drupal_internal__target_id\":6}\n23c:{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":\"$23d\"}\n23f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/revision_uid?resourceVersion=id%3A5993\"}\n240:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/revision_uid?resourceVersion=id%3A5993\"}\n23e:{\"related\":\"$23f\",\"self\":\"$240\"}\n23b:{\"data\":\"$23c\",\"links\":\"$23e\"}\n243:{\"drupal_internal__target_id\":26}\n242:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":\"$243\"}\n245:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f"])</script><script>self.__next_f.push([1,"5f-f61b-47af-a235-7dc48efd251e/uid?resourceVersion=id%3A5993\"}\n246:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/uid?resourceVersion=id%3A5993\"}\n244:{\"related\":\"$245\",\"self\":\"$246\"}\n241:{\"data\":\"$242\",\"links\":\"$244\"}\n24a:{\"target_revision_id\":19645,\"drupal_internal__target_id\":496}\n249:{\"type\":\"paragraph--page_section\",\"id\":\"65807e01-7389-4561-8818-b4453d59c7ac\",\"meta\":\"$24a\"}\n248:[\"$249\"]\n24c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_page_section?resourceVersion=id%3A5993\"}\n24d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_page_section?resourceVersion=id%3A5993\"}\n24b:{\"related\":\"$24c\",\"self\":\"$24d\"}\n247:{\"data\":\"$248\",\"links\":\"$24b\"}\n251:{\"target_revision_id\":19646,\"drupal_internal__target_id\":2001}\n250:{\"type\":\"paragraph--internal_link\",\"id\":\"858b57e7-3499-42a6-9fd4-b045a2aa9c42\",\"meta\":\"$251\"}\n253:{\"target_revision_id\":19647,\"drupal_internal__target_id\":2011}\n252:{\"type\":\"paragraph--internal_link\",\"id\":\"d171c5fe-3bb3-47be-bd3e-c53cc75c4f9e\",\"meta\":\"$253\"}\n255:{\"target_revision_id\":19648,\"drupal_internal__target_id\":2286}\n254:{\"type\":\"paragraph--internal_link\",\"id\":\"26c9c7a0-fcc3-4d04-ab8c-21924a868e28\",\"meta\":\"$255\"}\n257:{\"target_revision_id\":19649,\"drupal_internal__target_id\":2281}\n256:{\"type\":\"paragraph--internal_link\",\"id\":\"4e888450-31b6-43e1-95a0-9ac56298fcc9\",\"meta\":\"$257\"}\n259:{\"target_revision_id\":19650,\"drupal_internal__target_id\":2291}\n258:{\"type\":\"paragraph--internal_link\",\"id\":\"f43c4cb2-4d4e-4020-a165-aab378f6254d\",\"meta\":\"$259\"}\n24f:[\"$250\",\"$252\",\"$254\",\"$256\",\"$258\"]\n25b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_related_collection?resourceVersion=id%3A5993\"}\n25c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_related_collection?resourceVersion=id%3A5993\"}\n25a:{\"related\":\"$25b\",\"self\":\""])</script><script>self.__next_f.push([1,"$25c\"}\n24e:{\"data\":\"$24f\",\"links\":\"$25a\"}\n25f:{\"drupal_internal__target_id\":131}\n25e:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":\"$25f\"}\n261:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_resource_type?resourceVersion=id%3A5993\"}\n262:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_resource_type?resourceVersion=id%3A5993\"}\n260:{\"related\":\"$261\",\"self\":\"$262\"}\n25d:{\"data\":\"$25e\",\"links\":\"$260\"}\n264:[]\n266:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_roles?resourceVersion=id%3A5993\"}\n267:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_roles?resourceVersion=id%3A5993\"}\n265:{\"related\":\"$266\",\"self\":\"$267\"}\n263:{\"data\":\"$264\",\"links\":\"$265\"}\n26b:{\"drupal_internal__target_id\":21}\n26a:{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"meta\":\"$26b\"}\n269:[\"$26a\"]\n26d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_topics?resourceVersion=id%3A5993\"}\n26e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_topics?resourceVersion=id%3A5993\"}\n26c:{\"related\":\"$26d\",\"self\":\"$26e\"}\n268:{\"data\":\"$269\",\"links\":\"$26c\"}\n234:{\"node_type\":\"$235\",\"revision_uid\":\"$23b\",\"uid\":\"$241\",\"field_page_section\":\"$247\",\"field_related_collection\":\"$24e\",\"field_resource_type\":\"$25d\",\"field_roles\":\"$263\",\"field_topics\":\"$268\"}\n22d:{\"type\":\"node--explainer\",\"id\":\"af385f5f-f61b-47af-a235-7dc48efd251e\",\"links\":\"$22e\",\"attributes\":\"$230\",\"relationships\":\"$234\"}\n271:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94?resourceVersion=id%3A5872\"}\n270:{\"self\":\"$271\"}\n273:{\"alias\":\"/policy-guidance/cms-guide-federal-laws-regulations-and-policies\",\"pid\":1172,\"langcode\":\"en\"}\n275:T3796b,"])</script><script>self.__next_f.push([1,"\u003cp\u003eThere are federal laws, regulations, and policies outside of CMS that shape how security and privacy is managed inside CMS. This page contains a comprehensive list of these external requirements, and shows how they relate to the security and privacy policies and guidance at CMS.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDISCLAIMER:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cem\u003eThe laws, regulations, standards, and guidelines provided herein are considered a work in progress and are subject to continuous updates. While we strive to ensure the accuracy and relevance of the information presented, it is important to note that legislative changes, regulatory updates, or evolving standards may impact the content provided. Users are encouraged to regularly check for the latest revisions and consult official sources to ensure compliance with the most current legal and regulatory requirements. The information offered is intended for general informational purposes only and should not be construed as legal advice. Any reliance on the content provided is at the user's own risk. We reserve the right to modify, amend, or update the information without prior notice.\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eQUESTIONS OR COMMENTS?\u003c/strong\u003e Check out CMS Slack channel:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://cmsgov.slack.com/archives/C06KFL4RSSC\"\u003e# cms_fed_laws_policies\u003c/a\u003e\u003c/p\u003e\u003ch2\u003eFederal Laws\u003c/h2\u003e\u003cp\u003eLaws are passed by both branches of Congress and signed by the President. Laws establish requirements or prohibitions. This list contains all federal laws that relate to information security and privacy at CMS.\u003c/p\u003e\u003ch3\u003eFISMA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.cisa.gov/topics/cyber-threats-and-advisories/federal-information-security-modernization-act\"\u003eFederal Information Security Modernization Act of 2014 (FISMA 2014\u003c/a\u003e)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eFederal legislation that defines a framework of guidelines and security standards to protect government information and operations\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eFISMA 2014 amends the FISMA of 2002\u003c/p\u003e\u003ch3\u003eThe Privacy Act of 1974\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.justice.gov/opcl/overview-privacy-act-1974-2020-edition/introduction\"\u003eThe Privacy Act of 1974\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eEstablishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Sep 1975\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eHIPAA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html\"\u003eHealth Insurance Portability and Accountability Act (HIPAA) of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eFederal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patients consent or knowledge\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eHHS issued the Privacy Rule and the Security Rule to implement the requirement of HIPAA\u003c/p\u003e\u003ch3\u003eE-Government Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.justice.gov/opcl/e-government-act-2002\"\u003eE-Government Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eImproves the management of Federal e-government services and processes involving the collection, maintenance, or dissemination of public or personal information\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eSection 208 requires Privacy Impact Assessments (PIAs)\u003c/p\u003e\u003ch3\u003eFedRAMP\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.fedramp.gov/program-basics/\"\u003eFederal Risk and Authorization Management Program (FedRAMP)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eA government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003e2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eJoint Authorization Board (JAB)\u003c/li\u003e\u003cli\u003eDepartment of Defense (DoD)\u003c/li\u003e\u003cli\u003eDepartment of Homeland Security (DHS)\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eComputer Matching and Privacy Protection Act of 1988\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.congress.gov/bill/100th-congress/senate-bill/496\"\u003eComputer Matching and Privacy Protection Act of 1988\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eRequires agencies engaged in computer matching activities to provide notice to individuals if their information is being disclosed to other federal and state agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eSep 1988\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eGovernment Accountability Office (GAO)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSection 508\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.section508.gov/manage/laws-and-policies/\"\u003eSection 508 of the Rehabilitation Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eA federal law that requires agencies to provide individuals with disabilities equal access to electronic information and data comparable to those who do not have disabilities, unless an undue burden would be imposed on the agency\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003e1988\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eU.S. Access Board\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eAmended in 2000\u003c/p\u003e\u003ch3\u003eHSPD-12\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.dhs.gov/homeland-security-presidential-directive-12\"\u003eHomeland Security Presidential Directive 12 (HSPD-12)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eA Government-wide standard for a secure and reliable form of identification issued by the Federal government to its employees and employees of Federal contractors for access to Federally-controlled facilities and Government information systems\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFASCSA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.congress.gov/bill/115th-congress/senate-bill/3085/text\"\u003eFederal Acquisition Supply Chain Security Act (FASCSA) of 2018\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eTo establish a Federal Acquisition Security Council and to provide executive agencies with authorities relating to mitigating supply chain risks in the procurement of information technology, and for other purposes\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eGovernment Accountability Office (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFITARA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.cio.gov/handbook/it-laws/fitara-2014/\"\u003eFederal Information Technology Acquisition Reform Act (FITARA) of 2014\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eStrengthens the role of agency Chief Information Officers (CIOs) and provided greater accountability for the delivery of IT capabilities across the Federal Government\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eOMB M-15-14 implements\u003c/p\u003e\u003ch3\u003eMMA of 2003\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.ssa.gov/privacy/pia/Medicare%20Modernization%20Act%20(MMA)%20FY07.htm\"\u003eMedicare Prescription Drug, Improvement, and Modernization Act (MMA) of 2003\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eAmended section 1144 of the Social Security Act to require the Commissioner of Social Security to conduct additional outreach efforts to identify individuals entitled to benefits, or enrolled under the Medicare program under Title XVIII, who may be eligible for transitional assistance under the Medicare Prescription Drug Discount Card Program and premium and cost-sharing subsidies under the Prescription Drug Card Part D Program\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Health and Human Services (HHS) - Centers for MEDICARE \u0026amp; MEDICAID Services (CMS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eBuy America Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.gao.gov/products/105519\"\u003eBuy America Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eRequires Federal agencies to procure domestic materials and products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApr 1978\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eGovernment Accountability Office (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eNo TikTok on Government Devices Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.congress.gov/bill/117th-congress/senate-bill/1143\"\u003eNo TikTok on Government Devices Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eRequires the social media video application TikTok to be removed from the information technology of federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFOIA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.foia.gov/\"\u003eFreedom of Information Act (FOIA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eProvides that any person has the right to request access to federal agency records or information except to the extent the records are protected from disclosure by any of nine exemptions contained in the law or by one of three special law enforcement record exclusions\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1967\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Justice (DOJ)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eIG Act of 1978\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.ignet.gov/content/inspector-general-act-1978\"\u003eInspectors General Act (IG Act) of 1978\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eCreates Inspector General positions and offices in more than a dozen specific departments and agencies. The Act gave these inspectors general the authority to review the internal documents of their departments or offices. They were given responsibility to investigate fraud, to give policy advice (5 U.S.C. § 404; IG Act, sec. 4), to handle certain complaints by employees, and to report to the heads of their agencies and to Congress on their activities every six months\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1978\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eDOTGOV Act of 2020\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.federalregister.gov/documents/2022/07/26/2022-15670/federal-management-regulation-fmr-internet-gov-domain\"\u003eDOTGOV Online Trust in Government Act of 2020\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eTransfers the DotGov internet domain program, as operated by the General Services Administration under title 41, Code of Federal Regulations, to DHS CISA. The Act also orders that on the date CISA begins operational administration of the DotGov internet domain program, the GSA Administrator shall rescind the requirements in part 102173 of title 41, Code of Federal Regulations applicable to any Federal, State, local, or territorial government entity, or other publicly controlled entity, including any Tribal government recognized by the Federal Government or a State government that is registering or operating a DotGov internet domain. Finally, the DOTGOV orders that in place of the requirements in part 102173 of title 41, Code of Federal Regulations, CISA, in consultation with the Director of Management and Budget (OMB), shall establish and publish a new set of requirements for the registration and operation of DotGov domains.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003ePart of the Consolidated Appropriations Act, 2021\u003c/p\u003e\u003ch3\u003eGovernment Performance and Results Act (GPRA) of 1993\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.federalreserve.gov/publications/gpra.htm\"\u003eGovernment Performance and Results Act (GPRA) of 1993\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to prepare a strategic plan covering a multiyear period and requires each agency to submit an annual performance plan and an annual performance report.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 1993\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Acquisition Streamlining Act (FASA) of 1994\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/103rd-congress/senate-bill/1587\"\u003eFederal Acquisition Streamlining Act (FASA) of 1994\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Streamlines the federal governments acquisition system and dramatically changes the way the government performs its contracting functions. Generally, the statute seeks to: (1) increase the governments reliance on commercial goods and services; (2) streamline the procurement process for high volume, low value acquisitions; (3) improve access by small businesses to government contracting opportunities; (4) improve the bid protest process; and (5) extend the Truth in Negotiations Act to civilian agencies and raise the threshold for submitting certified cost or pricing data under that Act.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1994\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePaperwork Reduction Act (PRA) of 1995\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/104th-congress/senate-bill/244\"\u003ePaperwork Reduction Act (PRA) of 1995\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires that agencies obtain Office of Management and Budget (OMB) approval before requesting most types of information from the public. “Information collections” include forms, interviews, and record keeping, to name a few categories.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 1995\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Financial Management Improvement Act of 1996\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/104th-congress/house-bill/4319\"\u003eFederal Financial Management Improvement Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Advances Federal financial management by ensuring that Federal financial management systems provide accurate, reliable, and timely financial management information to the governments managers.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eSep 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eClinger-Cohen Act of 1996\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/clinger-cohen-act/\"\u003eClinger-Cohen Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The IT Management Reform Act (ITMRA) and the Federal Acquisition Reform Act (FARA) together make up the Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Records Act (FRA) (Records Management Act of 1950)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://presidentialtransition.org/wp-content/uploads/sites/6/2020/11/Federal-Records-Act-Overview.pdf\"\u003eRecords Management Act of 1950 / Federal Records Act (FRA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Designed to ensure that institutional records of vital historical, fiscal and legal value are identified and preserved by the government, providing the public with a historical record of federal; decision-making.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1950\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eNational Archives and Records Administration (NARA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSection 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.acquisition.gov/Section-889-Policies\"\u003eSection 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prohibits the Federal Government from procuring or obtaining, or extending or renewing a contract to procure or obtain “any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system,” on or after August 13, 2019, unless an exception applies or a waiver is granted.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Defense (DoD)\u003c/li\u003e\u003cli\u003eNational Aeronautics and Space Administration (NASA)\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFITARA Enhancement Act of 2017\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/115th-congress/house-bill/3243\"\u003eFITARA Enhancement Act of 2017\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e An act to amend title 40, United States Code, to eliminate the sunset of certain provisions relating to information technology, to amend the National Defense Authorization Act for Fiscal Year 2015 to extend the sunset relating to the Federal Data Center Consolidation Initiative, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eMaking Electronic Government Accountable by Yielding Tangible Efficiencies (MEGABYTE) Act of 2016\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/114th-congress/house-bill/4904/text\"\u003eMaking Electronic Government Accountable by Yielding Tangible Efficiencies (MEGABYTE) Act of 2016\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the Director of the Office of Management and Budget to issue a directive on the management of software licenses by the US federal government.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eStrengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure (SECURE) Technology Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/115th-congress/house-bill/7327/text\"\u003eStrengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure (SECURE) Technology Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the Secretary of Homeland Security to establish a security vulnerability disclosure policy, to establish a bug bounty program for the Department of Homeland Security, to amend title 41, United States Code, to provide for Federal acquisition supply chain security, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eCommunications Act of 1934\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1288\"\u003eCommunications Act of 1934\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Combined and organized federal regulation of telephone, telegraph, and radio communications. The Act created the Federal Communications Commission (FCC) to oversee and regulate these industries. The Act is updated periodically to add provisions governing new communications technologies, such as broadcast, cable and satellite television.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJun 1934\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eFederal Communications Commission (FCC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eWorkforce Innovation and Opportunities Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.dol.gov/agencies/eta/wioa\"\u003eWorkforce Innovation and Opportunities Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Designed to strengthen and improve our nation's public workforce system and help get Americans, including youth and those with significant barriers to employment, into high-quality jobs and careers and help employers hire and retain skilled workers.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Labor (DOL)\u003c/li\u003e\u003cli\u003eDepartment of Education (ED)\u003c/li\u003e\u003cli\u003eDepartment of Health and Human Services (HHS)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eChildrens Online Privacy Protection Act (COPPA) of 1998\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa\"\u003eChildrens Online Privacy Protection Act (COPPA) of 1998\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApr 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eFederal Trade Commission (FTC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGovernment Paperwork Elimination Act of 1998\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/gpea/\"\u003eGovernment Paperwork Elimination Act of 1998\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e It requires Federal agencies, by October 21, 2003, to provide individuals or entities that deal with agencies the option to submit information or transact with the agency electronically, and to maintain records electronically, when practicable.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Property and Administrative Services Act of 1949\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/USCODE-2011-title40/html/USCODE-2011-title40-subtitleI-chap1.htm\"\u003eFederal Property and Administrative Services Act of 1949\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the General Services Administration (GSA). The act also provides for various Federal Standards to be published by the GSA.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1949\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eGeneral Services Administration (GSA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eInformation Quality Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/information-quality-act/\"\u003eInformation Quality Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the OMB to promulgate guidance to agencies ensuring the quality, objectivity, utility, and integrity of information (including statistical information) disseminated by Federal agencies.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSmall Business Paperwork Relief Act of 2002\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.sba.gov/document/policy-guidance--small-business-paperwork-relief-act-2002\"\u003eSmall Business Paperwork Relief Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Institutes a process to reduce paperwork, and introduces measures to make it easier for small businesses to comply with the law.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJun 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eCyber Security Research and Development Act of 2002\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/107th-congress/house-bill/3394\"\u003eCyber Security Research and Development Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Authorizes appropriations to the National Science Foundation (NSF) and to the Secretary of Commerce for the National Institute of Standards and Technology (NIST) to establish new programs, and to increase funding for certain current programs, for computer and network security (CNS) research and development and CNS research fellowships.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eNational Science Foundation (NSF)\u003c/li\u003e\u003cli\u003eNational Institute of Standards and Technology (NIST)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eImplementing Recommendations of the 9/11 Commission Act of 2007\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/110th-congress/house-bill/1\"\u003eImplementing Recommendations of the 9/11 Commission Act of 2007\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides for implementation of recommendations of the National Commission on Terrorist Attacks Upon the United States (9/11 Commission).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Cybersecurity Workforce Assessment Act (FCWAA) of 2015\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/113/plaws/publ246/PLAW-113publ246.pdf\"\u003eFederal Cybersecurity Workforce Assessment Act (FCWAA) of 2015\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the Secretary of Homeland Security to assess the cybersecurity workforce of the Department of Homeland Security and develop a comprehensive workforce strategy, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eWhistleblower Protection Act of 1989\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/101st-congress/senate-bill/20\"\u003eWhistleblower Protection Act of 1989\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prohibits retaliation against most executive branch employees when they blow the whistle on \u0026nbsp;ignificant agency wrongdoing or when they engage in protected conduct.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApr 1989\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Special Counsel\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eComputer Security Act of 1987\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/100th-congress/house-bill/145/all-info\"\u003eComputer Security Act of 1987\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides for a computer standards program within the National Bureau of Standards, to provide for Government-wide computer security, and to provide for the training in security matters of persons who are involved in the management, operation, and use of Federal computer systems, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJan 1988\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eNational Institute of Standards and Technology (NIST)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eOffice of Federal Procurement Policy Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/omb/management/office-federal-procurement-policy/\"\u003eOffice of Federal Procurement Policy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The Office of Federal Procurement Policy (OFPP) was established by Congress in 1974 to provide overall direction for government-wide procurement policies, regulations and procedures and to promote economy, efficiency, and effectiveness in acquisition processes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Aug 1974\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Activities Inventory Reform (FAIR) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/105/plaws/publ270/PLAW-105publ270.pdf\"\u003eFederal Activities Inventory Reform (FAIR) Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to submit to the Office of Management and Budget inventories of commercial activities performed by federal employees every year by June 30.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Oct 1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eBudget and Accounting Act of 1921\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/D03855.pdf\"\u003eBudget and Accounting Act of 1921\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides a national budget system and an independent audit of Government accounts, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jun 1921\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Managers' Financial Integrity Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/omb/financial_fmfia1982\"\u003eFederal Managers Financial Integrity Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the statutory basis for managements responsibility for and assessment of accounting and administrative internal controls. Such controls include program, operational, and administrative areas, as well as accounting and financial management.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Sep 1982\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSarbanes-Oxley Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://sarbanes-oxley-act.com/\"\u003eSarbanes-Oxley Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Contains provisions affecting corporate governance, risk management, auditing, and financial reporting of public companies, including provisions intended to deter and punish corporate accounting fraud and corruption.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jul 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003ePublic Company Accounting Oversight Board (PCAOB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eDigital Accountability and Transparency Act (DATA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/113/plaws/publ101/PLAW-113publ101.pdf\"\u003eDigital Accountability and Transparency Act (DATA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to prepare and submit standardized, accurate information about their spending.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e May 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eDepartment of Treasury\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eElectronic Signatures in Global and National Commerce (E-Sign) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/PLAW-106publ229/pdf/PLAW-106publ229.pdf\"\u003eElectronic Signatures in Global and National Commerce (E-Sign) Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Facilitates the use of electronic records and signatures in interstate or foreign commerce.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jun 2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Commerce\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eSpecifies that, in the United States, the use of an electronic signature (e-signature) is as legally valid as a traditional signature written in ink on paper.\u003c/p\u003e\u003ch3\u003eChief Financial Officers Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/cfo-act/\"\u003eChief Financial Officers Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Gives OMB new authority and responsibility for directing federal financial management, modernizing the governments financial management systems, and strengthening financial reporting.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 1990\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eHomeland Security Act of 2002\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.dhs.gov/homeland-security-act-2002\"\u003eHomeland Security Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Established the Department of Homeland Security\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eHealth Information Technology for Economic and Clinical Health (HITECH) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html\"\u003eHITECH Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Part of the American Recovery and Reinvestment Act of 2009 that incentivized the meaningful use of Electronic Health Records (EHRs) and strengthened the privacy and security provisions of HIPAA.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Health and Human Services (HHS)\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePatient Protection and Affordable Care Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/3590\"\u003ePatient Protection and Affordable Care Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensures that all Americans have access to quality, affordable health care and will create the transformation within the health care system necessary to contain costs.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMar 2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGovernment Performance and Results Act (GPRA) Modernization Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/111/plaws/publ352/PLAW-111publ352.pdf\"\u003eGovernment Performance and Results Act (GPRA) Modernization Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e An amended version of the Government Performance and Results Act of 1993, it requires each executive agency to make its strategic plan available on its public website and to the OMB on the first Monday in February of any year following that in which the term of the President commences and to notify the President and Congress.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJan 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGenetic Information Nondiscrimination Act (GINA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/PLAW-110publ233/pdf/PLAW-110publ233.pdf\"\u003eGenetic Information Nondiscrimination Act (GINA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Protects individuals against discrimination based on their genetic information in health coverage and in employment.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eEconomy Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.acquisition.gov/node/29803/printable/pdf\"\u003eEconomy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Authorizes agencies to enter into agreements to obtain \u003cem\u003esupplies\u003c/em\u003e or services from another agency.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 1933\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Federal Acquistition Regulations (FAR)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eIPERIA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/112/plaws/publ248/PLAW-112publ248.pdf\"\u003eImproper Payments Elimination and Recovery Improvement Act (IPERIA) of 2012\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides guidance on monitoring and reporting improper payments, and requires agencies to continue their review of programs and activities annually to identify those susceptible to significant improper payments and updates the definition of significant improper payments.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJan 2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eAntideficiency Act (ADA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/legal/appropriations-law/resources\"\u003eAntideficiency Act (ADA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prohibits federal agencies from obligating or expending federal funds in advance or in excess of an appropriation, and from accepting voluntary services.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eSep 1982\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Government Accountability Offices (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eBudget Control Act of 2011\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/112/plaws/publ25/PLAW-112publ25.pdf\"\u003eBudget Control Act of 2011\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Amends the Balanced Budget and Emergency Deficit Control Act of 1985 (Gramm-Rudman-Hollings Act) to revise sequestration requirements for enforcement of discretionary spending limits (spending caps).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Activities Inventory Reform (FAIR) Act of 1998\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/105/plaws/publ270/PLAW-105publ270.pdf\"\u003eFederal Activities Inventory Reform (FAIR) Act of 1998\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to submit to the Office of Management and Budget inventories of commercial activities performed by federal employees every year by June 30.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eTelework Enhancement Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/1722/text\"\u003eTelework Enhancement Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the head of each executive agency to: (1) establish a policy under which eligible agency employees may be authorized to telework; (2) determine employee eligibility to participate in telework; and (3) notify all employees of their eligibility to telework.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Personnel Management (OPM)\u003c/li\u003e\u003cli\u003eFederal Emergency Management Agency (FEMA)\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eNational Archives and Records Administration (NARA)\u003c/li\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eDepartment of Homeland Security (DHS)\u003c/li\u003e\u003cli\u003eNational Institute of Standards and Technology (NIST)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePlain Writing Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/PLAW-111publ274/pdf/PLAW-111publ274.pdf\"\u003ePlain Writing Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the effectiveness and accountability of Federal agencies to the public by promoting clear Government communication that the public can understand and use.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eConsolidated Appropriations Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/111/plaws/publ117/PLAW-111publ117.pdf\"\u003eConsolidated Appropriations Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e An act making appropriations for the Departments of Transportation, and Housing and Urban Development, and related agencies for the fiscal year ending September 30, 2010, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Dec 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/3288\"\u003eMultiple agencies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e Many agencies oversee the guidance for this Act\u003c/p\u003e\u003ch3\u003eAmerican Recovery and Reinvestment Act of 2009\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/1/text\"\u003eAmerican Recovery and Reinvestment Act of 2009\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Developed in response to the Great Recession, the primary objective of this federal statute was to save existing jobs and create new ones as soon as possible. Other objectives were to provide temporary relief programs for those most affected by the recession and invest in infrastructure, education, health, and renewable energy.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/1\"\u003eMultiple agencies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e Many agencies oversee the guidance for this Act\u003c/p\u003e\u003ch3\u003eProject BioShield Act of 2004\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/108th-congress/senate-bill/15/text\"\u003eProject BioShield Act of 2004\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Project BioShield was established to help incentivize private industry to develop vitally needed medical countermeasures by providing multi-year funding to support advanced research, clinical development, manufacture and procurement.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003ePublic Health Service Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.ssa.gov/policy/docs/ssb/v7n8/v7n8p15.pdf\"\u003ePublic Health Service Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Consolidates and revises the laws relating to the Public Health Service.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1944\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003eIntelligence Reform and Terrorism Prevention Act of 2004\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/108th-congress/senate-bill/2845/text\"\u003eIntelligence Reform and Terrorism Prevention Act of 2004\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Reforms the intelligence community and the intelligence and intelligence-related activities of the United States Government, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003eElectronic Freedom of Information Act Amendments of 1996\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/104/plaws/publ231/PLAW-104publ231.htm\"\u003eElectronic Freedom of Information Act Amendments of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The Freedom of Information Act (FOIA) established the public's right of access to government information, on the basis of openness and accountability. The 1996 Electronic Freedom of Information Act (e-FOIA) Amendments extended these principles to include electronic access to information.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Oct 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Justice (DoJ)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003eClarifying Lawful Overseas Use of Data (CLOUD) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2022/07/06/2022-14320/office-of-the-attorney-general-clarifying-lawful-overseas-use-of-data-act-attorney-general\"\u003eClarifying Lawful Overseas Use of Data (CLOUD) Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Lifts certain restrictions under U.S. law on companies disclosing electronic data, in response to qualifying, lawful orders in investigations of serious crime, directly to a qualifying foreign government with which the United States has entered into an executive agreement governing access by the foreign government to covered data.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jul 2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Justice (DoJ)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eFederal Regulations\u003c/h2\u003e\u003cp\u003eRegulations are published by executive branch agencies to clarify their interpretation of a law and how a law will be implemented. Regulations also state requirements or prohibitions. This list contains all federal regulations that relate to information security and privacy at CMS.\u003c/p\u003e\u003ch3\u003eB.O.D. 18-01\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/news-events/directives/bod-18-01-enhance-email-and-web-security\"\u003eBinding Operational Directive (B.O.D) 18-01: Enhance Email and Web Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Enhances the security of federal agencies' email and web systems to protect against cyber threats. The directive outlines specific actions that federal agencies must take to improve their email and web security posture, including implementing specific security protocols, enhancing monitoring capabilities, and strengthening authentication mechanisms.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Oct 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eB.O.D. 18-02\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.cisa.gov/news-events/directives/bod-18-02-securing-high-value-assets\"\u003eBinding Operation Directive (B.O.D.) 18-02 - Security High Value Assets (HVAs)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eEnhances the Department of Homeland Security's coordinated approach to securing the federal governments HVAs from cybersecurity threats\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eFISMA 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eB.O.D. 20-01\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/news-events/directives/bod-20-01-develop-and-publish-vulnerability-disclosure-policy\"\u003eBinding Operation Directive (B.O.D) 20-01: Develop and Publish a Vulnerability Disclosure Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires each agency to develop and publish a vulnerability disclosure policy (VDP) and maintain supporting handling procedures.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Sep 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law:\u003c/strong\u003e OMB M-20-32\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.D. 19-01\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/news-events/directives/ed-19-01-mitigate-dns-infrastructure-tampering\"\u003eEmergency Directive (E.D.) 19-01: Mitigate DNS Infrastructure Tampering\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires agencies take near-term actions to mitigate risks from undiscovered tampering, enable agencies to prevent illegitimate DNS activity for their domains, and detect unauthorized certificates.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jan 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law:\u003c/strong\u003e Homeland Security Act of 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eThe Privacy Rule\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html\"\u003eThe Privacy Rule\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eAssures that individuals' health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well being\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eHIPAA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Health and Human Services (DHHS or HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eRegulation that implements HIPAA requirements\u003c/p\u003e\u003ch3\u003eThe Security Rule\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html\"\u003eThe Security Rule\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eEstablishes standards and safeguards for the secure handling of electronic protected health information (ePHI) by healthcare entities, aiming to ensure the confidentiality, integrity, and availability of sensitive health data\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eHIPAA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Health and Human Services (DHHS or HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eRegulation that implements HIPAA requirements\u003c/p\u003e\u003ch3\u003eFAR\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.acquisition.gov/sites/default/files/current/far/pdf/FAR.pdf\"\u003eFederal Acquisition Regulation (FAR)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003ePrimary regulation for use by all executive agencies in their acquisition of supplies and services with appropriated funds\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApril 1984\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eCompetition in Contracting Act of 1984 - FAR: Title 48 of the Code of Federal Regulations (CFR).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eGeneral Services Administration (GSA), Department of \u0026nbsp;Defense (DOD), \u0026amp; National Aeronautics and Space Administration (NASA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Accounting Standards Advisory Board (FASAB)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://fasab.gov/accounting-standards/\"\u003eFederal Accounting Standards Advisory Board (FASAB)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Primary regulation for use by all executive agencies in their acquisition of supplies and services with appropriated funds\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1990\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eCompetition in Contracting Act of 1984 - FAR: Title 48 of the Code of Federal Regulations (CFR).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Treasury, Office of Management and Budget (OMB), \u0026amp; Government Accountability Office (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eFederal Information Processing Standards (FIPS) Publications\u003c/h2\u003e\u003cp\u003eFederal Information Processing Standards (FIPS) are standards and guidelines for federal computer systems that are developed by \u003ca href=\"https://security.cms.gov/learn/national-institute-standards-and-technology-nist\"\u003eNational Institute of Standards and Technology (NIST)\u003c/a\u003e in accordance with the \u003ca href=\"https://security.cms.gov/learn/federal-information-security-modernization-act-fisma\"\u003eFederal Information Security Management Act (FISMA)\u003c/a\u003e and approved by the Secretary of Commerce.\u003c/p\u003e\u003cp\u003eFIPS Standards can be viewed and downloaded from the NIST Computer Security Resource Center (CSRC) website here: \u003ca href=\"https://csrc.nist.gov/publications/fips\"\u003eFIPS publications\u003c/a\u003e\u003c/p\u003e\u003cp\u003eAnswers to Frequently Asked Questions about FIPS can be found on the NIST website here: \u003ca href=\"https://www.nist.gov/standardsgov/compliance-faqs-federal-information-processing-standards-fips\"\u003eFIPS FAQs\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThis list contains all FIPS publications that relate to information security and privacy at CMS.\u003c/p\u003e\u003ch3\u003eFIPS-202\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/202/final\"\u003eSHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e8/4/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 201-3\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/201-3/final\"\u003ePersonal Identity Verification (PIV) of Federal Employees and Contractors\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e1/24/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 200\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/200/final\"\u003eMinimum Security Requirements for Federal Information and Information Systems\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e3/1/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 199\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/199/final\"\u003eStandards for Security Categorization of Federal Information and Information Systems\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e2/1/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 198-1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/198-1/final\"\u003eThe Keyed-Hash Message Authentication Code (HMAC)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e7/16/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 197\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/197/final\"\u003eAdvanced Encryption Standard (AES)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e5/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 186-5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/186-5/final\"\u003eDigital Signature Standard (DSS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e2/13/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 180-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/180-4/upd1/final\"\u003eSecure Hash Standard (SHS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e8/4/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 140-3\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/140-3/final\"\u003eSecurity Requirements for Cryptographic Modules\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e3/22/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eNIST S.P. Guidelines\u003c/h2\u003e\u003cp\u003eFIPS Publications may reference specific NIST Special Publications (S.P.) guidelines (SP800) and/or practices (SP1800), in which that guideline or practice becomes a governance policy for CMS FISMA systems.\u003c/p\u003e\u003cp\u003eAll NIST Special Publications (SP 500, SP800 and SP1800) can be viewed and downloaded from the NIST Computer Security Resource Center (CSRC) website here: \u003ca href=\"https://csrc.nist.gov/publications/sp\"\u003eNIST S.P. list\u003c/a\u003e\u003c/p\u003e\u003cp\u003eNIST S.P. descriptions can be found on the NIST website here: \u003ca href=\"https://www.nist.gov/nist-research-library/nist-special-publication-subseries-descriptions\"\u003eNIST S.P. descriptions\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThe following list consists of NIST S.P.s that are CMS FISMA governance policy by way of FIPS references.\u003c/p\u003e\u003ch3\u003e500-267A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-267Ar1.pdf\"\u003eNIST IPv6 Profile\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e500-267B\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-267Br1.pdf\"\u003eUSGv6 Profile\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e500-281A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=929798\"\u003eUSGv6 Test Program Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e500-281B\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-281Br1.pdf\"\u003eUSGv6 Test Methods: General Description and Validation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-16\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/16/final\"\u003eInformation Technology Security Training Requirements: a Role- and Performance-Based Model\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-18 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/18/r1/final\"\u003eGuide for Developing Security Plans for Federal Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 200\u003c/p\u003e\u003ch3\u003e800-30\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/30/r1/final\"\u003eGuide for Conducting Risk Assessments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-34\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://www.nist.gov/privacy-framework/nist-sp-800-34\"\u003eContingency Planning Guide for Federal Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-37 Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/37/r2/final\"\u003eRisk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-38 (A-G)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/publications/sp800\"\u003eRecommendation for Block Cipher Modes: *\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 197\u003c/p\u003e\u003ch3\u003e800-39\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/39/final\"\u003eManaging Information Security Risk: Organization, Mission, and Information System View\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-40\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/40/r4/final\"\u003eGuide to Enterprise Patch Management Planning: Preventive Maintenance for Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-41\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/41/r1/final\"\u003eGuidelines on Firewalls and Firewall Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-46\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/46/r2/final\"\u003eGuide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-50\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/50/final\"\u003eBuilding an Information Technology Security Awareness and Training Program\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-51\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/51/r1/final\"\u003eGuide to Using Vulnerability Naming Schemes\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-52\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/52/r2/final\"\u003eGuidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-53 Rev. 5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final\"\u003eSecurity and Privacy Controls for Information Systems and Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-53A Rev. 5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/a/r5/final\"\u003eAssessing Security and Privacy Controls in Information Systems and\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/a/r5/final\"\u003eOrganizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-56A\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/56/a/r3/final\"\u003eRecommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-56B Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/56/b/r2/final\"\u003eRecommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-57 Part 1 Rev. 5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/57/pt1/r5/final\"\u003eRecommendation for Key Management - Part 1: General\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-57 Part 3 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/57/pt3/r1/final\"\u003eRecommendation for Key Management, Part 3: Application-Specific Key Management Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-59\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/59/final\"\u003eGuideline for Identifying an Information System as a National Security System\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-60 Vol. 1 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/60/v1/r1/final\"\u003eGuide for Mapping Types of Information and Information Systems to Security Categories\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 200\u003c/p\u003e\u003ch3\u003e800-61\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/61/r2/final\"\u003eComputer Security Incident Handling Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-63-3\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\"\u003eDigital Identity Guidelines\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-63A\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/a/upd2/final\"\u003eDigital Identity Guidelines: Enrollment and Identity Proofing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-63B\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/b/upd2/final\"\u003eDigital Identity Guidelines: Authentication and Lifecycle Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-63C\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/c/upd2/final\"\u003eDigital Identity Guidelines: Federation and Assertions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-70\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/70/r4/final\"\u003eNational Checklist Program for IT Products: Guidelines for Checklist Users and Developers\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-73-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/73/4/upd1/final\"\u003eInterfaces for Personal Identity Verification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-76-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/76/2/final\"\u003eBiometric Specifications for Personal Identity Verification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-78-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/78/4/final\"\u003eCryptographic Algorithms and Key Sizes for Personal Identity Verification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-79-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/79/2/final\"\u003eGuidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-81\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/81/2/final\"\u003eSecure Domain Name System (DNS) Deployment Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-85A-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/85/a/4/final\"\u003ePIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-87 Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/87/r2/final\"\u003eCodes for Identification of Federal and Federally-Assisted Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-88\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/88/r1/final\"\u003eGuidelines for Media Sanitization\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-89\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/89/final\"\u003eRecommendation for Obtaining Assurances for Digital Signature\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://csrc.nist.gov/pubs/sp/800/89/final\"\u003eApplications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-90A Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/90/a/r1/final\"\u003eRecommendation for Random Number Generation Using Deterministic Random Bit Generators\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-94\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/94/final\"\u003eGuide to Intrusion Detection and Prevention Systems (IDPS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-96\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/96/final\"\u003ePIV Card to Reader Interoperability Guidelines\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-97\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/97/final\"\u003eEstablishing Wireless Robust Security Networks: A Guide to IEEE 802.11i\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-102\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/102/final\"\u003eRecommendation for Digital Signature Timeliness\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-107\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/107/r1/final\"\u003eRecommendation for Applications Using Approved Hash Algorithms\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003cli\u003eFIPS 202\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-111\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/111/final\"\u003eGuide to Storage Encryption Technologies for End User Devices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 197\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-115\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/115/final\"\u003eTechnical Guide to Information Security Testing and Assessment\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-116 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/116/r1/final\"\u003eGuidelines for the Use of PIV Credentials in Facility Access\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-119\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/119/final\"\u003eGuidelines for the Secure Deployment of IPv6\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-122\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/122/final\"\u003eGuide to Protecting the Confidentiality of Personally Identifiable Information (PII)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-124\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/124/r2/final\"\u003eGuidelines for Managing the Security of Mobile Devices in the Enterprise\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-126\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/126/r3/final\"\u003eThe Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-128\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/128/upd1/final\"\u003eGuide for Security-Focused Configuration Management of Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-131A Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/131/a/r2/final\"\u003eTransitioning the Use of Cryptographic Algorithms and Key Lengths\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-133 Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/133/r2/final\"\u003eRecommendation for Cryptographic Key Generation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 197\u003c/p\u003e\u003ch3\u003e800-137\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/137/final\"\u003eInformation Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-140\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/final\"\u003eFIPS 140-3 Derived Test Requirements (DTR): CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/a/final\"\u003eCMVP Documentation Requirements: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140B Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/b/r1/final\"\u003eCryptographic Module Validation Program (CMVP) Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140C Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/c/r2/final\"\u003eCryptographic Module Validation Program (CMVP)-Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140D Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/d/r2/final\"\u003eCryptographic Module Validation Program (CMVP)-Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140E\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/e/final\"\u003eCMVP Approved Authentication Mechanisms: CMVP Validation Authority Requirements for ISO/IEC 19790 Annex E and ISO/IEC 24579 Section 6.17\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140F\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/f/final\"\u003eCMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-144\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/144/final\"\u003eGuidelines on Security and Privacy in Public Cloud Computing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-145\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/145/final\"\u003eThe NIST Definition of Cloud Computing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-152\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/152/final\"\u003eA Profile for U.S. Federal Cryptographic Key Management Systems (CKMS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 197\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-153\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/153/final\"\u003eGuidelines for Securing Wireless Local Area Networks (WLANs)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-156\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/156/final\"\u003eRepresentation of PIV Chain-of-Trust for Import and Export\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-157\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/157/final\"\u003eGuidelines for Derived Personal Identity Verification (PIV) Credentials\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-157\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/157/final\"\u003eGuidelines for Derived Personal Identity Verification (PIV) Credentials\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-163\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/163/r1/final\"\u003eVetting the Security of Mobile Applications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-167\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/167/final\"\u003eGuide to Application Whitelisting\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-171\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final\"\u003eProtecting Controlled Unclassified Information in Nonfederal Systems and Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-175A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/175/a/final\"\u003eGuideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-175B\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/175/b/r1/final\"\u003eGuideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 197\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 202\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-177\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/177/r1/final\"\u003eTrustworthy Email\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-181\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/181/r1/final\"\u003eWorkforce Framework for Cybersecurity (NICE Framework)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-186\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/186/final\"\u003eRecommendations for Discrete-Logarithm Based Cryptography: Elliptic Curve Domain Parameters\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 186\u003c/p\u003e\u003ch3\u003e800-207\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/207/final\"\u003eZero Trust Architecture\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-217\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/217/ipd\"\u003eGuidelines for the Use of Personal Identity Verification (PIV) Credentials with Federation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-219\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/219/r1/final\"\u003eAutomated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eExecutive Orders (E.O.)\u003c/h2\u003e\u003cp\u003eAn Executive Order (E.O.) is a signed, written, and published directive from the President of the United States that manages operations of the federal government. They are numbered consecutively, so executive orders may be referenced by their assigned number, or their topic. This list contains all E.O.s that relate to information security and privacy.\u003c/p\u003e\u003ch3\u003eE.O 9397\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.ssa.gov/foia/html/EO9397.htm\"\u003eNumbering System for Federal Accounts Relating to Individual Persons\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes a centralized numbering system for federal accounts relating to individual persons in the United States.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e November 30, 1943\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Social Security Administration (SSA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 11609\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.archives.gov/federal-register/codification/executive-order/11609.html\"\u003eDelegating certain functions vested in the President to other officers of the Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Grants certain, presidential authorities to the GSA without approval, ratification, or other action of the President.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 22, 1971\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e General Services Administration (GSA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13011\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/CFR-1997-title3-vol1/html/CFR-1997-title3-vol1-eo13011.htm\"\u003eFederal Information Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Aimed to improve the management and utilization of IT resources across federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 16, 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eDHS\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eE.O 13381\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2005/06/30/05-13098/strengthening-processes-relating-to-determining-eligibility-for-access-to-classified-national\"\u003eStrengthening Processes Relating to Determining Eligibility for Access to Classified National Security Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Assists in determining eligibility for access to classified national security information, while taking appropriate account of title III of Public Law 108-458\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jun 2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13402\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2006/05/15/06-4552/strengthening-federal-efforts-to-protect-against-identity-theft\"\u003eStrengthening Federal Efforts To Protect Against Identity Theft\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Strengthens efforts to protect against identity theft\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13439\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2007/07/20/07-3593/establishing-an-interagency-working-group-on-import-safety\"\u003eEstablishing an Interagency Working Group on Import Safety\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensures that the executive branch takes all appropriate steps to promote the safety of imported products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jul 2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e HHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13520\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/executive-order-reducing-improper-payments\"\u003eReducing Improper Payments and Eliminating Waste in Federal Programs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Reduces payment errors and eliminating waste, fraud, and abuse in Federal programs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Nov 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13526\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.archives.gov/isoo/policy-documents/cnsi-eo.html\"\u003eClassified National Security Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prescribes a uniform system for classifying, safeguarding, and declassifying national security information, including information relating to defense against transnational terrorism\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Dec 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Information Security Oversight Office\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13556\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.commerce.gov/sites/default/files/2022-02/Controlled-Unclassified-Information-Policy.pdf\"\u003eControlled Unclassified Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes an open and uniform program for managing unclassified information requiring safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Aug 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e National Archives \u0026amp; Records Administration (NARA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13571\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/04/27/executive-order-13571-streamlining-service-delivery-and-improving-custom\"\u003eStreamlining Service Delivery and Improving Customer Service\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the quality of service to the public by the Federal Government\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Apr 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13576\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/06/13/executive-order-13576-delivering-efficient-effective-and-accountable-gov\"\u003eDelivering an Efficient, Effective, and Accountable Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Aims to cut waste, streamline Government operations, and reinforce the performance and management reform gains the Obama Administration has achieved\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jun 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13583\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/08/18/executive-order-13583-establishing-coordinated-government-wide-initiativ\"\u003eEstablishing a Coordinated Government-wide Initiative to Promote Diversity and Inclusion in the Federal Workforce\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Promotes the Federal workplace as a model of equal opportunity, diversity, and inclusion\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Aug 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOPM\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003ePresidents Management Council (PMC)\u003c/li\u003e\u003cli\u003eEqual Employment Opportunity Commission (EEOC)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13589\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/11/09/executive-order-13589-promoting-efficient-spending\"\u003ePromoting Efficient Spending\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Further promote efficient spending in the Federal Government\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Nov 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13636\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity\"\u003eImproving Critical Infrastructure Cybersecurity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Designed to increase the level of core capabilities for our critical infrastructure to manage cyber risk. It does this by focusing on three key areas: (1) information sharing, (2) privacy, and (3) the adoption of cybersecurity practices.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 12, 2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eDHS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13642\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/01/31/executive-order-13564-presidents-council-jobs-and-competitiveness\"\u003eThe President's Council on Jobs and Competitiveness\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Aims to strengthen the Nation's economy and ensure the competitiveness of the United States and to create jobs, opportunity, and prosperity for the American people by ensuring the availability of non partisan advice to the President from participants in and experts on the economy\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jan 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Department of Treasury\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13681\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2014/10/17/executive-order-improving-security-consumer-financial-transactions\"\u003eImproving the Security of Consumer Financial Transactions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the security of consumer financial transactions in both the private and public sectors\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e October 17, 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Treasury\u003c/li\u003e\u003cli\u003eDepartment of Justice\u003c/li\u003e\u003cli\u003eDepartment of Commerce\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eSocial Security Administration (SSA)\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC)\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003eDHS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13719\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2016/02/09/executive-order-establishment-federal-privacy-council\"\u003eEstablishment of the Federal Privacy Council\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The Federal Privacy Council is the principal interagency forum to improve the privacy practices of agencies and entities acting on their behalf.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 9, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Federal Privacy Council (FPC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13800\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/topics/cybersecurity-best-practices/executive-order-strengthening-cybersecurity-federal-networks-and-critical-infrastructure\"\u003eStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Modernizes federal information technology infrastructure, working with state and local government and private sector partners to more fully secure critical infrastructure, and collaborating with foreign allies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 11, 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13833\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2018/05/18/2018-10855/enhancing-the-effectiveness-of-agency-chief-information-officers\"\u003eEnhancing the Effectiveness of Agency Chief Information Officers\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Strengthens the role and responsibilities of Chief Information Officers (CIOs) within federal agencies to improve the efficiency and effectiveness of IT management\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 15, 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13834\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2018/05/22/2018-11101/efficient-federal-operations\"\u003eEfficient Federal Operations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the efficiency, effectiveness, and accountability of federal agencies in managing their operations and resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 17, 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13859\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2019/02/14/2019-02544/maintaining-american-leadership-in-artificial-intelligence\"\u003eMaintaining American Leadership in Artificial Intelligence\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Identifies five key lines of effort, including increasing AI research investment, unleashing Federal AI computing and data resources, setting AI technical standards, building Americas AI workforce, and engaging with international allies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Feb 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e National AI Initiative Office\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eTo oversee and implement the U.S. national AI strategy, the White House established the National Artificial Intelligence Initiative Office in early January 2021, in accordance with the National AI Initiative Act of 2020 (still a bill as of Feb 2024)\u003c/p\u003e\u003ch3\u003eE.O 13873\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2019/05/17/2019-10538/securing-the-information-and-communications-technology-and-services-supply-chain\"\u003eSecuring the Information and Communications Technology and Services Supply Chain\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Strengthens efforts to prevent foreign adversaries from exploiting vulnerabilities in the ICT supply chain and protect the vast amount of sensitive information being stored in and communicated through ICT products and services\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Commerce\u003c/li\u003e\u003cli\u003eCISA\u003c/li\u003e\u003cli\u003eICT SCRM Task Force\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13960\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2020/12/08/2020-27065/promoting-the-use-of-trustworthy-artificial-intelligence-in-the-federal-government\"\u003ePromoting the Use of Trustworthy Artificial Intelligence in the Federal Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes principles for the use of AI in the Federal Government, establishes a common policy for implementing the principles, directs agencies to catalogue their AI use cases\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e December 3, 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 14028\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity\"\u003eImproving the Nation's Cybersecurity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Charges multiple agencies, including NIST, with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e NIST\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 14034\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2021/06/11/2021-12506/protecting-americans-sensitive-data-from-foreign-adversaries\"\u003eProtecting Americans' Sensitive Data From Foreign Adversaries\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires government agencies to issue regulations that prohibit, or otherwise restrict, certain categories of data transactions that pose an unacceptable risk to national security.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e June 2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003eDepartment of Justice\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 14110\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://crsreports.congress.gov/product/pdf/R/R47843\"\u003eSafe, Secure, and Trustworthy Development and Use of Artificial Intelligence\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes a government-wide effort to guide responsible artificial intelligence (AI) development and deployment through federal agency leadership, regulation of industry, and engagement with\u003cbr\u003einternational partners\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e October 30, 2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eOffice of Science and Technology Policy (OSTP)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eGovernment Accountability Office (GAO) and GAO Accounting and Information Management Division (AIMD)\u003c/h2\u003e\u003cp\u003eThe U.S. Government Accountability Office (GAO) provides Congress, the heads of executive agencies, and the public with timely, fact-based, non-partisan information that can be used to improve government and save taxpayers billions of dollars. The GAO reports provide findings from their audits.\u003c/p\u003e\u003ch3\u003eAIMD-10.1.13\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/aimd-10.1.13.pdf\"\u003eAssessing Risks and Returns: A Guide for Evaluating Federal Agencies IT Investment Decision-making\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 3, 1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePaperwork Reduction Act (PRA)\u003c/li\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eGovernment Performance and Results Act (GPRA)\u003c/li\u003e\u003cli\u003eChief Financial Officers Act\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 04-394G\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-04-394g.pdf\"\u003eInformation Technology Investment Management: A Framework for Assessing and Improving Process Maturity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e March 1, 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 05-471\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-05-471.pdf\"\u003eINTERNET PROTOCOL VERSION 6 - Federal Agencies Need to Plan for Transition and Manage\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://www.gao.gov/assets/gao-05-471.pdf\"\u003eSecurity Risks\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 20, 2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 13-87\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-04-394g.pdf\"\u003eInformation Technology Investment Management: A Framework for Assessing and Improving Process Maturity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e March 1, 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 14-413\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/d14413.pdf\"\u003eFederal Software Licenses: Better Management Needed to Achieve Significant Savings Government-Wide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 22, 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 16-469\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-16-469.pdf\"\u003eInformation Technology Reform: Agencies Need to Increase Their Use of Incremental Development Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e August 16, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e FITARA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 20-195G\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-20-195g.pdf\"\u003eCost Estimating and Assessment Guide: Best Practices for Developing and Managing Program Costs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e March 12, 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eFederal Continuity Directives\u003c/h2\u003e\u003cp\u003eFederal Continuity Directives (FCDs) and Presidential Policy Directives (PPDs) and are both types of directives issued by the President of the United States to guide and coordinate specific policies, programs, and activities across the federal government.\u003c/p\u003e\u003cp\u003ePPDs are presidential statements that set forth national policies and decisions, while FCDs are agency-level directives aimed at ensuring the continuity and resilience of government operations during emergencies and crises.\u003c/p\u003e\u003ch3\u003eFCD-1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gpo.gov/docs/default-source/accessibility-privacy-coop-files/January2017FCD1-2.pdf\"\u003eFederal Executive Branch National Continuity Program and Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e January 17, 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFCD-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.fema.gov/sites/default/files/2020-07/Federal_Continuity_Directive-2_June132017.pdf\"\u003eFederal Executive Branch Mission Essential Functions and Candidate Primary Mission Essential Functions\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://www.fema.gov/sites/default/files/2020-07/Federal_Continuity_Directive-2_June132017.pdf\"\u003eIdentification and Submission Process\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e June 13, 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://irp.fas.org/offdocs/ppd/ppd-1.pdf\"\u003eOrganization of the National Security Council System\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 13, 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e National Security Council (NSC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://irp.fas.org/offdocs/ppd/ppd-2.pdf\"\u003eImplementation of the National Strategy for Countering Biological Threats\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e November 23, 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e National Security Staff Executive Secretary\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-40\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.fema.gov/emergency-managers/national-preparedness/continuity/toolkit/chapter-1\"\u003eNational Continuity Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 15, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e Federal Emergency Management Agency (FEMA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-41\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2016/07/26/presidential-policy-directive-united-states-cyber-incident\"\u003eUnited States Cyber Incident Coordination\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 26, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eOMB Circulars\u003c/h2\u003e\u003cp\u003eOMB Circulars are a series of guidance documents issued by the Office of Management and Budget (OMB) of the United States federal government. They provide instructions, requirements, and policies for federal agencies in specific areas of financial management, budgeting, procurement, grants management, and administrative operations.\u003c/p\u003e\u003ch3\u003eA-11\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/06/a11.pdf\"\u003ePreparation, Submission, and Execution of the Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/11/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GRPA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-19\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/Circular-019.pdf\"\u003eLegislative Coordination and Clearance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/20/1979\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Budget Control Act of 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-76\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A76/a76_incl_tech_correction.pdf\"\u003ePerformance of Commercial Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/14/2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFederal Procurement Policy Act\u003c/li\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eEO 11609\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-94\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/11/CircularA-94.pdf\"\u003eGuidelines and Discount Rates for Benefit-Cost Analysis of Federal Programs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Budget and Accounting Act of 1921\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-108\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A108/omb_circular_a-108.pdf\"\u003eFederal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/1975\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act (PRA)\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-123\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/omb/circulars_a123_rev\"\u003eManagements Responsibility for Internal Control\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/21/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eSarbanes-Oxley Act\u003c/li\u003e\u003cli\u003eFederal Managers' Financial Integrity Act\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-130\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf\"\u003eManaging Information as a Strategic Resource\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/28/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eE-Government Act\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003ePRA\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eDigital Accountability and Transparency Act\u003c/li\u003e\u003cli\u003eElectronic Signatures in Global and National Commerce Act\u003c/li\u003e\u003cli\u003eGovernment Paperwork Elimination Act\u003c/li\u003e\u003cli\u003eGPRA\u003c/li\u003e\u003cli\u003eOffice of Federal Procurement Policy Act\u003c/li\u003e\u003cli\u003eBudget and Accounting Procedures Act\u003c/li\u003e\u003cli\u003eChief Financial Officers Act\u003c/li\u003e\u003cli\u003eEO 13719\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-136\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2024/05/A-136-for-FY-2024.pdf\"\u003eFinancial Reporting Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/30/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eChief Financial Officers Act of 1990\u003c/li\u003e\u003cli\u003eGovernment Management Reform Act of 1994\u003c/li\u003e\u003cli\u003eAccountability of Tax Dollars Act of 2002\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eOMB Memos\u003c/h2\u003e\u003cp\u003eThe Office of Management and Budget (OMB) memoranda provide Federal agencies with instructions and implementation guidance for specific management priorities or legislative requirements. They provide annual updates, such as for FISMA reporting requirements, or have longer term guidance for agency implementation.\u003c/p\u003e\u003ch3\u003e2024\u003c/h3\u003e\u003ch4\u003eM-24-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/12/M-24-08-Strengthening-Digital-Accessibility-and-the-Management-of-Section-508-of-the-Rehabilitation-Act.pdf\"\u003eStrengthening Digital Accessibility and the Management of Section 508 of the Rehabilitation Act (digital)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/21/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Section 508 of the Rehabilitation Act\u003c/p\u003e\u003ch4\u003eM-24-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/12/M-24-04-FY24-FISMA-Guidance.pdf\"\u003eFiscal Year 2024 Guidance on Federal Information Security and Privacy Management Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/4/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-24-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/10/M-24-02-Buy-America-Implementation-Guidance-Update.pdf\"\u003eImplementation Guidance on Application of Buy America Preference in Federal Financial Assistance Programs for Infrastructure\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/25/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Buy America Act\u003c/p\u003e\u003ch3\u003e2023\u003c/h3\u003e\u003ch4\u003eM-23-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/09/M-23-22-Delivering-a-Digital-First-Public-Experience.pdf\"\u003eDelivering a Digital-First Public Experience (digital)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/22/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e 21st Century Integrated Digital Experience Act\u003c/p\u003e\u003ch4\u003eM-23-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/08/M-23-20.pdf\"\u003eMulti-Agency Research and Development Priorities for the FY 2025 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/17/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-23-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-18-Administration-Cybersecurity-Priorities-for-the-FY-2025-Budget-s.pdf\"\u003eAdministration Cybersecurity Priorities for the FY 2025 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/27/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e National Cybersecurity Strategy (NCS)\u003c/p\u003e\u003ch4\u003eM-23-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-16-Update-to-M-22-18-Enhancing-Software-Security.pdf\"\u003eUpdate to Memorandum M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements: \u003c/strong\u003eE.O. 14028\u003c/p\u003e\u003ch4\u003eM-23-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/02/M-23-13-No-TikTok-on-Government-Devices-Implementation-Guidance_final.pdf\"\u003e“No TikTok on Government Devices” Implementation Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/27/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e No Tiktok on Government Devices\u003c/p\u003e\u003ch4\u003eM-23-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/02/M-23-10-DOTGOV-Act-Guidance.pdf\"\u003eThe Registration and Use of .gov Domains in the Federal Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/8/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e DOTGOV Online Trust in Government Act of 2020\u003c/p\u003e\u003ch4\u003eM-23-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/12/M_23_07-M-Memo-Electronic-Records_final.pdf\"\u003eUpdate to Transition to Electronic Records\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/23/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-23-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/11/M-23-02-M-Memo-on-Migrating-to-Post-Quantum-Cryptography.pdf\"\u003eMigrating to Post-Quantum Cryptography\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/18/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2022\u003c/h3\u003e\u003ch4\u003eM-22-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/09/M-22-18.pdf\"\u003eEnhancing the Security of the Software Supply Chain through Secure Software Development Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/14/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-22-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/07/M-22-16.pdf\"\u003eAdministration Cybersecurity Priorities for the FY 2024 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/22/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch4\u003eM-22-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/07/M-22-15.pdf\"\u003eMulti-Agency Research and Development Priorities for the FY 2024 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/22/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-22-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf\"\u003eMoving the U.S. Government Toward Zero Trust Cybersecurity Principles\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/26/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-22-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/12/M-22-04-IG-Cooperation.pdf\"\u003ePromoting Accountability through Cooperation among Agencies and Inspectors General\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/3/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e IG Act\u003c/p\u003e\u003ch4\u003eM-22-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/10/M-22-01.pdf\"\u003eImproving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Systems through Endpoint Detection and Response\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/8/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch3\u003e2021\u003c/h3\u003e\u003ch4\u003eM-21-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/07/M-21-32-Multi-Agency-Research-and-Development-Prioirties-for-FY-2023-Budget-.pdf\"\u003eMulti-Agency Research and Development Priorities for the FY 2023 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/27/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-21-31\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf\"\u003eImproving the Federal Governments Investigative and Remediation Capabilities Related to Cybersecurity Incident\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/27/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch4\u003eM-21-30\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-30.pdf\"\u003eProtecting Critical Software Through Enhanced Security Measures\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/10/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch4\u003eM-21-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-07.pdf\"\u003eCompleting the Transition to Internet Protocol Version 6 (IPv6)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/19/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FAR\u003c/p\u003e\u003ch4\u003eM-21-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-06.pdf\"\u003eGuidance for Regulation of Artificial Intelligence Applications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/17/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 13859\u003c/p\u003e\u003ch4\u003eM-21-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-05.pdf\"\u003eExtension of Data Center Optimization Initiative (DCOI)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/13/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch4\u003eM-21-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-04.pdf\"\u003eModernizing Access to and Consent for Disclosure of Records Subject to the Privacy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/12/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e The Privacy Act of 1974\u003c/p\u003e\u003ch3\u003e2020\u003c/h3\u003e\u003ch4\u003eM-20-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/09/M-20-32.pdf\"\u003eImproving Vulnerability Identification, Management, and Remediation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/2/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA\u003c/p\u003e\u003ch4\u003eM-20-29\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/08/M-20-29.pdf\"\u003eR \u0026amp; D Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/14/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-20-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/03/M-20-19.pdf\"\u003eHarnessing Technology to Support Mission Continuity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/22/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-20-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/11/M-20-04.pdf\"\u003eFiscal Year 2019-2020 Guidance on Federal Information Security and Privacy Management Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/19/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2019\u003c/h3\u003e\u003ch4\u003eM-19-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/09/M-19-26.pdf\"\u003eUpdate to the Trusted Internet Connections (TIC) Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/12/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-19-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/08/M-19-21-new-2.pdf\"\u003eTransition of Electronic Records\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/28/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e NARA\u003c/p\u003e\u003ch4\u003eM-19-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/06/M-19-19-Data-Centers.pdf\"\u003eUpdate to Data Center Optimization Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/25/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch4\u003eM-19-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/06/M-19-18.pdf\"\u003eFederal Data Strategy A Framework for Consistency\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/4/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-19-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/05/M-19-17.pdf\"\u003eEnabling Mission Delivery through Improved Identity, Credential, and Access Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/21/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-19-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/02/M-19-10.pdf\"\u003eGuidance for Achieving Interoperability with the National Freedom of Information Act (FOIA) Portal on FOIA.gov\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/12/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FOIA\u003c/p\u003e\u003ch4\u003eM-19-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/12/M-19-03.pdf\"\u003eStrengthening the Cybersecurity of Federal Agencies by enhancing the High Value Asset Program\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/10/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e High Value Asset (HVA) program\u003c/p\u003e\u003ch4\u003eM-19-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/10/M-19-02.pdf\"\u003eFiscal Year 2018-2019 Guidance on Federal Information Security and Privacy Management Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/25/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-19-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/10/M-19-01.pdf\"\u003eRequest for Agency Feedback on the Federal Data Strategy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/16/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Federal Data Strategy\u003c/p\u003e\u003ch3\u003e2018\u003c/h3\u003e\u003ch4\u003eM-18-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/09/M-18-26.pdf\"\u003eIncentivizing Workforce Participation and Expanding Recruitment Sources for the 2020 Decennial Census\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/28/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-18-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/07/M-18-22.pdf\"\u003eFY 2020 Administration Research and Development Budget Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/31/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-18-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/06/M-18-20.pdf\"\u003eAppendix C to OMB Circular No. A-123, Requirements for Payment Integrity Improvement\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/26/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch3\u003e2017\u003c/h3\u003e\u003ch4\u003eM-17-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-32.pdf\"\u003eTravel on Government-Owned Rented, Leased or Chartered Aircraft\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/29/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-126\u003c/p\u003e\u003ch4\u003eM-17-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-25.pdf\"\u003eReporting Guidance for Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/19/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-17-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-23.pdf\"\u003eGuidance on Regulatory Reform Accountability under Executive Order 13777, titled “Enforcing the Regulatory Reform Agenda”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/28/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13777\u003c/p\u003e\u003ch4\u003eM-17-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-22.pdf\"\u003eComprehensive Plan for Reforming the Federal Government and Reducing the Federal Civilian Workforce\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/12/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GPRA Modernization Act of 2010\u003c/p\u003e\u003ch4\u003eM-17-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-21-OMB.pdf\"\u003eImplementing Executive Order 13771, Titled “Reducing Regulation and Controlling Regulatory Costs”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/5/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13771\u003c/p\u003e\u003ch4\u003eM-17-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-19-OMB.pdf\"\u003eLegislative Coordination and Clearance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/28/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-19\u003c/p\u003e\u003ch4\u003eM-17-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-15.pdf\"\u003eRescission of Memoranda Relating to Identity Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/19/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-17-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-12_0.pdf\"\u003ePreparing for and Responding to a Breach of Personally Identifiable Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/3/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-17-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-09.pdf\"\u003eManagement of Federal High Value Assets\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/9/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eB.O.D. 18-02\u003c/li\u003e\u003cli\u003eHHS HVA Program\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-17-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-04.pdf\"\u003eAdditional Guidance for Data Act Implementation: Further Requirements For Reporting And Assuring Data Reliability\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/4/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e DATA Act\u003c/p\u003e\u003ch4\u003eM-17-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-03.pdf\"\u003eInstitutionalizing Hiring Excellence To Achieve Mission Outcomes\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/1/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda (PMA) Cross Agency Priority (CAP)\u003c/p\u003e\u003ch4\u003eM-17-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-02.pdf\"\u003ePrecision Medicine Initiative Privacy and Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/21/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eGenetic Information Nondiscrimination Act\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2016\u003c/h3\u003e\u003ch4\u003eM-16-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_24_0.pdf\"\u003eRole and Designation of Senior Agency Officials for Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/15/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13719\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-16-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_23.pdf\"\u003ePrioritizing Federal Investments in Promise Zones\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/2/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-16-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_21.pdf\"\u003eFederal Source Code Policy: Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/8/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger Cohen Act\u003c/p\u003e\u003ch4\u003eM-16-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-17.pdf\"\u003eOMB Circular No. A-123, Managements Responsibility for Enterprise Risk Management and Internal Control\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/15/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-16-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-15.pdf\"\u003eFederal Cybersecurity Workforce Strategy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/12/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-16-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-14.pdf\"\u003eCategory Management Policy 16-2: Providing Comprehensive Identity Protection Services, Identity Monitoring, and Data Breach Response\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-16-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-12_1.pdf\"\u003eCategory Management Policy 16-1: Improving the Acquisition and Management of Common Information Technology: Software Licensing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/2/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GAO 14-413\u003c/p\u003e\u003ch4\u003eM-16-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-11.pdf\"\u003eImproving Administrative Functions Through Shared Services\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/4/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Federal Cloud Computing Strategy - Cloud Smart\u003c/p\u003e\u003ch4\u003eM-16-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-08.pdf\"\u003eEstablishment of the Core Federal Services Council\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/30/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda (PMA) Cross Agency Priority (CAP)\u003c/p\u003e\u003ch4\u003eM-16-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-04.pdf\"\u003eCybersecurity Strategy and Implementation Plan (CSIP) for the Federal Civilian Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/30/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-16-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-02.pdf\"\u003eCategory Management Policy 15-1: Improving the Acquisition and Management of Common Information Technology: Laptops and Desktops\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/16/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch3\u003e2015\u003c/h3\u003e\u003ch4\u003eM-15-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-18.pdf\"\u003eFiscal Year 2017 Budget Guidance for Countering Biological Threats Resource Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/9/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e PPD-2\u003c/p\u003e\u003ch4\u003eM-15-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-16.pdf\"\u003eMulti-Agency Science and Technology Priorities for the FY 2017 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/9/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-15-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-15.pdf\"\u003eImproving Statistical Activities through Interagency Collaboration\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/8/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Economy Act\u003c/p\u003e\u003ch4\u003eM-15-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-14.pdf\"\u003eManagement and Oversight of Federal Information Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/10/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch4\u003eM-15-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-13.pdf\"\u003ePolicy to Require Secure Connections across Federal Websites and Web Services\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/8/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-15-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-11.pdf\"\u003eFiscal Year 2017 Budget Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/1/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDATA Act\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-15-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-09.pdf\"\u003eGuidance on Implementing the Federal Customer Service Awards Program\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/19/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13571\u003c/p\u003e\u003ch4\u003eM-15-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-07.pdf\"\u003eEstablishment of a Diversity and Inclusion in Government Council\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/6/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13583\u003c/p\u003e\u003ch4\u003eM-15-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-02.pdf\"\u003eAppendix C to Circular No. A-123, Requirements for Effective Estimation and Remediation of Improper Payments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/20/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch3\u003e2014\u003c/h3\u003e\u003ch4\u003eM-14-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-17.pdf\"\u003eMetrics for Uniform Guidance (2 C.F.R. 200\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/30/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13520\u003c/p\u003e\u003ch4\u003eM-14-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-16.pdf\"\u003eGuidance on Managing Email\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/15/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Managing Government Records Directive of 2012\u003c/p\u003e\u003ch4\u003eM-14-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-15.pdf\"\u003eEnsuring That Employment and Training Programs Are Job-Driven\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/22/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-14.pdf\"\u003eFiscal Year 2016 Budget Guidance for Countering Biological Threats Resource Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e PPD-2\u003c/p\u003e\u003ch4\u003eM-14-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/M-14-13.pdf\"\u003eFiscal Year 2016 Budget Guidance for Combating Antibiotic Resistant Bacteria Resource Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e PPD-1\u003c/p\u003e\u003ch4\u003eM-14-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-12.pdf\"\u003eManagement Agenda Priorities for the FY 2016 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-11.pdf\"\u003eScience and Technology Priorities for FY 2016 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-06.pdf\"\u003eGuidance for Providing and Using Administrative Data for Statistical Purposes\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/14/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-04.pdf\"\u003eFiscal Year 2013 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/18/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-14-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-03.pdf\"\u003eEnhancing the Security of Federal Information and Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/1/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GPRA Modernization Act 0f 2010\u003c/p\u003e\u003ch3\u003e2013\u003c/h3\u003e\u003ch4\u003eM-13-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-20.pdf\"\u003eProtecting Privacy while Reducing Improper Payments with the Do Not Pay Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/16/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIPERIA 2012\u003c/li\u003e\u003cli\u003eDo Not Pay (DNP) Initiative\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-13-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-17.pdf\"\u003eNext Steps in the Evidence and Innovation Agenda\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/26/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-13-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-16.pdf\"\u003eScience and Technology Priorities for the FY 2015 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/26/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-13-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-13.pdf\"\u003eOpen Data Policy Managing Information as an Asset\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/9/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13642\u003c/p\u003e\u003ch4\u003eM-13-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-10.pdf\"\u003eAntideficiency Act Implications of Certain Online Terms of Service Agreements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/4/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Antideficiency Act\u003c/p\u003e\u003ch4\u003eM-13-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-09.pdf\"\u003eFiscal Year 2013 PortfolioStat Guidance: Strengthening Federal IT Portfolio Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/27/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-13-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-06.pdf\"\u003eIssuance of the Sequestration Order Pursuant To Section 251A of the Balanced Budget and Emergency Deficit Control Act of 1985, as Amended\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/1/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Budget Control Act of 2011\u003c/p\u003e\u003ch4\u003eM-13-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-02_0.pdf\"\u003eImproving Acquisition through Strategic Sourcing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/5/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e2012\u003c/h3\u003e\u003ch4\u003eM-12-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-20.pdf\"\u003eFY 2012 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/27/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-12-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-18.pdf\"\u003eManaging Government Records Directive\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/24/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidential Memorandum - Managing Government Records\u003c/p\u003e\u003ch4\u003eM-12-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-15.pdf\"\u003eScience and Technology Priorities for the FY 2014 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/6/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-12-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-14_1.pdf\"\u003eUse of Evidence and Evaluation in the 2014 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/18/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-12-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-12_0.pdf\"\u003ePromoting Efficient Spending to Support Agency Operations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/11/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13589\u003c/p\u003e\u003ch4\u003eM-12-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-11_1.pdf\"\u003eReducing Improper Payments through the “Do Not Pay List”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/12/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13520\u003c/p\u003e\u003ch4\u003eM-12-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-09_0.pdf\"\u003eFederal Activities Inventory Reform (FAIR) Act Submission for Fiscal Year 2012\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/26/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-12-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-01.pdf\"\u003eCreation of the Council on Financial Assistance Reform\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/27/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13576\u003c/p\u003e\u003ch3\u003e2011\u003c/h3\u003e\u003ch4\u003eM-11-33\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-33.pdf\"\u003eFY 2011 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/14/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-11-27\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-27.pdf\"\u003eImplementing the Telework Enhancement Act of 2010: Security Guidelines\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/15/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Telework Enhancement Act of 2010\u003c/p\u003e\u003ch4\u003eM-11-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-26.pdf\"\u003eNew Fast-Track Process for Collecting Service Delivery Feedback Under the Paperwork Reduction Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/15/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003eM-11-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-21.pdf\"\u003eImplementing the Presidential Memorandum “Administrative Flexibility, Lower Costs, and Better Results for State, Local, and Tribal Governments”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/29/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidential Memorandum - Administrative Flexibility\u003c/p\u003e\u003ch4\u003eM-11-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-16.pdf\"\u003e2011 Issuance of Revised Parts I and II to Appendix C of OMB Circular A-123\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/14/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-11-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-15.pdf\"\u003e2011 Final Guidance on Implementing the Plain Writing Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/13/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Plain Writing Act of 2010\u003c/p\u003e\u003ch4\u003eM-11-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-11.pdf\"\u003eContinued Implementation of Homeland Security Presidential Directive (HSPD) 12Policy for a Common Identification Standard for Federal Employees and Contractors\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/3/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-11-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-08.pdf\"\u003eInitial Assessments of Safeguarding and Counterintelligence Postures for Classified National Security Information in Automated Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/3/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13526\u003c/p\u003e\u003ch4\u003eM-11-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-04.pdf\"\u003eIncreasing Efforts to Recapture Improper Payments by Intensifying and Expanding Payment Recapture Audits\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/16/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e IPERIA 2012\u003c/p\u003e\u003ch4\u003eM-11-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-02.pdf\"\u003eSharing Data While Protecting Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/3/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Privacy Act of 1974\u003c/p\u003e\u003ch4\u003eM-11-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-01.pdf\"\u003ePilot Projects for the Partnership Fund for Program Integrity Innovation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/19/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Consolidated Appropriations Act of 2010\u003c/p\u003e\u003ch3\u003e2010\u003c/h3\u003e\u003ch4\u003eM-10-34\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-34.pdf\"\u003eUpdated Guidance on the American Recovery and Reinvestment Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/24/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-30\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-30.pdf\"\u003eScience and Technology Priorities for the FY 2012 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-10-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m-10-26.pdf\"\u003eImmediate Review of Financial Systems IT Projects\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/28/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-10-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-23.pdf\"\u003eGuidance for Agency Use of Third-Party Websites and Applications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/25/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003eM-10-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-22.pdf\"\u003eGuidance for Online Use of Web Measurement and Customization Technologies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/25/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB M-10-06\u003c/p\u003e\u003ch4\u003eM-10-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-21.pdf\"\u003eDeveloping Effective Place-Based Policies for the FY 2012 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/21/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-10-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-16.pdf\"\u003eGrants.gov Return to Normal Operations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/23/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-14.pdf\"\u003eUpdated Guidance on the American Recovery and Reinvestment Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/22/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-13.pdf\"\u003eIssuance of Part III to OMB Circular A-123, Appendix C\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/22/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-10-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-10.pdf\"\u003eFederal Agency Coordination on Health Information Technology (HIT)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/19/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HITECH\u003c/p\u003e\u003ch4\u003eM-10-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-03.pdf\"\u003ePayments to State Grantees for their Administrative Costs for Recovery Act Funding Alternative Allocation Methodologies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/13/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-01.pdf\"\u003eIncreased Emphasis on Program Evaluations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/7/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e2009\u003c/h3\u003e\u003ch4\u003eM-09-33\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-33.pdf\"\u003eTechnical Amendments to OMB Bulletin No. 07-04, Audit Requirements for Federal Financial Statements\u003c/a\u003e\u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-01.pdf\"\u003eIncreased Emphasis on Program Evaluations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/23/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-136\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-09-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-32.pdf\"\u003eUpdate on the Trusted Internet Connections Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/16/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch4\u003eM-09-27\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-27.pdf\"\u003eScience and Technology Priorities for the FY 2011 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/4/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-09-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-18.pdf\"\u003ePayments to State Grantees for Administrative Costs of Recovery Act Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/11/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-17.pdf\"\u003eImproving Grants.gov\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/8/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-15.pdf\"\u003eUpdated Implementing Guidance for the American Recovery and Reinvestment Act of 2009\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/3/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-14.pdf\"\u003eRecovery Act Implementation Improving Grants.gov and Other Critical Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/9/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-14.pdf\"\u003eRecovery Act Implementation Improving Grants.gov and Other Critical Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/9/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-10.pdf\"\u003eInitial Implementing Guidance for the American Recovery and Reinvestment Act of 2009\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/18/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch3\u003e2008\u003c/h3\u003e\u003ch4\u003eM-08-27\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-27.pdf\"\u003eGuidance for Trusted Internet Connection (TIC) Compliance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/30/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch4\u003eM-08-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-25.pdf\"\u003eGuidance for Completing FY 2008 Financial and Performance Reports\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/252008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-08-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-24.pdf\"\u003eTechnical Amendments to OMB Bulletin No. 07-04, Audit Requirements for Federal Financial Statements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB Bulletin No. 07-04\u003c/p\u003e\u003ch4\u003eM-08-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-16.pdf\"\u003eGuidance for Trusted Internet Connection Statement of Capability Form (SOC)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/4/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch4\u003eM-08-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-15.pdf\"\u003eTools Available for Implementing Electronic Records Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/31/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-08-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-14.pdf\"\u003e2008 Inventories of Commercial and Inherently Governmental Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/26/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-08-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-13.pdf\"\u003eUpdate to Civilian Position Full Fringe Benefit Cost Factor, Federal Pay Raise Assumptions, and Inflation Factors used in OMB Circular No. A-76, “Performance of Commercial Activities”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/11/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements: \u003c/strong\u003eOMB A-76\u003c/p\u003e\u003ch4\u003eM-08-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-11.pdf\"\u003eCompetitive Sourcing Requirements in Division D of Public Law 110-161\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/20/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Consolidated Appropriations Act of 2010\u003c/p\u003e\u003ch4\u003eM-08-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-09.pdf\"\u003eNew FISMA Privacy Reporting Requirements for FY 2008\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/18/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-08-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-05.pdf\"\u003eImplementation of Trusted Internet Connections (TIC)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/20/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch3\u003e2007\u003c/h3\u003e\u003ch4\u003eM-07-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-25.pdf\"\u003eBioShield Procurement Approval Anthrax Vaccine Adsorbed\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/20/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eProject BioShield Act of 2004\u003c/li\u003e\u003cli\u003ePublic Health Service Act\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-07-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-24.pdf\"\u003eUpdated Principles for Risk Analysis\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/19/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB Memorandum - Principles for Risk Analysis\u003c/p\u003e\u003ch4\u003eM-07-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-23.pdf\"\u003eRequiring Agency Use of the International Trade Data System\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/10/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13439\u003c/p\u003e\u003ch4\u003eM-07-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-21.pdf\"\u003eVerifying the Employment Eligibility of Federal Employees\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/10/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-07-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-20.pdf\"\u003eFY 2007 E-Government Act Reporting Instructions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/14/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-07-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-18.pdf\"\u003eEnsuring New Acquisitions Include Common Security Configurations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/1/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-07-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-16.pdf\"\u003eSafeguarding Against and Responding to the Breach of Personally Identifiable Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/22/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/business_migrations.pdf\"\u003eCompetition Framework for Human Resources Management Line of Business Migrations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/18/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-07-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-14.pdf\"\u003e2007 Inventories of Commercial and Inherently Governmental Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/3/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-07-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-02.pdf\"\u003eUpdate to Civilian Position Full Fringe Benefit Cost Factor, Federal Pay Raise Assumptions, Inflation Factors, and Tax Rates used in OMB Circular No. A-76, “Performance of Commercial Activities”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/31/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-76\u003c/p\u003e\u003ch3\u003e2006\u003c/h3\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/task_force_theft_memo.pdf\"\u003eRecommendations for Identity Theft Related Data Breach Notification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/20/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13402\u003c/p\u003e\u003ch4\u003eM-06-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-25.pdf\"\u003eFY 2006 E-Government Act Reporting Instructions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-06-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-21.pdf\"\u003eReciprocal Recognition of Existing Personnel Security Clearances\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/17/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 12958\u003c/p\u003e\u003ch4\u003eM-06-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-19.pdf\"\u003eReporting Incidents Involving Personally Identifiable Information Incorporating the Cost for Security in Agency Information Technology Investments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/12/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-06-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-18.pdf\"\u003eAcquisition of Products and Services for Implementation of HSPD-12\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/30/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-06-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m-06-15.pdf\"\u003eSafeguarding Personally Identifiable Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/22/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Privacy Act of 1974\u003c/p\u003e\u003ch4\u003eM-06-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-12.pdf\"\u003eFollow-up Memorandum on “Implementation of the Presidents Executive Order “Improving Agency Disclosure of Information”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/13/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FOIA\u003c/p\u003e\u003ch4\u003eM-06-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-06.pdf\"\u003eSample Privacy Documents for Agency Implementation of Homeland Security Presidential Directive (HSPD) 12\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/17/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-06-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-04.pdf\"\u003eImplementation of the Presidents Executive Order “Improving Agency Disclosure of Information”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/30/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FOIA\u003c/p\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/reciprocal121205.pdf\"\u003eReciprocal Recognition of Existing Personnel Security Clearances\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/12/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Intelligence Reform and Terrorism Prevention Act of 2004\u003c/p\u003e\u003ch4\u003eM-06-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-02.pdf\"\u003eImproving Public Access to and Dissemination of Government Information and Using the Federal Enterprise Architecture Data Reference Model\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/16/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2005\u003c/h3\u003e\u003ch4\u003eM-05-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-25.pdf\"\u003eSmartBUY Agreement with Oracle\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-05-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-24.pdf\"\u003eImplementation of Homeland Security Presidential Directive (HSPD) 12 Policy for a Common Identification Standard for Federal Employees and Contractors\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-05-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-23.pdf\"\u003eImproving Information Technology (IT) Project Planning and Execution\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/4/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-05-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-22.pdf\"\u003eTransition Planning for Internet Protocol Version 6 (IPv6)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/2/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GAO 05-471\u003c/p\u003e\u003ch4\u003eM-05-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-17.pdf\"\u003eAllocation of Responsibilities For Security Clearances Under the Executive Order, Strengthening Processes Relating to Determining Eligibility for Access to Classified National Security Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/30/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13381\u003c/p\u003e\u003ch4\u003eM-05-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-16.pdf\"\u003eRegulation on Maintaining Telecommunication Services During a Crisis or Emergency in Federally-owned Buildings\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/30/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Section 414 of the Transportation, Treasury, Independent Agencies, and General Government Appropriations Act\u003c/p\u003e\u003ch4\u003eM-05-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-08.pdf\"\u003eDesignation of Senior Agency Officials for Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/11/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Privacy Act of 1974\u003c/p\u003e\u003ch4\u003eM-05-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-05.pdf\"\u003eElectronic Signatures: How to Mitigate the Risk of Commercial Managed Services\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/20/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-05-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-04.pdf\"\u003ePolicies for Federal Agency Public Websites\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/17/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch3\u003e2004\u003c/h3\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-25_template.xls\"\u003eSection E — FY04 FISMA Reporting Template\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-04-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/omb/memoranda_fy04_m04-24/\"\u003eExpanded Electronic Government (E-Gov) Presidents Management Agenda (PMA) Scorecard Cost, Schedule and Performance Standard for Success\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/23/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda - Expanded Electronic Government (E-Gov) Initiative\u003c/p\u003e\u003ch4\u003eM-04-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-19.pdf\"\u003eInformation Technology (IT) Project Manager (PM) Qualification Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/21/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-04-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m-04-18.pdf\"\u003eMedicare Modernization Act and Federal Programs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/19/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Medicare Prescription Drug, Improvement, and Modernization Act (MMA)\u003c/p\u003e\u003ch4\u003eM-04-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2004-M-04-16-Software-Acquisition-.pdf\"\u003eSoftware Acquisition\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-04-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m-04-15.pdf\"\u003eDevelopment of Homeland Security Presidential Directive(HSPD) 7 Critical Infrastructure Protection Plans to Protect Federal Critical Infrastructures and Key Resources\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/17/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-04-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-08.pdf\"\u003eMaximizing Use of SmartBuy and Avoiding Duplication of Agency Activities with the Presidents 24 E-Gov Initiatives\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/25/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda - Expanded Electronic Government (E-Gov) Initiative\u003c/p\u003e\u003ch4\u003eM-04-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-04.pdf\"\u003eE-Authentication Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/16/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003ePaperwork Elimination Act of 1998\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2003\u003c/h3\u003e\u003ch4\u003eM-03-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/203-M-03-22-OMB-Guidance-for-Implementing-the-Privacy-Provisions-of-the-E-Government-Act-of-2002-1.pdf\"\u003eOMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/16/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-03-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2003/m03-18.pdf\"\u003eImplementation Guidance for the E-Government Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/1/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-03-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2003-M-03-04-Determination-Orders-Organizing-the-Department-of-Homeland-Security-1.pdf\"\u003eDetermination Orders Organizing the Department of Homeland Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/7/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Public Law 107-296 - Establishing the Department of Homeland Security\u003c/p\u003e\u003ch3\u003e2002\u003c/h3\u003e\u003ch4\u003eM-02-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2002/m02-14.pdf\"\u003eAdditional Information Requirements for Overseas Combating Terrorism and Homeland Security for the FY 2004 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/8/2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-02-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2002/m02-11.pdf\"\u003eDepartment of Homeland Security Transition Issues\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/16/2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Public Law 107-296 - Establishing the Department of Homeland Security\u003c/p\u003e\u003ch4\u003eM-02-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2002-M-02-01-Guidance-for-Preparing-and-Submitting-Security-Plans-of-Action-and-Milestones-1.pdf\"\u003eGuidance for Preparing and Submitting Security Plans of Action and Milestones\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/17/2001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Government Information Security Reform Act\u003c/p\u003e\u003ch3\u003e2001\u003c/h3\u003e\u003ch4\u003eM-01-28\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2001-M-01-28-Citizen-Centered-E-Government-Developing-the-Action-Plan.pdf\"\u003eCitizen-Centered E-Government: Developing the Action Plan\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e President Management Agenda - e-Government\u003c/p\u003e\u003ch4\u003eM-01-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2001-M-01-05-Guidance-on-Inter-Agency-Sharing-of-Personal-Data-Protecting-Personal-Privacy.pdf\"\u003eGuidance on Inter-Agency Sharing of Personal Data Protecting Personal Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/20/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Computer Matching and Privacy Protection Act\u003c/p\u003e\u003ch3\u003e2000\u003c/h3\u003e\u003ch4\u003eM-00-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-15-OMB-Guidance-on-Implementing-the-Electronic-Signatures-in-Global-and-National-Commerce-Act.pdf\"\u003eOMB Guidance on Implementing the Electronic Signatures in Global and National Commerce Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/25/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Sign Act\u003c/p\u003e\u003ch4\u003eM-00-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-13-Privacy-Policies-and-Data-Collection-on-Federal-Web-Sites.pdf\"\u003ePrivacy Policies and Data Collection on Federal Web Sites\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/22/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eChildrens Online Privacy Protection Act\u003c/li\u003e\u003cli\u003ePrivacy Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-00-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-10-OMB-Procedures-and-Guidance-on-Implementing-the-Government-Paperwork-Elimination-Act.pdf\"\u003eOMB Procedures and Guidance on Implementing the Government Paperwork Elimination Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/25/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003eM-00-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-03-Reporting-Y2K-Compliance-of-Non-mission-Critical-Systems.pdf\"\u003eReporting Y2K Compliance of Non-mission Critical Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/10/1999\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e1999\u003c/h3\u003e\u003ch4\u003eM-99-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1999-M-99-18-Privacy-Policies-on-Federal-Web-Sites.pdf\"\u003ePrivacy Policies on Federal Web Sites\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/2/1999\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-99-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1999-M-99-01-New-Statutory-Language-on-Paperwork-Reduction-FY-1999-ICB.pdf\"\u003eNew Statutory Language on Paperwork Reduction FY 1999 ICB\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/16/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003e1998\u003c/h4\u003e\u003ch4\u003eM-98-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1995-1998-M-98-14-Comprehensive-Plans-and-Associated-Funding-Requirements-for-Achieving-Year-2000-Computer-Compliance.pdf\"\u003eComprehensive Plans and Associated Funding Requirements for Achieving Year 2000 Computer Compliance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/13/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-11\u003c/p\u003e\u003ch4\u003eM-98-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1995-1998-M-98-09-Updated-Guidance-on-Developing-a-Handbook-for-Individuals-Seeking-Access-of-Public-Information.pdf\"\u003eUpdated Guidance on Developing a Handbook for Individuals Seeking Access of Public Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/23/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eElectronic Freedom of Information Act Amendments of 1996\u003c/li\u003e\u003cli\u003eFOIA\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-98-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1998-M-98-04-Annual-Performance-Plans-Required-by-the-Government-Performance-and-Results-Act-GPRA.pdf\"\u003eAnnual Performance Plans Required by the Government Performance and Results Act (GPRA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/29/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GPRA Modernization Act of 2010\u003c/p\u003e\u003ch3\u003e1997\u003c/h3\u003e\u003ch4\u003eM-97-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/1995-1998/m97-15.pdf\"\u003eLocal Telecommunications Services Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/12/1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch4\u003eM-97-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-09-Interagency-Support-for-Information-Technology.pdf\"\u003eInteragency Support for Information Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/10/1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch4\u003eM-97-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-07-Multiagency-Contracts-Under-the-Information-Technology-Management-Reform-Act-of-1996.pdf\"\u003eMultiagency Contracts Under the Information Technology Management Reform Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/26/1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch4\u003eM-97-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-02-Funding-Information-Systems-Investments.pdf\"\u003eFunding Information Systems Investments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/25/1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eGPRA Modernization Act of 2010\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e1996\u003c/h3\u003e\u003ch4\u003eM-96-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1996-M-96-20-Implementation-of-the-Information-Technology-Management-Reform-Act-of-1996.pdf\"\u003eImplementation of the Information Technology Management Reform Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/4/1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch3\u003e1995\u003c/h3\u003e\u003ch4\u003eM-95-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/1995-1998/m95-17.pdf\"\u003eContingency Planning for Agency Operations in Fiscal Year 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/17/1995\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch2\u003eHHS Policies, Standards, Memorandum, and Guides\u003c/h2\u003e\u003ch3\u003eHHS Policies\u003c/h3\u003e\u003cp\u003eThe HHS Cybersecurity Program develops policies, standards, memoranda, guides, and standard operating procedures. They are collectively referred to as policy documents. HHS policy documents help to apply Federal legislation, OMB regulations, NIST standards, and U.S. Computer Emergency Readiness Team (US-CERT) guidelines in the context of the HHS environment, thus standardizing the implementation of information security and privacy practices across the Department.\u003c/p\u003e\u003cp\u003eNOTE: The HHS Polices can be found at \u003cem\u003ehttp://intranet.hhs.gov/working-at-hhs/cybersecurity/ocio-policies\u003c/em\u003e and are only accessible through the HHS intranet/CMS network and cannot be accessed with a public internet connection.\u003c/p\u003e\u003ch4\u003eCybersecurity Awareness and Training\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2024-03-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Identifies the baseline requirements for providing HHS personnel with the requirements for Awareness Training and of their responsibility to help protect the confidentiality, integrity, and availability of HHS information systems and data\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/role-based-training-rbt\"\u003eCyberGeek - Role Based Training (RBT)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-2-awareness-and-training\"\u003eCyberGeek - Risk Management Handbook (RMH) Chapter 2: Awareness \u0026amp; Training (AT)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e5 CFR 930.301\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS Policy for Information Security and Privacy Protection (IS2P)\u003c/li\u003e\u003cli\u003eNIST S.P. 800-16\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-50\u003c/li\u003e\u003cli\u003eNIST SP 800-181 rev 1\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRecords Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-CDO-2024-02-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the principles, responsibilities, and requirements for managing HHS records\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 2/1/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003eCMS Records and Information Management Program\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B\u003c/li\u003e\u003cli\u003e32 CFR Part 2002\u003c/li\u003e\u003cli\u003e18 U.S. Code § 641\u003c/li\u003e\u003cli\u003e18 U.S. Code § 2071\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 2901-2910\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 3101-3107\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 3106\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 3301-3324\u003c/li\u003e\u003cli\u003e44 U.S. Code § 3301\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eFederal Rules of Civil Procedures\u003c/li\u003e\u003cli\u003eNARA Bulletin 2010-05\u003c/li\u003e\u003cli\u003eNARA Bulletin 2013-02\u003c/li\u003e\u003cli\u003eNARA Bulletin 2014-02\u003c/li\u003e\u003cli\u003eNARA Bulletin 2015-02\u003c/li\u003e\u003cli\u003eNARA Bulletin 2023-02\u003c/li\u003e\u003cli\u003eNARA Criteria for Successfully Managing Permanent Electronic Records\u003c/li\u003e\u003cli\u003eNARA Guidance on Records Management Language for Contracts\u003c/li\u003e\u003cli\u003eNARA Universal Electronic Records Management Requirements\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB M-19-21\u003c/li\u003e\u003cli\u003eOMB M-23-07\u003c/li\u003e\u003cli\u003eHHS Policy for Litigation Holds\u003c/li\u003e\u003cli\u003eHHS Policy for Rules of Behavior for Use of Information and IT Resources\u003c/li\u003e\u003cli\u003eHHS Policy for Mobile Devices and Removable Media\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePrivacy Impact Assessments\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2023-09-005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Set forth the minimum HHS Privacy Threshold Analysis (PTA), PIA, and Internal PIA requirements, as well as accompanying approval and publication processes\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/privacy-impact-assessment-pia\"\u003eCyberGeek - Privacy Impact Assessment (PIA)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS Policy for Information Security and Privacy Protection (IS2P)\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53 Rev. 5\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management v1.0\u003c/li\u003e\u003cli\u003eOMB Circular A-108\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eOMB M-17-06\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act (PRA)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eLitigation Holds\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-CDO-2023-08-004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish that HHS takes all reasonable steps to preserve potentially relevant information in the possession, custody, or control of HHS when civil litigation has commenced or when there is reasonable anticipation of litigation\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/10/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Litigation Holds and Essential Records Program\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B §§ 1220.30-1220.34\u003c/li\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B §§ 1230.1-1230.18\u003c/li\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B §§ 1236.2-1236.36\u003c/li\u003e\u003cli\u003e18 USC § 641\u003c/li\u003e\u003cli\u003e18 USC § 2071\u003c/li\u003e\u003cli\u003e44 USC §§ 2071-2120\u003c/li\u003e\u003cli\u003e44 USC §§ 2901-2912\u003c/li\u003e\u003cli\u003e44 USC §§ 3101-3107\u003c/li\u003e\u003cli\u003e44 USC §§ 3301-3314\u003c/li\u003e\u003cli\u003e44 USC §§ 3501-3583\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eDuty to Disclose, Rule 26\u003c/li\u003e\u003cli\u003eProducing Documents, Rule 34\u003c/li\u003e\u003cli\u003eFailure to Make Disclosures or to Cooperate in Discovery, Rule 37\u003c/li\u003e\u003cli\u003eDelivering Government Solutions in 21st Century\u003c/li\u003e\u003cli\u003eNARA 2010-05\u003c/li\u003e\u003cli\u003eNARA 2014-02\u003c/li\u003e\u003cli\u003eNARA 2015-02\u003c/li\u003e\u003cli\u003eNARA Criteria for Successfully Managing Permanent Electronic Records\u003c/li\u003e\u003cli\u003eNARA Guidance on Records Management Language for Contracts\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMA/NARA M-23-07\u003c/li\u003e\u003cli\u003ePublic Law 113-187\u003c/li\u003e\u003cli\u003eUniversal Electronic Records Management Requirements\u003c/li\u003e\u003cli\u003eNARA General Records Schedules\u003c/li\u003e\u003cli\u003eGeneral Record Schedule 6.1\u003c/li\u003e\u003cli\u003eHHS Implementing Email Records Management\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior for Use of Information and IT Resources\u003c/li\u003e\u003cli\u003eHHS Mobile Devices and Removable Media\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eData Loss Prevention\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2022-05-003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish comprehensive DLP requirements for HHS systems and information that are compliant with FISMA 2014, NIST S.P. 800-53, EO 14028\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/16/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eEO 13556\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHSS IS2P\u003c/li\u003e\u003cli\u003eNARA CUI Program\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB M-22-09\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRules of Behavior for Use of Information and IT Resources\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2023-02-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Defines the acceptable use of HHS information and IT resources and establishes the baseline requirements for developing Rules of Behavior that all users, including privileged users, are required to sign prior to accessing HHS information systems and resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 2/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/hhs-policy-rules-behavior-use-information-it-resources\"\u003eCyberGeek - HHS Policy for Rules of Behavior for Use of Information and IT Resources\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eNIST S.P. 800-18\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003ePublic Law § 115-232 889\u003c/li\u003e\u003cli\u003e5 USC § 552a\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eCommon Data Use Agreement (DUA) Structure and Repository\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-CDO-2023-01-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Defines a DUA as a document that establishes the terms and conditions under which the Data Provider will provide, and the Data Recipient will receive and use, the data covered under the Agreement, which is nonpublic, restricted HHS data shared for a limited government purpose\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/23/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/cms-data-use-agreement-dua\"\u003eCyberGeek - CMS Data Use Agreement (DUA)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e44 USC § 3520\u003c/li\u003e\u003cli\u003e44 USC § 3576\u003c/li\u003e\u003cli\u003eOMB M-14-06\u003c/li\u003e\u003cli\u003eOMB M-01-05\u003c/li\u003e\u003cli\u003eHHS Enterprise Data Management\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEncryption of Computing Devices and Information\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2022-12-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish comprehensive encryption requirements for HHS systems and information that are compliant with FISMA 2014, NIST S.P. 800-53, EO 14028, OMB M-22-09\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/9/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-15-13\u003c/li\u003e\u003cli\u003eOMB M-22-09\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSecuring AI Technology\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-12-007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensure secure implementation of AI technology within HHS, secure HHS networks and information, protect privacy, and address risks\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/14/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13859\u003c/li\u003e\u003cli\u003eEO 13960\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST Privacy Framework\u003c/li\u003e\u003cli\u003eNIST S.P. 800-167\u003c/li\u003e\u003cli\u003eNIST S.P. 800-94\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eDHS AI Using Standards to Mitigate Risks\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Security and Privacy Protection (IS2P)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-11-0006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish comprehensive security and privacy requirements for HHS systems and information that are compliant with FISMA 2014 and NIST S.P. 800-53\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/18/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eEO 13556\u003c/li\u003e\u003cli\u003eFERPA\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eBuy American Act\u003c/li\u003e\u003cli\u003eFASCSA 2018\u003c/li\u003e\u003cli\u003ePublic Law 115-232 § 889\u003c/li\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eHSPD-12\u003c/li\u003e\u003cli\u003eNARA\u003c/li\u003e\u003cli\u003eB.O.D 18-02\u003c/li\u003e\u003cli\u003eFIPS 140-2, 199, 200, 201-1\u003c/li\u003e\u003cli\u003eNIST S.P. 800-111\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST S.P. 800-144\u003c/li\u003e\u003cli\u003eNIST S.P. 800-152\u003c/li\u003e\u003cli\u003eNIST S.P. 800-171\u003c/li\u003e\u003cli\u003eNIST S.P. 800-175A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-175B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-46\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-79-2\u003c/li\u003e\u003cli\u003eNIST S.P. 800-88\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB Circular A-108\u003c/li\u003e\u003cli\u003eOMB M-02-01\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eOMB M-10-22\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-16-17\u003c/li\u003e\u003cli\u003eOMB M-14-03\u003c/li\u003e\u003cli\u003eOMB M-16-17\u003c/li\u003e\u003cli\u003eOMB M-14-03\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003e5 CFR § 930.301\u003c/li\u003e\u003cli\u003ePublic Law 113-291 Title VIII Subtitle D\u003c/li\u003e\u003cli\u003eSection 508 of the Rehabilitation Act of 1973\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Portfolio Management (PfM)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2021-09-005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Describes the Captital Planning and Investment Control (CPIC) principles and requirements, and establishes standard methodologies for conducting OAs, evaluating Investment Risks, certifying adequate Incremental Development, and successfully implementing TBM\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 9/23/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e \u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition\"\u003eCyberGeek - Risk Management Handbook Chapter 15: System \u0026amp; Services Acquisition\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGovernment Performance and Results Act of 1993\u003c/li\u003e\u003cli\u003eFederal Acquisition Streamlining Act of 1994\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act of 1995\u003c/li\u003e\u003cli\u003eFederal Financial Management Improvement Act of 1996\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFITARA 2014\u003c/li\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003ePolicies \u0026amp; Priorities, Technology Business Management. CIO. GOV\u003c/li\u003e\u003cli\u003eRecords Management Act of 1950\u003c/li\u003e\u003cli\u003eSection 508 of the Rehabilitation Act\u003c/li\u003e\u003cli\u003eEO 13636\u003c/li\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eGAO-04-394G\u003c/li\u003e\u003cli\u003eAIMD-10.1.13\u003c/li\u003e\u003cli\u003eGAO-13-87\u003c/li\u003e\u003cli\u003eGAO Report 16-469\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-94\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB Federal Cloud Computing Strategy - Cloud Smart\u003c/li\u003e\u003cli\u003eOMB M-97-02\u003c/li\u003e\u003cli\u003eOMB M-05-23\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eFederal Continuity Directive 1\u003c/li\u003e\u003cli\u003eFederal Continuity Directive 2\u003c/li\u003e\u003cli\u003eFIPS 140-2\u003c/li\u003e\u003cli\u003eNIST S.P. 800-30\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-39\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-56A\u003c/li\u003e\u003cli\u003eSection 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)\u003c/li\u003e\u003cli\u003eHHS Section 508 Electronic and IT\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation\u003c/li\u003e\u003cli\u003eHHS OCIO Roles and Responsibilities\u003c/li\u003e\u003cli\u003eHHS OCIO Enterprise Performance Life Cycle Framework Overview Document\u003c/li\u003e\u003cli\u003eHHS IT Strategic Plan\u003c/li\u003e\u003cli\u003eHHS IT Policy for Enterprise Architecture\u003c/li\u003e\u003cli\u003eHHS Office of Acquisition Management and Policy (OAMP) Acquisition Policy Memorandum\u003c/li\u003e\u003cli\u003eHHS IT Acquisition Reviews (ITAR)\u003c/li\u003e\u003cli\u003eHHS IT Enterprise Performance Life Cycle\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Records Management\u003c/li\u003e\u003cli\u003eHHS Enterprise Risk Management Framework\u003c/li\u003e\u003cli\u003eHHS Cloud Computing and FedRamp Guidance\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy Language\u003c/li\u003e\u003cli\u003eHHS Cyber Supply Chain Risk Management\u003c/li\u003e\u003cli\u003eHHS High Value Asset (HVA) Program\u003c/li\u003e\u003cli\u003eOCIO FITARA Approval Guidance\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eTransition to IPv6\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2021-08-004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides guidance to which HHS Operating Divisions (OpDivs) and Staff Divsions (StaffDivs) must follow to meet the requirements and milestones laid out in the OMB Memorandum 21-07, Completing the Transition to IPv6 (M-21-07)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/1/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eFederal Acquisition Regulation (FAR)\u003c/li\u003e\u003cli\u003eNIST S.P. 500-267A\u003c/li\u003e\u003cli\u003eNIST S.P. 500-267B\u003c/li\u003e\u003cli\u003eNIST S.P. 500-281A\u003c/li\u003e\u003cli\u003eNIST S.P. 500-281B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-21-07\u003c/li\u003e\u003cli\u003eOMB M-05-22\u003c/li\u003e\u003cli\u003eHHS IT Acquisition Reviews (ITAR)\u003c/li\u003e\u003cli\u003eHHS IT Asset Management (ITAM)\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy Language\u003c/li\u003e\u003cli\u003eHHS IT System Inventory Management\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eImplementation of DHS Directive on Vulnerability Disclosure\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-05-003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the HHS compliance requirements under the DHS B.O.D 20-01\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/4/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCarnegie Mellon SEI, The CERT Guide to Coordinated Vulnerable Disclosure\u003c/li\u003e\u003cli\u003eB.O.D. 20-01\u003c/li\u003e\u003cli\u003eDOJ A Framework for a Vulnerability Disclosure Program for Online Systems\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eISO/IEC 29147:2018\u003c/li\u003e\u003cli\u003eNIST Framework for Improving Critical Infrastructure Cybersecurity\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-20-32\u003c/li\u003e\u003cli\u003eEO 13800\u003c/li\u003e\u003cli\u003eTitle 44, U.S. Code, Section 3553(b)(2) Authority and Functions of the Director and the Secretary\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eImplementation of Trusted Internet Connections (TIC)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-03-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the requirements to which HHS Operating Divisions (OpDivs) must adhere when implementing TICs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/17/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e6 USC 1523(b)(1)(D)\u003c/li\u003e\u003cli\u003eOMB M-19-26\u003c/li\u003e\u003cli\u003eCommittee on National Security Systems (CNSS), Internet Engineering Task Force (IETF) RFC 4949\u003c/li\u003e\u003cli\u003eDHS CISA TIC Reference Architecture Document\u003c/li\u003e\u003cli\u003eDHS CISA TIC Volume 1-5\u003c/li\u003e\u003cli\u003eDHS CISA TIC Interim Telework Guidance\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA) Enterprise Infrastructure Solutions (EIS) Management and Operations Handbook\u003c/li\u003e\u003cli\u003eGSA, Transition Handbook, Network, WITS 3, and GSA Regional Local Services to EIS Contracts\u003c/li\u003e\u003cli\u003eNational Cybersecurity Protection System (NCPS) Cloud Interface Reference Architecture\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-41\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-145\u003c/li\u003e\u003cli\u003eNIST S.P. 800-152\u003c/li\u003e\u003cli\u003eNIST S.P. 800-207\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Internet and Email Security\u003c/li\u003e\u003cli\u003eHHS POA\u0026amp;M Standard\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Procurements - Security And Privacy Language\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-03-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Mandates the standard security and privacy language for information and information technology (IT) procurements throughout HHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/3/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/security-and-privacy-requirements-it-procurements\"\u003eCyberGeek - Security and Privacy Requirements for IT Procurements\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eBuy American Act\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eFASCSA 2018\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePublic Law 115-232 § 889\u003c/li\u003e\u003cli\u003ePublic Law 115-390\u003c/li\u003e\u003cli\u003eU.S.C of CFR\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eIT System Inventory Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2020-12-011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Direct HHS entities (i.e., Operating Divisions [OpDiv] and Staff Divisions [StaffDiv]) to establish and maintain an enterprise-wide inventory of HHS IT systems by providing guidance and baseline standards for maintaining a comprehensive inventory of all IT systems and related information\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA 2014\u003c/li\u003e\u003cli\u003eFITARA Enhancement Act of 2017\u003c/li\u003e\u003cli\u003eMEGABYTE Act of 2016\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-17-09\u003c/li\u003e\u003cli\u003eOMB M-19-01\u003c/li\u003e\u003cli\u003eOMB M-19-21\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eHHS CPIC\u003c/li\u003e\u003cli\u003eHHS HVA\u003c/li\u003e\u003cli\u003eHHS ITAM\u003c/li\u003e\u003cli\u003eHHS Records Management\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Asset Management (ITAM)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OCPO-2020-08-008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the HHS program for the management of IT and Telecommunication assets in compliance with the Cap Goal 7: Category Management - Leveraging Common Contracts and Best Practices to Drive Saving and Efficiencies, within the Presidents Management Agenda (PMA); to buy common goods and services as an enterprise to eliminate redundancies, increase efficiency, and to deliver more value and savings from the governments acquisition programs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/19/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003eE-Government Act\u003c/li\u003e\u003cli\u003eMEGABYTE Act of 2016\u003c/li\u003e\u003cli\u003eSection 508 of the Rehabilitation Act\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eFederal Accounting Standards Advisory Board (FASAB), Statement of Federal Financial Accounting Standards (SFFAS) No. 10, Accounting for Internal Use Software\u003c/li\u003e\u003cli\u003eFASAB, Federal Finacial Accounting Technical Release 16, Implementation Guidance for Internal Use Software\u003c/li\u003e\u003cli\u003eGAO 14-413\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-16-12\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-19-13\u003c/li\u003e\u003cli\u003eHHS FITARA Implementation-Revised HHS IT Governance Framework\u003c/li\u003e\u003cli\u003eHHS FITAR Implementation Plan\u003c/li\u003e\u003cli\u003eGAO audit recommendations of HHSs Telecommunications inventory management and IT Strategic Planning\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eVulnerability Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-08-009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the baseline requirements for maintaining and effective vulnerability management program to implement and support activities pertaining to vulnerability scanning and remediation and to continually manage risks impacting HHS IT resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/19/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eSection International Organization for Standardization (ISO) 27002\u003c/li\u003e\u003cli\u003eNIST S.P. 800-40\u003c/li\u003e\u003cli\u003eNIST S.P. 800-51\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-126\u003c/li\u003e\u003cli\u003eNIST S.P. 800-128\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eCyber Supply Chain Risk Management (C-SCRM)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-08-010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the baseline requirements for securing the information and communications technology (ICT) products and services supply chain in order to protect HHS information systems and information from the risks involving ICT procurement supply chain\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/18/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eSECURE Technology Act\u003c/li\u003e\u003cli\u003eBuy American Act\u003c/li\u003e\u003cli\u003ePublic Law 115-232 § 889\u003c/li\u003e\u003cli\u003eFASCSA 2018\u003c/li\u003e\u003cli\u003eComprehensive National Cybersecurity Initiative (CNCI)\u003c/li\u003e\u003cli\u003eCISA National Risk Management Center\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eNIST S.P. 800-161\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eHHS ISP2\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSection 508 Compliance and Accessibility of Information and Communications Technology (ICT)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2020-07-007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Implement uniformity and conformity of accessibility compliance across all of HHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCommunications Act of 1934\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003e36 CFR § 1193-1194\u003c/li\u003e\u003cli\u003eOMB M-17-06\u003c/li\u003e\u003cli\u003eOMB M-13-13\u003c/li\u003e\u003cli\u003eOMB M-16-20\u003c/li\u003e\u003cli\u003eOMB Memorandum, Improving the Accessibility of Government Information\u003c/li\u003e\u003cli\u003eOMB Strategic Plan for Improving Management of Section 508 of the Rehabilitation Act\u003c/li\u003e\u003cli\u003eRehabilitation Act of 1973\u003c/li\u003e\u003cli\u003eWorkforce Innovation and Opportunities Act\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Acquisition Reviews (ITAR)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2020-06-006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the HHS ITAR Program, which ensures HHS conducts its due diligence to manage and maintain oversight and governance over the procurement of IT therefore contributing to effective planning, budgeting, and execution of IT resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eNational Defense Authorization Act for Fiscal Year 2015\u003c/li\u003e\u003cli\u003eEO 13833\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-16-12\u003c/li\u003e\u003cli\u003eHHS FITARA Implementation-Revised HHS IT Governance Framework\u003c/li\u003e\u003cli\u003eHHS FITARA HHS Implementation Plan\u003c/li\u003e\u003cli\u003eHHS Memorandum for Record, HHS Chief Information Officer Delegation of Authorities to Operating Divsiion Chief Information Officers\u003c/li\u003e\u003cli\u003eHHS CPIC\u003c/li\u003e\u003cli\u003eHHS EPLC\u003c/li\u003e\u003cli\u003eHHS Procedures, Guidance and Instructions (PGI)\u003c/li\u003e\u003cli\u003eInformation Technology Decision Criteria and Clause Matrix\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy language\u003c/li\u003e\u003cli\u003eHHS Standard for Encryption of computing Devices and Information\u003c/li\u003e\u003cli\u003eHHS Minumun Security Configuration Standards Guidance\u003c/li\u003e\u003cli\u003eHHS Software Development Secure Coding Practices\u003c/li\u003e\u003cli\u003eHHS Directive for Acquisition Strategy\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePreparing for and Responding to a Breach\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-PIM-2020-05-003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Addresses OMB M-17-22, Preparing for and Responding to a Breach of PII, and sets forth the approach of HHS in preparing for and responding to breaches of PII in any medium or form\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\"\u003eCyberGeek - Risk Management Handbook Chapter 8: Incident Response (IR)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-20-04\u003c/li\u003e\u003cli\u003eOMB M-16-14\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePPD-41\u003c/li\u003e\u003cli\u003eNIST S.P. 800-34\u003c/li\u003e\u003cli\u003eNIST S.P. 800-61\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eUS-CERT Federal Incident Notification Guidelines\u003c/li\u003e\u003cli\u003eNational Cybersecurity and Communications Integration Center (NCCIC) Cyber Incident Scoring System\u003c/li\u003e\u003cli\u003eIdentity Protection Services (IPS) Multiple Award Blanket Purchase Agreement (BPA)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSecuring Wireless Local Area Networks\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-01-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Updates the requirements and specification for securing all HHS WLANs in compliance with the NIST S.P. 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs) and the Institute of Electrical and Electronic Engineers (IEEE) 802.11 WLANs standards\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/13/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-153\u003c/li\u003e\u003cli\u003eNIST S.P. 800-97\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Memorandum, Addendum to the HHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEnterprise Data Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-02-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the requirements for the efficient and secure management and protection of enterprise data\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/13/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-13-13\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eDomain Name System (DNS) and DNS Security Extensions (DNSSEC) Services\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2019-11-011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the minumum requirements for implementing the DNS and DNSEC services across the HHS and the OpDiv networks\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eDHS DNS Security Reference Architecture\u003c/li\u003e\u003cli\u003eNIST S.P. 800-81\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eDHS B.O.D. 19-01\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInternet and Email Security\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2019-10-009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the minimum requirements for securing the internet and email services throughout HHS, including OpDivs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-16-system-communications-protection\"\u003eCyberGeek - RMH Chapter 16: System \u0026amp; Communications Protection\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/email-encryption-requirements-cms\"\u003eCyberGeek - Email Encryption Requirements at CMS\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13800\u003c/li\u003e\u003cli\u003eOMB M-15-13\u003c/li\u003e\u003cli\u003eDHS B.O.D 19-01\u003c/li\u003e\u003cli\u003eDHS B.O.D 18-01\u003c/li\u003e\u003cli\u003eNIST S.P. 800-177\u003c/li\u003e\u003cli\u003eNIST S.P. 800-119\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC) Bureau of Consumer Protections, Businesses Can Help Stop Phishing and Protect their Brands Using Email Authentication\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior (ROB)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHigh Value Asset (HVA) Program\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2018-09-006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides HHS OpDivs and StaffDivs with the policy for governance of HHS HVAs along with the requirements for the identification, categorization, prioritization, reporting, assessment, and the remediation of finding of HVAs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-16-04\u003c/li\u003e\u003cli\u003eOMB M-19-02\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-13-13\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eDHS B.O.D. 18-02\u003c/li\u003e\u003cli\u003eCybersecurity Strategy and Implementation Plan for the Federal Civilian Government (CSIP)\u003c/li\u003e\u003cli\u003eCybersecurity National Action Plan (CNAP)\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Continuity of Operation Program\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy Language\u003c/li\u003e\u003cli\u003eSenior Accountable Official for Risk Management (SAORM) Designee for Department of Homeland Security B.O.D. 18-02 Securing HVAs\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMobile Devices and Removable Media\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2019-09-0005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Protects HHS information and information systems from risks related to the use of mobile devices for government businesses and the risks of using mobile devices to access HHS information systems remotely from outside of HHS facilities\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-5-configuration-management-cm\"\u003eCyberGeek - Risk Management Handbook Chapter 5: Configuration Management (CM)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-10-media-protection-mp\"\u003eCyberGeek - Risk Management Handbook Chapter 10: Media Protection (MP)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-access-control-handbook\"\u003eCyberGeek - CMS Access Control Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFederal Records Act of 1950\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-124\u003c/li\u003e\u003cli\u003eEO 13556\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior for Use of HHS Information and IT Resources Policy\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSoftware Development Secure Coding Practices\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2019-08-005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the minimum baseline secure coding practices that must be implemented to ensure secure code is “built in” in the early phases of the software development lifecycle in order to protect and secure all HHS information, IT systems, and networks\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMobile Applications Privacy Policy\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-PIM-2018-09-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Sets forth HHS policy for protecting privacy in HHS Mobile Applications\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eCOPPA 1998\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eOMB M-17-06\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB A-108\u003c/li\u003e\u003cli\u003eDigital Government: Building a 21st Century Platform to Better Serve the American People\u003c/li\u003e\u003cli\u003eNIST 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-163\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-61\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eHHS Policy and Plan for Preparing for and Responding to Breaches of PII\u003c/li\u003e\u003cli\u003eHHS Privacy Impact Assessment Guidance\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Privacy Impact Assessments (PIA)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology (IT) Policy for Enterprise Performance Life Cycle (EPLC)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2008-004.002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e All HHS IT projects shall be managed using the HHS EPLC Framework, including life cycle phases, reviews, deliverables, activities, responsibilities, and tailoring, regardless of the specific development methodology used\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.cms.gov/data-research/cms-information-technology/tlc\"\u003eCMS.gov - Target Life Cycle (TLC)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition\"\u003eCyberGeek - Risk Management Handbook Chapter 15: System \u0026amp; Services Acquisition\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-16-system-communications-protection\"\u003eCyberGeek - RMH Chapter 16: System \u0026amp; Communications Protection\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003eFederal Acquisition Certification-Program and Project Manager Program (FAC-P/PM)\u003c/li\u003e\u003cli\u003eHHS IT Capital Planning and Investment Control\u003c/li\u003e\u003cli\u003eHHS IRM Policy for Conducting IT Alternatives Analysis\u003c/li\u003e\u003cli\u003eHHS IT Performance Management (PfM)\u003c/li\u003e\u003cli\u003eHHS Enterprise Architecture (EA)\u003c/li\u003e\u003cli\u003eHHS IT System Inventory Management\u003c/li\u003e\u003cli\u003eHHS Records Mangement\u003c/li\u003e\u003cli\u003eHHS Implementing Email Records Management\u003c/li\u003e\u003cli\u003eHHS Section 508 and Accessibility of Technology and Communications Technology (ICT)\u003c/li\u003e\u003cli\u003eHHS Security Policies, Standards, Charters and Training Resources\u003c/li\u003e\u003cli\u003eHHS Incident Reporting, Policy and Incident Management Reference\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eGAO Cost Estimating and Assessment Guide\u003c/li\u003e\u003cli\u003eOMB M-05-23\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-127\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEnvironmental Practices of Electronics\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the framework for the implementation of sound environmental practices in the acquisition, operations and maintenance, and end-of-life management of HHS-purchased electronic products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/5/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Property Management\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13423\u003c/li\u003e\u003cli\u003eEO 13514\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eElectronic Stewardship\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2011-0002.001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the framework for the implementation of sound environmental practices in the acquisition, operations and maintenance, and end-of-life management of HHS-purchased electronic products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Property Management\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13423\u003c/li\u003e\u003cli\u003eEO 13514\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for FOIA Investigatory \u0026amp; Audit Matters\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides HHS staff with a policy for legal holds and to inform HHS staff about FOIA, investigatory, and audit matters that require holds on HHS records and other related documentary materials\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/26/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Freedom of Information Group\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFOIA\u003c/li\u003e\u003cli\u003e44 U.S.C Chapter 31\u003c/li\u003e\u003cli\u003e44 U.S.C Chapter 33\u003c/li\u003e\u003cli\u003e5 U.S.C Chapter 552\u003c/li\u003e\u003cli\u003e36 CFR Chapter XII, subchapter B\u003c/li\u003e\u003cli\u003eFederal Rules of Civil Procedure (FRCP)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for Networks Program Designated Agency Representatives\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2010-0005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Identifies and provides supplemental information in the establishment of titles, roles and responsibilities of Designated Agency Representatives (DARs) for the move from the FTS-2001 contract to the Networx contract and its transition program\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/10/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA) guidelines regarding Networx contracts, policies, and procedures\u003c/li\u003e\u003cli\u003eGSA DAR Guidelines for Network Services Contracts of the Office of ITS FAA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for Enterprise Architecture\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2008-0003.001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Outlines the roles and responsibilities for ensuring compliance with legislative and executive level guidance on Enterprise Architecture (EA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/7/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGRPA 1993\u003c/li\u003e\u003cli\u003eFASA V 1994\u003c/li\u003e\u003cli\u003ePRA 1995\u003c/li\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003eGovernment Paperwork Elimination Act of 1998\u003c/li\u003e\u003cli\u003eGISRA 2000\u003c/li\u003e\u003cli\u003eFISMA 2002\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eEO 13011\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-109\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-127\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-00-07\u003c/li\u003e\u003cli\u003eOMB M-97-02\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for eGov Forms\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2006-0003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensures that HHS maintains accurate form content for those HHS forms that are in the E-Gov Forms Catalogue, managed by the Small Business Administration (SBA) and the General Services Administration (GSA) under the Business Gateway (BG) initiative\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/7/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFederal Property and Administrative Services Act of 1949\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eSection 508 Rehabilitation Act\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act of 1980\u003c/li\u003e\u003cli\u003eInformation Quality Act\u003c/li\u003e\u003cli\u003e5 U.S.C. 552a(e)(1)\u003c/li\u003e\u003cli\u003e44 U.S.C. 3508\u003c/li\u003e\u003cli\u003eSmall Business Paperwork Relief Act of 2002\u003c/li\u003e\u003cli\u003e36 CFR Parts 1220-1238\u003c/li\u003e\u003cli\u003e5 CFR part 1320\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for HHSMail Change Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO 2006-0002.001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the policy for change management within the HHS HHSMail project\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eHHS Standards\u003c/h3\u003e\u003ch4\u003eHHS Standard for Plan of Action and Milestones (POAM) Management and Reporting\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2019-0002.001S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides OpDivs with the baseline standards and guidelines for properly documenting and managing POA\u0026amp;Ms and support the OpDivs in their development and management of POA\u0026amp;Ms within their respective organizations\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/3/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-plan-action-and-milestones-poam-handbook\"\u003eCyberGeek - CMS Plan of Action and Milestones (POA\u0026amp;M) Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eEO 13800\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-14-04\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Standard for System Inventory Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2018-0001.002S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides guidance and the baseline standards for maintaining a comprehensive inventory of all systems throughout HHS and enable management to have continuous accounting of all information systems and information assets\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/27/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Memorandum, FY15 Cybersecurity IT Priorities\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMinimum Security Configuration Standards Guidance\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2017-0001.001S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides personnel involved in configuring or connecting servers, workstations, or network devices to the HHS infrastructure with minimum security configuration standards for each respective device\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/5/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCyber Security Research and Development Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eCNSS Instruction No. 4009\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-52\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-60\u003c/li\u003e\u003cli\u003eNIST S.P. 800-70\u003c/li\u003e\u003cli\u003eNIST S.P. 800-115\u003c/li\u003e\u003cli\u003eNIST S.P. 800-128\u003c/li\u003e\u003cli\u003eNIST S.P. 800-152\u003c/li\u003e\u003cli\u003eNIST S.P. 800-175A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-179\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Minimum Security Configuration Standards for Palo Alto Networks\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2017-0001-002S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides OpDivs with specific technical configuration guidance for implementing the Palo Alto Networks Uniform Resource Locator (URL) filtering and Transport Layer Security (TLS) decryption solution\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/31/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-privacy-impact-assessment-pia-handbook\"\u003eCyberGeek - CMS Privacy Impact Assessment (PIA) Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eNIST S.P. 800-66\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eHHS Memoranda\u003c/h3\u003e\u003ch4\u003eHHS Approved Physical Access and Logical Access Authentication Mechanisms\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/15/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-access-control-handbook\"\u003eCyberGeek - CMS Access Control Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHSPD-12\u003c/li\u003e\u003cli\u003eOMB M-19-17\u003c/li\u003e\u003cli\u003eOMB M-22-09\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63-3\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63C\u003c/li\u003e\u003cli\u003eNIST S.P. 800-157\u003c/li\u003e\u003cli\u003eNIST S.P. 800-217\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eReminder of Existing HHS IT User Policies Relevant for Third-Party Generative AI Tools\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/20/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e40 U.S.C § 11319(b)(1)(A)\u003c/li\u003e\u003cli\u003e40 U.S.C § 11319\u003c/li\u003e\u003cli\u003e40 U.S.C § 11315(c)(2)\u003c/li\u003e\u003cli\u003eHHS Securing AI Technology\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior for Use of Information and IT Resources\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMemorandum M-23-13 “No TikTok on Government Devices” Implementation\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/31/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNo TikTok on Government Devices Act\u003c/li\u003e\u003cli\u003eOMB M-23-13\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eIS2P / NIST S.P. 800-53 Revision 5 - Compliance Timeline\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/20/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eHHS IS2P \u0026nbsp;\u003c/li\u003e\u003cli\u003eHHS Control Catalog\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eUpdated Department Standard Warning Banner for HHS Systems\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 9/12/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRescission of Outdated and Superseded Policy\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/9/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Control Catalog\u003c/li\u003e\u003cli\u003eHHS Minimum Security Configuration Standards Guidance\u003c/li\u003e\u003cli\u003eHHS Minimum Security Configuration Standards for Palo Alto Networks\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Social Security Number (SSN) Reduction and Elimination\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/10/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act of 1995\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eOMB M-07-16\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eEO 9397\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eHHS Sensitive PII Definition and Guidance\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eComplete Transition to IPv 6 Memorandum\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 4/29/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-21-07\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRoles \u0026amp; Repsonsibilities of OpDiv SOPs\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/3/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eImplementing Recommendations of the 9/11 Commission Act of 2007\u003c/li\u003e\u003cli\u003eEO 13636\u003c/li\u003e\u003cli\u003eEO 9397\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-20-04\u003c/li\u003e\u003cli\u003eOMB M-16-24\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-10-22\u003c/li\u003e\u003cli\u003eOMB M-07-16\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS IT Acquisition Reviews (ITAR)\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS High Value Asset (HVA) Program\u003c/li\u003e\u003cli\u003eHHS IT Procurements Security and Privacy Language\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003eHHS Mobile Applications Privacy Policy\u003c/li\u003e\u003cli\u003eHHS POA\u0026amp;M Standard\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eHHS Sensitive PII Definition and Guidance\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eUse of Government Furnished Equipment (GFE) During Foreign Travel\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 2/10/21\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Counterintelligence and Insider Threat - Foreign Travel\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140-2\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRescission of Security and Privacy Outdated and Superseded Policies\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/25/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS IT Security and Privacy Incident Reporting and Response\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Minimum Security Configurations Standards Guidance\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSensitive PII Definition and Guidance\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/4/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST S.P. 800-88\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAddendum to the HHS IS2P\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/24/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003ch4\u003eRequirement for Role-Based Training of Personnel with Significant Security Responsibilities\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/28/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/role-based-training-rbt\"\u003eCyberGeek - Role Based Training (RBT)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFCWAA 2015\u003c/li\u003e\u003cli\u003e5 CFR 930.301\u003c/li\u003e\u003cli\u003eNIST S.P. 800-181\u003c/li\u003e\u003cli\u003eNIST S.P. 800-16\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Cloud Computing and Federal Risk and Authorization Management Program Guidance\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/15/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/fedramp\"\u003eCyberGeek - Federal Risk and Authorization Management Program (FedRAMP)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFedRAMP\u003c/li\u003e\u003cli\u003eNIST S.P. 800-144\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eHHS Cloud Computing Strategy\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEnd-of-Life Operating Systems, Software and Applications Policy\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/19/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eFY15 Cybersecurity IT Priorities\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/1/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eEO 13636\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Usage of Unauthorized External Information Systems to Conduct Department Business Memorandum\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/8/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Security Data Warehouse Escalation Memorandum\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/15/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for Monitoring Employee Use of HHS IT Resources (2013)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/26/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIG Act 1978\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eWhistleblower Protection Act\u003c/li\u003e\u003cli\u003eFOIA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eDetermining Non-Sensitive Data on Mobile Computers/Devices\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/11/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-06-16\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eImplementation of OMB M-10-22 and M-10-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/21/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-10-22\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-07-16\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eResolving Security Audit Finding Disputes\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/13/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-08-21\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eUpdated Departmental Standard for the Definition of Sensitive Information\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/18/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003ch4\u003eApplicability of FISMA to HHS Grantees\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/29/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2002\u003c/li\u003e\u003cli\u003eOMB M-07-19\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eHHS Guides, Forms, and Templates\u003c/h3\u003e\u003ch4\u003eInformation Security \u0026amp; Privacy Certification Checklist\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/1/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition\"\u003eCyberGeek - Risk Management Handbook Chapter 15: System \u0026amp; Services Acquisition\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eNIST S.P. 800-60\u003c/li\u003e\u003cli\u003eNIST S.P. 800-88\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy Exception-Risk Based Decision Request\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/10/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e44 U.S. C, Sec. 3502\u003c/li\u003e\u003cli\u003eOMB A-127\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Guidance for Selection of e-Authentication Assurance Levels\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13681\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63-3\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63C\u003c/li\u003e\u003cli\u003eOMB M-04-04\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Guidance for e-Authentication RA Template\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-63\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63-3\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63C\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eCharter Establishing the EPLC Change Control Board\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e \u003ca href=\"https://www.cms.gov/data-research/cms-information-technology/tlc\"\u003eCMS.gov - Target Life Cycle\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eNon-Disclosure Agreement\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e N/A\u003c/p\u003e"])</script><script>self.__next_f.push([1,"276:T3796b,"])</script><script>self.__next_f.push([1,"\u003cp\u003eThere are federal laws, regulations, and policies outside of CMS that shape how security and privacy is managed inside CMS. This page contains a comprehensive list of these external requirements, and shows how they relate to the security and privacy policies and guidance at CMS.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDISCLAIMER:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cem\u003eThe laws, regulations, standards, and guidelines provided herein are considered a work in progress and are subject to continuous updates. While we strive to ensure the accuracy and relevance of the information presented, it is important to note that legislative changes, regulatory updates, or evolving standards may impact the content provided. Users are encouraged to regularly check for the latest revisions and consult official sources to ensure compliance with the most current legal and regulatory requirements. The information offered is intended for general informational purposes only and should not be construed as legal advice. Any reliance on the content provided is at the user's own risk. We reserve the right to modify, amend, or update the information without prior notice.\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eQUESTIONS OR COMMENTS?\u003c/strong\u003e Check out CMS Slack channel:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://cmsgov.slack.com/archives/C06KFL4RSSC\"\u003e# cms_fed_laws_policies\u003c/a\u003e\u003c/p\u003e\u003ch2\u003eFederal Laws\u003c/h2\u003e\u003cp\u003eLaws are passed by both branches of Congress and signed by the President. Laws establish requirements or prohibitions. This list contains all federal laws that relate to information security and privacy at CMS.\u003c/p\u003e\u003ch3\u003eFISMA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.cisa.gov/topics/cyber-threats-and-advisories/federal-information-security-modernization-act\"\u003eFederal Information Security Modernization Act of 2014 (FISMA 2014\u003c/a\u003e)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eFederal legislation that defines a framework of guidelines and security standards to protect government information and operations\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eFISMA 2014 amends the FISMA of 2002\u003c/p\u003e\u003ch3\u003eThe Privacy Act of 1974\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.justice.gov/opcl/overview-privacy-act-1974-2020-edition/introduction\"\u003eThe Privacy Act of 1974\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eEstablishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Sep 1975\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eHIPAA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html\"\u003eHealth Insurance Portability and Accountability Act (HIPAA) of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eFederal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patients consent or knowledge\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eHHS issued the Privacy Rule and the Security Rule to implement the requirement of HIPAA\u003c/p\u003e\u003ch3\u003eE-Government Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.justice.gov/opcl/e-government-act-2002\"\u003eE-Government Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eImproves the management of Federal e-government services and processes involving the collection, maintenance, or dissemination of public or personal information\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eSection 208 requires Privacy Impact Assessments (PIAs)\u003c/p\u003e\u003ch3\u003eFedRAMP\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.fedramp.gov/program-basics/\"\u003eFederal Risk and Authorization Management Program (FedRAMP)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eA government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003e2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eJoint Authorization Board (JAB)\u003c/li\u003e\u003cli\u003eDepartment of Defense (DoD)\u003c/li\u003e\u003cli\u003eDepartment of Homeland Security (DHS)\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eComputer Matching and Privacy Protection Act of 1988\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.congress.gov/bill/100th-congress/senate-bill/496\"\u003eComputer Matching and Privacy Protection Act of 1988\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eRequires agencies engaged in computer matching activities to provide notice to individuals if their information is being disclosed to other federal and state agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eSep 1988\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eGovernment Accountability Office (GAO)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSection 508\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.section508.gov/manage/laws-and-policies/\"\u003eSection 508 of the Rehabilitation Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eA federal law that requires agencies to provide individuals with disabilities equal access to electronic information and data comparable to those who do not have disabilities, unless an undue burden would be imposed on the agency\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003e1988\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eU.S. Access Board\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eAmended in 2000\u003c/p\u003e\u003ch3\u003eHSPD-12\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.dhs.gov/homeland-security-presidential-directive-12\"\u003eHomeland Security Presidential Directive 12 (HSPD-12)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eA Government-wide standard for a secure and reliable form of identification issued by the Federal government to its employees and employees of Federal contractors for access to Federally-controlled facilities and Government information systems\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFASCSA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.congress.gov/bill/115th-congress/senate-bill/3085/text\"\u003eFederal Acquisition Supply Chain Security Act (FASCSA) of 2018\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eTo establish a Federal Acquisition Security Council and to provide executive agencies with authorities relating to mitigating supply chain risks in the procurement of information technology, and for other purposes\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eGovernment Accountability Office (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFITARA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.cio.gov/handbook/it-laws/fitara-2014/\"\u003eFederal Information Technology Acquisition Reform Act (FITARA) of 2014\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eStrengthens the role of agency Chief Information Officers (CIOs) and provided greater accountability for the delivery of IT capabilities across the Federal Government\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eOMB M-15-14 implements\u003c/p\u003e\u003ch3\u003eMMA of 2003\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.ssa.gov/privacy/pia/Medicare%20Modernization%20Act%20(MMA)%20FY07.htm\"\u003eMedicare Prescription Drug, Improvement, and Modernization Act (MMA) of 2003\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eAmended section 1144 of the Social Security Act to require the Commissioner of Social Security to conduct additional outreach efforts to identify individuals entitled to benefits, or enrolled under the Medicare program under Title XVIII, who may be eligible for transitional assistance under the Medicare Prescription Drug Discount Card Program and premium and cost-sharing subsidies under the Prescription Drug Card Part D Program\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Health and Human Services (HHS) - Centers for MEDICARE \u0026amp; MEDICAID Services (CMS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eBuy America Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.gao.gov/products/105519\"\u003eBuy America Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eRequires Federal agencies to procure domestic materials and products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApr 1978\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eGovernment Accountability Office (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eNo TikTok on Government Devices Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.congress.gov/bill/117th-congress/senate-bill/1143\"\u003eNo TikTok on Government Devices Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eRequires the social media video application TikTok to be removed from the information technology of federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFOIA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.foia.gov/\"\u003eFreedom of Information Act (FOIA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eProvides that any person has the right to request access to federal agency records or information except to the extent the records are protected from disclosure by any of nine exemptions contained in the law or by one of three special law enforcement record exclusions\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1967\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Justice (DOJ)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eIG Act of 1978\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.ignet.gov/content/inspector-general-act-1978\"\u003eInspectors General Act (IG Act) of 1978\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eCreates Inspector General positions and offices in more than a dozen specific departments and agencies. The Act gave these inspectors general the authority to review the internal documents of their departments or offices. They were given responsibility to investigate fraud, to give policy advice (5 U.S.C. § 404; IG Act, sec. 4), to handle certain complaints by employees, and to report to the heads of their agencies and to Congress on their activities every six months\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1978\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eDOTGOV Act of 2020\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.federalregister.gov/documents/2022/07/26/2022-15670/federal-management-regulation-fmr-internet-gov-domain\"\u003eDOTGOV Online Trust in Government Act of 2020\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eTransfers the DotGov internet domain program, as operated by the General Services Administration under title 41, Code of Federal Regulations, to DHS CISA. The Act also orders that on the date CISA begins operational administration of the DotGov internet domain program, the GSA Administrator shall rescind the requirements in part 102173 of title 41, Code of Federal Regulations applicable to any Federal, State, local, or territorial government entity, or other publicly controlled entity, including any Tribal government recognized by the Federal Government or a State government that is registering or operating a DotGov internet domain. Finally, the DOTGOV orders that in place of the requirements in part 102173 of title 41, Code of Federal Regulations, CISA, in consultation with the Director of Management and Budget (OMB), shall establish and publish a new set of requirements for the registration and operation of DotGov domains.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003ePart of the Consolidated Appropriations Act, 2021\u003c/p\u003e\u003ch3\u003eGovernment Performance and Results Act (GPRA) of 1993\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.federalreserve.gov/publications/gpra.htm\"\u003eGovernment Performance and Results Act (GPRA) of 1993\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to prepare a strategic plan covering a multiyear period and requires each agency to submit an annual performance plan and an annual performance report.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 1993\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Acquisition Streamlining Act (FASA) of 1994\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/103rd-congress/senate-bill/1587\"\u003eFederal Acquisition Streamlining Act (FASA) of 1994\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Streamlines the federal governments acquisition system and dramatically changes the way the government performs its contracting functions. Generally, the statute seeks to: (1) increase the governments reliance on commercial goods and services; (2) streamline the procurement process for high volume, low value acquisitions; (3) improve access by small businesses to government contracting opportunities; (4) improve the bid protest process; and (5) extend the Truth in Negotiations Act to civilian agencies and raise the threshold for submitting certified cost or pricing data under that Act.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1994\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePaperwork Reduction Act (PRA) of 1995\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/104th-congress/senate-bill/244\"\u003ePaperwork Reduction Act (PRA) of 1995\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires that agencies obtain Office of Management and Budget (OMB) approval before requesting most types of information from the public. “Information collections” include forms, interviews, and record keeping, to name a few categories.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 1995\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Financial Management Improvement Act of 1996\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/104th-congress/house-bill/4319\"\u003eFederal Financial Management Improvement Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Advances Federal financial management by ensuring that Federal financial management systems provide accurate, reliable, and timely financial management information to the governments managers.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eSep 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eClinger-Cohen Act of 1996\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/clinger-cohen-act/\"\u003eClinger-Cohen Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The IT Management Reform Act (ITMRA) and the Federal Acquisition Reform Act (FARA) together make up the Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Records Act (FRA) (Records Management Act of 1950)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://presidentialtransition.org/wp-content/uploads/sites/6/2020/11/Federal-Records-Act-Overview.pdf\"\u003eRecords Management Act of 1950 / Federal Records Act (FRA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Designed to ensure that institutional records of vital historical, fiscal and legal value are identified and preserved by the government, providing the public with a historical record of federal; decision-making.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1950\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eNational Archives and Records Administration (NARA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSection 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.acquisition.gov/Section-889-Policies\"\u003eSection 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prohibits the Federal Government from procuring or obtaining, or extending or renewing a contract to procure or obtain “any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system,” on or after August 13, 2019, unless an exception applies or a waiver is granted.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Defense (DoD)\u003c/li\u003e\u003cli\u003eNational Aeronautics and Space Administration (NASA)\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFITARA Enhancement Act of 2017\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/115th-congress/house-bill/3243\"\u003eFITARA Enhancement Act of 2017\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e An act to amend title 40, United States Code, to eliminate the sunset of certain provisions relating to information technology, to amend the National Defense Authorization Act for Fiscal Year 2015 to extend the sunset relating to the Federal Data Center Consolidation Initiative, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eMaking Electronic Government Accountable by Yielding Tangible Efficiencies (MEGABYTE) Act of 2016\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/114th-congress/house-bill/4904/text\"\u003eMaking Electronic Government Accountable by Yielding Tangible Efficiencies (MEGABYTE) Act of 2016\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the Director of the Office of Management and Budget to issue a directive on the management of software licenses by the US federal government.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eStrengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure (SECURE) Technology Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/115th-congress/house-bill/7327/text\"\u003eStrengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure (SECURE) Technology Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the Secretary of Homeland Security to establish a security vulnerability disclosure policy, to establish a bug bounty program for the Department of Homeland Security, to amend title 41, United States Code, to provide for Federal acquisition supply chain security, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eCommunications Act of 1934\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1288\"\u003eCommunications Act of 1934\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Combined and organized federal regulation of telephone, telegraph, and radio communications. The Act created the Federal Communications Commission (FCC) to oversee and regulate these industries. The Act is updated periodically to add provisions governing new communications technologies, such as broadcast, cable and satellite television.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJun 1934\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eFederal Communications Commission (FCC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eWorkforce Innovation and Opportunities Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.dol.gov/agencies/eta/wioa\"\u003eWorkforce Innovation and Opportunities Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Designed to strengthen and improve our nation's public workforce system and help get Americans, including youth and those with significant barriers to employment, into high-quality jobs and careers and help employers hire and retain skilled workers.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Labor (DOL)\u003c/li\u003e\u003cli\u003eDepartment of Education (ED)\u003c/li\u003e\u003cli\u003eDepartment of Health and Human Services (HHS)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eChildrens Online Privacy Protection Act (COPPA) of 1998\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa\"\u003eChildrens Online Privacy Protection Act (COPPA) of 1998\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApr 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eFederal Trade Commission (FTC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGovernment Paperwork Elimination Act of 1998\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/gpea/\"\u003eGovernment Paperwork Elimination Act of 1998\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e It requires Federal agencies, by October 21, 2003, to provide individuals or entities that deal with agencies the option to submit information or transact with the agency electronically, and to maintain records electronically, when practicable.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Property and Administrative Services Act of 1949\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/USCODE-2011-title40/html/USCODE-2011-title40-subtitleI-chap1.htm\"\u003eFederal Property and Administrative Services Act of 1949\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the General Services Administration (GSA). The act also provides for various Federal Standards to be published by the GSA.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1949\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eGeneral Services Administration (GSA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eInformation Quality Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/information-quality-act/\"\u003eInformation Quality Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the OMB to promulgate guidance to agencies ensuring the quality, objectivity, utility, and integrity of information (including statistical information) disseminated by Federal agencies.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSmall Business Paperwork Relief Act of 2002\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.sba.gov/document/policy-guidance--small-business-paperwork-relief-act-2002\"\u003eSmall Business Paperwork Relief Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Institutes a process to reduce paperwork, and introduces measures to make it easier for small businesses to comply with the law.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJun 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eCyber Security Research and Development Act of 2002\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/107th-congress/house-bill/3394\"\u003eCyber Security Research and Development Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Authorizes appropriations to the National Science Foundation (NSF) and to the Secretary of Commerce for the National Institute of Standards and Technology (NIST) to establish new programs, and to increase funding for certain current programs, for computer and network security (CNS) research and development and CNS research fellowships.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eNational Science Foundation (NSF)\u003c/li\u003e\u003cli\u003eNational Institute of Standards and Technology (NIST)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eImplementing Recommendations of the 9/11 Commission Act of 2007\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/110th-congress/house-bill/1\"\u003eImplementing Recommendations of the 9/11 Commission Act of 2007\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides for implementation of recommendations of the National Commission on Terrorist Attacks Upon the United States (9/11 Commission).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Cybersecurity Workforce Assessment Act (FCWAA) of 2015\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/113/plaws/publ246/PLAW-113publ246.pdf\"\u003eFederal Cybersecurity Workforce Assessment Act (FCWAA) of 2015\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the Secretary of Homeland Security to assess the cybersecurity workforce of the Department of Homeland Security and develop a comprehensive workforce strategy, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eWhistleblower Protection Act of 1989\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/101st-congress/senate-bill/20\"\u003eWhistleblower Protection Act of 1989\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prohibits retaliation against most executive branch employees when they blow the whistle on \u0026nbsp;ignificant agency wrongdoing or when they engage in protected conduct.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApr 1989\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Special Counsel\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eComputer Security Act of 1987\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/100th-congress/house-bill/145/all-info\"\u003eComputer Security Act of 1987\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides for a computer standards program within the National Bureau of Standards, to provide for Government-wide computer security, and to provide for the training in security matters of persons who are involved in the management, operation, and use of Federal computer systems, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJan 1988\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eNational Institute of Standards and Technology (NIST)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eOffice of Federal Procurement Policy Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/omb/management/office-federal-procurement-policy/\"\u003eOffice of Federal Procurement Policy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The Office of Federal Procurement Policy (OFPP) was established by Congress in 1974 to provide overall direction for government-wide procurement policies, regulations and procedures and to promote economy, efficiency, and effectiveness in acquisition processes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Aug 1974\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Activities Inventory Reform (FAIR) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/105/plaws/publ270/PLAW-105publ270.pdf\"\u003eFederal Activities Inventory Reform (FAIR) Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to submit to the Office of Management and Budget inventories of commercial activities performed by federal employees every year by June 30.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Oct 1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eBudget and Accounting Act of 1921\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/D03855.pdf\"\u003eBudget and Accounting Act of 1921\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides a national budget system and an independent audit of Government accounts, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jun 1921\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Managers' Financial Integrity Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/omb/financial_fmfia1982\"\u003eFederal Managers Financial Integrity Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the statutory basis for managements responsibility for and assessment of accounting and administrative internal controls. Such controls include program, operational, and administrative areas, as well as accounting and financial management.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Sep 1982\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSarbanes-Oxley Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://sarbanes-oxley-act.com/\"\u003eSarbanes-Oxley Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Contains provisions affecting corporate governance, risk management, auditing, and financial reporting of public companies, including provisions intended to deter and punish corporate accounting fraud and corruption.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jul 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003ePublic Company Accounting Oversight Board (PCAOB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eDigital Accountability and Transparency Act (DATA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/113/plaws/publ101/PLAW-113publ101.pdf\"\u003eDigital Accountability and Transparency Act (DATA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to prepare and submit standardized, accurate information about their spending.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e May 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eDepartment of Treasury\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eElectronic Signatures in Global and National Commerce (E-Sign) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/PLAW-106publ229/pdf/PLAW-106publ229.pdf\"\u003eElectronic Signatures in Global and National Commerce (E-Sign) Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Facilitates the use of electronic records and signatures in interstate or foreign commerce.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jun 2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Commerce\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eSpecifies that, in the United States, the use of an electronic signature (e-signature) is as legally valid as a traditional signature written in ink on paper.\u003c/p\u003e\u003ch3\u003eChief Financial Officers Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/cfo-act/\"\u003eChief Financial Officers Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Gives OMB new authority and responsibility for directing federal financial management, modernizing the governments financial management systems, and strengthening financial reporting.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 1990\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eHomeland Security Act of 2002\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.dhs.gov/homeland-security-act-2002\"\u003eHomeland Security Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Established the Department of Homeland Security\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eHealth Information Technology for Economic and Clinical Health (HITECH) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html\"\u003eHITECH Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Part of the American Recovery and Reinvestment Act of 2009 that incentivized the meaningful use of Electronic Health Records (EHRs) and strengthened the privacy and security provisions of HIPAA.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Health and Human Services (HHS)\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePatient Protection and Affordable Care Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/3590\"\u003ePatient Protection and Affordable Care Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensures that all Americans have access to quality, affordable health care and will create the transformation within the health care system necessary to contain costs.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMar 2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGovernment Performance and Results Act (GPRA) Modernization Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/111/plaws/publ352/PLAW-111publ352.pdf\"\u003eGovernment Performance and Results Act (GPRA) Modernization Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e An amended version of the Government Performance and Results Act of 1993, it requires each executive agency to make its strategic plan available on its public website and to the OMB on the first Monday in February of any year following that in which the term of the President commences and to notify the President and Congress.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJan 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGenetic Information Nondiscrimination Act (GINA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/PLAW-110publ233/pdf/PLAW-110publ233.pdf\"\u003eGenetic Information Nondiscrimination Act (GINA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Protects individuals against discrimination based on their genetic information in health coverage and in employment.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eEconomy Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.acquisition.gov/node/29803/printable/pdf\"\u003eEconomy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Authorizes agencies to enter into agreements to obtain \u003cem\u003esupplies\u003c/em\u003e or services from another agency.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 1933\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Federal Acquistition Regulations (FAR)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eIPERIA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/112/plaws/publ248/PLAW-112publ248.pdf\"\u003eImproper Payments Elimination and Recovery Improvement Act (IPERIA) of 2012\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides guidance on monitoring and reporting improper payments, and requires agencies to continue their review of programs and activities annually to identify those susceptible to significant improper payments and updates the definition of significant improper payments.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJan 2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eAntideficiency Act (ADA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/legal/appropriations-law/resources\"\u003eAntideficiency Act (ADA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prohibits federal agencies from obligating or expending federal funds in advance or in excess of an appropriation, and from accepting voluntary services.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eSep 1982\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Government Accountability Offices (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eBudget Control Act of 2011\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/112/plaws/publ25/PLAW-112publ25.pdf\"\u003eBudget Control Act of 2011\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Amends the Balanced Budget and Emergency Deficit Control Act of 1985 (Gramm-Rudman-Hollings Act) to revise sequestration requirements for enforcement of discretionary spending limits (spending caps).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Activities Inventory Reform (FAIR) Act of 1998\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/105/plaws/publ270/PLAW-105publ270.pdf\"\u003eFederal Activities Inventory Reform (FAIR) Act of 1998\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to submit to the Office of Management and Budget inventories of commercial activities performed by federal employees every year by June 30.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eTelework Enhancement Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/1722/text\"\u003eTelework Enhancement Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the head of each executive agency to: (1) establish a policy under which eligible agency employees may be authorized to telework; (2) determine employee eligibility to participate in telework; and (3) notify all employees of their eligibility to telework.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Personnel Management (OPM)\u003c/li\u003e\u003cli\u003eFederal Emergency Management Agency (FEMA)\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eNational Archives and Records Administration (NARA)\u003c/li\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eDepartment of Homeland Security (DHS)\u003c/li\u003e\u003cli\u003eNational Institute of Standards and Technology (NIST)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePlain Writing Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/PLAW-111publ274/pdf/PLAW-111publ274.pdf\"\u003ePlain Writing Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the effectiveness and accountability of Federal agencies to the public by promoting clear Government communication that the public can understand and use.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eConsolidated Appropriations Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/111/plaws/publ117/PLAW-111publ117.pdf\"\u003eConsolidated Appropriations Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e An act making appropriations for the Departments of Transportation, and Housing and Urban Development, and related agencies for the fiscal year ending September 30, 2010, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Dec 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/3288\"\u003eMultiple agencies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e Many agencies oversee the guidance for this Act\u003c/p\u003e\u003ch3\u003eAmerican Recovery and Reinvestment Act of 2009\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/1/text\"\u003eAmerican Recovery and Reinvestment Act of 2009\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Developed in response to the Great Recession, the primary objective of this federal statute was to save existing jobs and create new ones as soon as possible. Other objectives were to provide temporary relief programs for those most affected by the recession and invest in infrastructure, education, health, and renewable energy.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/1\"\u003eMultiple agencies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e Many agencies oversee the guidance for this Act\u003c/p\u003e\u003ch3\u003eProject BioShield Act of 2004\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/108th-congress/senate-bill/15/text\"\u003eProject BioShield Act of 2004\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Project BioShield was established to help incentivize private industry to develop vitally needed medical countermeasures by providing multi-year funding to support advanced research, clinical development, manufacture and procurement.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003ePublic Health Service Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.ssa.gov/policy/docs/ssb/v7n8/v7n8p15.pdf\"\u003ePublic Health Service Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Consolidates and revises the laws relating to the Public Health Service.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1944\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003eIntelligence Reform and Terrorism Prevention Act of 2004\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/108th-congress/senate-bill/2845/text\"\u003eIntelligence Reform and Terrorism Prevention Act of 2004\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Reforms the intelligence community and the intelligence and intelligence-related activities of the United States Government, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003eElectronic Freedom of Information Act Amendments of 1996\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/104/plaws/publ231/PLAW-104publ231.htm\"\u003eElectronic Freedom of Information Act Amendments of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The Freedom of Information Act (FOIA) established the public's right of access to government information, on the basis of openness and accountability. The 1996 Electronic Freedom of Information Act (e-FOIA) Amendments extended these principles to include electronic access to information.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Oct 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Justice (DoJ)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003eClarifying Lawful Overseas Use of Data (CLOUD) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2022/07/06/2022-14320/office-of-the-attorney-general-clarifying-lawful-overseas-use-of-data-act-attorney-general\"\u003eClarifying Lawful Overseas Use of Data (CLOUD) Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Lifts certain restrictions under U.S. law on companies disclosing electronic data, in response to qualifying, lawful orders in investigations of serious crime, directly to a qualifying foreign government with which the United States has entered into an executive agreement governing access by the foreign government to covered data.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jul 2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Justice (DoJ)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eFederal Regulations\u003c/h2\u003e\u003cp\u003eRegulations are published by executive branch agencies to clarify their interpretation of a law and how a law will be implemented. Regulations also state requirements or prohibitions. This list contains all federal regulations that relate to information security and privacy at CMS.\u003c/p\u003e\u003ch3\u003eB.O.D. 18-01\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/news-events/directives/bod-18-01-enhance-email-and-web-security\"\u003eBinding Operational Directive (B.O.D) 18-01: Enhance Email and Web Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Enhances the security of federal agencies' email and web systems to protect against cyber threats. The directive outlines specific actions that federal agencies must take to improve their email and web security posture, including implementing specific security protocols, enhancing monitoring capabilities, and strengthening authentication mechanisms.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Oct 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eB.O.D. 18-02\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.cisa.gov/news-events/directives/bod-18-02-securing-high-value-assets\"\u003eBinding Operation Directive (B.O.D.) 18-02 - Security High Value Assets (HVAs)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eEnhances the Department of Homeland Security's coordinated approach to securing the federal governments HVAs from cybersecurity threats\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eFISMA 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eB.O.D. 20-01\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/news-events/directives/bod-20-01-develop-and-publish-vulnerability-disclosure-policy\"\u003eBinding Operation Directive (B.O.D) 20-01: Develop and Publish a Vulnerability Disclosure Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires each agency to develop and publish a vulnerability disclosure policy (VDP) and maintain supporting handling procedures.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Sep 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law:\u003c/strong\u003e OMB M-20-32\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.D. 19-01\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/news-events/directives/ed-19-01-mitigate-dns-infrastructure-tampering\"\u003eEmergency Directive (E.D.) 19-01: Mitigate DNS Infrastructure Tampering\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires agencies take near-term actions to mitigate risks from undiscovered tampering, enable agencies to prevent illegitimate DNS activity for their domains, and detect unauthorized certificates.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jan 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law:\u003c/strong\u003e Homeland Security Act of 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eThe Privacy Rule\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html\"\u003eThe Privacy Rule\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eAssures that individuals' health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well being\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eHIPAA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Health and Human Services (DHHS or HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eRegulation that implements HIPAA requirements\u003c/p\u003e\u003ch3\u003eThe Security Rule\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html\"\u003eThe Security Rule\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eEstablishes standards and safeguards for the secure handling of electronic protected health information (ePHI) by healthcare entities, aiming to ensure the confidentiality, integrity, and availability of sensitive health data\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eHIPAA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Health and Human Services (DHHS or HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eRegulation that implements HIPAA requirements\u003c/p\u003e\u003ch3\u003eFAR\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.acquisition.gov/sites/default/files/current/far/pdf/FAR.pdf\"\u003eFederal Acquisition Regulation (FAR)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003ePrimary regulation for use by all executive agencies in their acquisition of supplies and services with appropriated funds\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApril 1984\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eCompetition in Contracting Act of 1984 - FAR: Title 48 of the Code of Federal Regulations (CFR).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eGeneral Services Administration (GSA), Department of \u0026nbsp;Defense (DOD), \u0026amp; National Aeronautics and Space Administration (NASA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Accounting Standards Advisory Board (FASAB)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://fasab.gov/accounting-standards/\"\u003eFederal Accounting Standards Advisory Board (FASAB)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Primary regulation for use by all executive agencies in their acquisition of supplies and services with appropriated funds\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1990\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eCompetition in Contracting Act of 1984 - FAR: Title 48 of the Code of Federal Regulations (CFR).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Treasury, Office of Management and Budget (OMB), \u0026amp; Government Accountability Office (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eFederal Information Processing Standards (FIPS) Publications\u003c/h2\u003e\u003cp\u003eFederal Information Processing Standards (FIPS) are standards and guidelines for federal computer systems that are developed by \u003ca href=\"https://security.cms.gov/learn/national-institute-standards-and-technology-nist\"\u003eNational Institute of Standards and Technology (NIST)\u003c/a\u003e in accordance with the \u003ca href=\"https://security.cms.gov/learn/federal-information-security-modernization-act-fisma\"\u003eFederal Information Security Management Act (FISMA)\u003c/a\u003e and approved by the Secretary of Commerce.\u003c/p\u003e\u003cp\u003eFIPS Standards can be viewed and downloaded from the NIST Computer Security Resource Center (CSRC) website here: \u003ca href=\"https://csrc.nist.gov/publications/fips\"\u003eFIPS publications\u003c/a\u003e\u003c/p\u003e\u003cp\u003eAnswers to Frequently Asked Questions about FIPS can be found on the NIST website here: \u003ca href=\"https://www.nist.gov/standardsgov/compliance-faqs-federal-information-processing-standards-fips\"\u003eFIPS FAQs\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThis list contains all FIPS publications that relate to information security and privacy at CMS.\u003c/p\u003e\u003ch3\u003eFIPS-202\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/202/final\"\u003eSHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e8/4/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 201-3\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/201-3/final\"\u003ePersonal Identity Verification (PIV) of Federal Employees and Contractors\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e1/24/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 200\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/200/final\"\u003eMinimum Security Requirements for Federal Information and Information Systems\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e3/1/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 199\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/199/final\"\u003eStandards for Security Categorization of Federal Information and Information Systems\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e2/1/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 198-1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/198-1/final\"\u003eThe Keyed-Hash Message Authentication Code (HMAC)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e7/16/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 197\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/197/final\"\u003eAdvanced Encryption Standard (AES)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e5/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 186-5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/186-5/final\"\u003eDigital Signature Standard (DSS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e2/13/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 180-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/180-4/upd1/final\"\u003eSecure Hash Standard (SHS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e8/4/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 140-3\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/140-3/final\"\u003eSecurity Requirements for Cryptographic Modules\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e3/22/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eNIST S.P. Guidelines\u003c/h2\u003e\u003cp\u003eFIPS Publications may reference specific NIST Special Publications (S.P.) guidelines (SP800) and/or practices (SP1800), in which that guideline or practice becomes a governance policy for CMS FISMA systems.\u003c/p\u003e\u003cp\u003eAll NIST Special Publications (SP 500, SP800 and SP1800) can be viewed and downloaded from the NIST Computer Security Resource Center (CSRC) website here: \u003ca href=\"https://csrc.nist.gov/publications/sp\"\u003eNIST S.P. list\u003c/a\u003e\u003c/p\u003e\u003cp\u003eNIST S.P. descriptions can be found on the NIST website here: \u003ca href=\"https://www.nist.gov/nist-research-library/nist-special-publication-subseries-descriptions\"\u003eNIST S.P. descriptions\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThe following list consists of NIST S.P.s that are CMS FISMA governance policy by way of FIPS references.\u003c/p\u003e\u003ch3\u003e500-267A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-267Ar1.pdf\"\u003eNIST IPv6 Profile\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e500-267B\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-267Br1.pdf\"\u003eUSGv6 Profile\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e500-281A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=929798\"\u003eUSGv6 Test Program Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e500-281B\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-281Br1.pdf\"\u003eUSGv6 Test Methods: General Description and Validation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-16\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/16/final\"\u003eInformation Technology Security Training Requirements: a Role- and Performance-Based Model\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-18 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/18/r1/final\"\u003eGuide for Developing Security Plans for Federal Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 200\u003c/p\u003e\u003ch3\u003e800-30\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/30/r1/final\"\u003eGuide for Conducting Risk Assessments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-34\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://www.nist.gov/privacy-framework/nist-sp-800-34\"\u003eContingency Planning Guide for Federal Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-37 Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/37/r2/final\"\u003eRisk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-38 (A-G)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/publications/sp800\"\u003eRecommendation for Block Cipher Modes: *\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 197\u003c/p\u003e\u003ch3\u003e800-39\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/39/final\"\u003eManaging Information Security Risk: Organization, Mission, and Information System View\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-40\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/40/r4/final\"\u003eGuide to Enterprise Patch Management Planning: Preventive Maintenance for Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-41\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/41/r1/final\"\u003eGuidelines on Firewalls and Firewall Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-46\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/46/r2/final\"\u003eGuide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-50\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/50/final\"\u003eBuilding an Information Technology Security Awareness and Training Program\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-51\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/51/r1/final\"\u003eGuide to Using Vulnerability Naming Schemes\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-52\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/52/r2/final\"\u003eGuidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-53 Rev. 5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final\"\u003eSecurity and Privacy Controls for Information Systems and Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-53A Rev. 5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/a/r5/final\"\u003eAssessing Security and Privacy Controls in Information Systems and\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/a/r5/final\"\u003eOrganizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-56A\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/56/a/r3/final\"\u003eRecommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-56B Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/56/b/r2/final\"\u003eRecommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-57 Part 1 Rev. 5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/57/pt1/r5/final\"\u003eRecommendation for Key Management - Part 1: General\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-57 Part 3 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/57/pt3/r1/final\"\u003eRecommendation for Key Management, Part 3: Application-Specific Key Management Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-59\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/59/final\"\u003eGuideline for Identifying an Information System as a National Security System\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-60 Vol. 1 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/60/v1/r1/final\"\u003eGuide for Mapping Types of Information and Information Systems to Security Categories\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 200\u003c/p\u003e\u003ch3\u003e800-61\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/61/r2/final\"\u003eComputer Security Incident Handling Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-63-3\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\"\u003eDigital Identity Guidelines\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-63A\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/a/upd2/final\"\u003eDigital Identity Guidelines: Enrollment and Identity Proofing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-63B\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/b/upd2/final\"\u003eDigital Identity Guidelines: Authentication and Lifecycle Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-63C\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/c/upd2/final\"\u003eDigital Identity Guidelines: Federation and Assertions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-70\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/70/r4/final\"\u003eNational Checklist Program for IT Products: Guidelines for Checklist Users and Developers\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-73-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/73/4/upd1/final\"\u003eInterfaces for Personal Identity Verification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-76-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/76/2/final\"\u003eBiometric Specifications for Personal Identity Verification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-78-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/78/4/final\"\u003eCryptographic Algorithms and Key Sizes for Personal Identity Verification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-79-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/79/2/final\"\u003eGuidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-81\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/81/2/final\"\u003eSecure Domain Name System (DNS) Deployment Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-85A-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/85/a/4/final\"\u003ePIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-87 Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/87/r2/final\"\u003eCodes for Identification of Federal and Federally-Assisted Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-88\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/88/r1/final\"\u003eGuidelines for Media Sanitization\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-89\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/89/final\"\u003eRecommendation for Obtaining Assurances for Digital Signature\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://csrc.nist.gov/pubs/sp/800/89/final\"\u003eApplications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-90A Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/90/a/r1/final\"\u003eRecommendation for Random Number Generation Using Deterministic Random Bit Generators\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-94\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/94/final\"\u003eGuide to Intrusion Detection and Prevention Systems (IDPS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-96\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/96/final\"\u003ePIV Card to Reader Interoperability Guidelines\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-97\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/97/final\"\u003eEstablishing Wireless Robust Security Networks: A Guide to IEEE 802.11i\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-102\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/102/final\"\u003eRecommendation for Digital Signature Timeliness\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-107\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/107/r1/final\"\u003eRecommendation for Applications Using Approved Hash Algorithms\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003cli\u003eFIPS 202\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-111\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/111/final\"\u003eGuide to Storage Encryption Technologies for End User Devices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 197\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-115\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/115/final\"\u003eTechnical Guide to Information Security Testing and Assessment\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-116 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/116/r1/final\"\u003eGuidelines for the Use of PIV Credentials in Facility Access\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-119\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/119/final\"\u003eGuidelines for the Secure Deployment of IPv6\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-122\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/122/final\"\u003eGuide to Protecting the Confidentiality of Personally Identifiable Information (PII)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-124\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/124/r2/final\"\u003eGuidelines for Managing the Security of Mobile Devices in the Enterprise\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-126\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/126/r3/final\"\u003eThe Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-128\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/128/upd1/final\"\u003eGuide for Security-Focused Configuration Management of Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-131A Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/131/a/r2/final\"\u003eTransitioning the Use of Cryptographic Algorithms and Key Lengths\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-133 Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/133/r2/final\"\u003eRecommendation for Cryptographic Key Generation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 197\u003c/p\u003e\u003ch3\u003e800-137\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/137/final\"\u003eInformation Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-140\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/final\"\u003eFIPS 140-3 Derived Test Requirements (DTR): CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/a/final\"\u003eCMVP Documentation Requirements: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140B Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/b/r1/final\"\u003eCryptographic Module Validation Program (CMVP) Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140C Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/c/r2/final\"\u003eCryptographic Module Validation Program (CMVP)-Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140D Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/d/r2/final\"\u003eCryptographic Module Validation Program (CMVP)-Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140E\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/e/final\"\u003eCMVP Approved Authentication Mechanisms: CMVP Validation Authority Requirements for ISO/IEC 19790 Annex E and ISO/IEC 24579 Section 6.17\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140F\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/f/final\"\u003eCMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-144\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/144/final\"\u003eGuidelines on Security and Privacy in Public Cloud Computing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-145\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/145/final\"\u003eThe NIST Definition of Cloud Computing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-152\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/152/final\"\u003eA Profile for U.S. Federal Cryptographic Key Management Systems (CKMS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 197\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-153\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/153/final\"\u003eGuidelines for Securing Wireless Local Area Networks (WLANs)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-156\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/156/final\"\u003eRepresentation of PIV Chain-of-Trust for Import and Export\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-157\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/157/final\"\u003eGuidelines for Derived Personal Identity Verification (PIV) Credentials\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-157\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/157/final\"\u003eGuidelines for Derived Personal Identity Verification (PIV) Credentials\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-163\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/163/r1/final\"\u003eVetting the Security of Mobile Applications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-167\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/167/final\"\u003eGuide to Application Whitelisting\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-171\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final\"\u003eProtecting Controlled Unclassified Information in Nonfederal Systems and Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-175A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/175/a/final\"\u003eGuideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-175B\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/175/b/r1/final\"\u003eGuideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 197\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 202\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-177\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/177/r1/final\"\u003eTrustworthy Email\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-181\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/181/r1/final\"\u003eWorkforce Framework for Cybersecurity (NICE Framework)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-186\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/186/final\"\u003eRecommendations for Discrete-Logarithm Based Cryptography: Elliptic Curve Domain Parameters\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 186\u003c/p\u003e\u003ch3\u003e800-207\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/207/final\"\u003eZero Trust Architecture\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-217\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/217/ipd\"\u003eGuidelines for the Use of Personal Identity Verification (PIV) Credentials with Federation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-219\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/219/r1/final\"\u003eAutomated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eExecutive Orders (E.O.)\u003c/h2\u003e\u003cp\u003eAn Executive Order (E.O.) is a signed, written, and published directive from the President of the United States that manages operations of the federal government. They are numbered consecutively, so executive orders may be referenced by their assigned number, or their topic. This list contains all E.O.s that relate to information security and privacy.\u003c/p\u003e\u003ch3\u003eE.O 9397\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.ssa.gov/foia/html/EO9397.htm\"\u003eNumbering System for Federal Accounts Relating to Individual Persons\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes a centralized numbering system for federal accounts relating to individual persons in the United States.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e November 30, 1943\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Social Security Administration (SSA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 11609\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.archives.gov/federal-register/codification/executive-order/11609.html\"\u003eDelegating certain functions vested in the President to other officers of the Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Grants certain, presidential authorities to the GSA without approval, ratification, or other action of the President.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 22, 1971\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e General Services Administration (GSA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13011\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/CFR-1997-title3-vol1/html/CFR-1997-title3-vol1-eo13011.htm\"\u003eFederal Information Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Aimed to improve the management and utilization of IT resources across federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 16, 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eDHS\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eE.O 13381\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2005/06/30/05-13098/strengthening-processes-relating-to-determining-eligibility-for-access-to-classified-national\"\u003eStrengthening Processes Relating to Determining Eligibility for Access to Classified National Security Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Assists in determining eligibility for access to classified national security information, while taking appropriate account of title III of Public Law 108-458\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jun 2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13402\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2006/05/15/06-4552/strengthening-federal-efforts-to-protect-against-identity-theft\"\u003eStrengthening Federal Efforts To Protect Against Identity Theft\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Strengthens efforts to protect against identity theft\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13439\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2007/07/20/07-3593/establishing-an-interagency-working-group-on-import-safety\"\u003eEstablishing an Interagency Working Group on Import Safety\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensures that the executive branch takes all appropriate steps to promote the safety of imported products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jul 2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e HHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13520\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/executive-order-reducing-improper-payments\"\u003eReducing Improper Payments and Eliminating Waste in Federal Programs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Reduces payment errors and eliminating waste, fraud, and abuse in Federal programs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Nov 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13526\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.archives.gov/isoo/policy-documents/cnsi-eo.html\"\u003eClassified National Security Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prescribes a uniform system for classifying, safeguarding, and declassifying national security information, including information relating to defense against transnational terrorism\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Dec 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Information Security Oversight Office\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13556\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.commerce.gov/sites/default/files/2022-02/Controlled-Unclassified-Information-Policy.pdf\"\u003eControlled Unclassified Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes an open and uniform program for managing unclassified information requiring safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Aug 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e National Archives \u0026amp; Records Administration (NARA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13571\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/04/27/executive-order-13571-streamlining-service-delivery-and-improving-custom\"\u003eStreamlining Service Delivery and Improving Customer Service\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the quality of service to the public by the Federal Government\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Apr 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13576\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/06/13/executive-order-13576-delivering-efficient-effective-and-accountable-gov\"\u003eDelivering an Efficient, Effective, and Accountable Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Aims to cut waste, streamline Government operations, and reinforce the performance and management reform gains the Obama Administration has achieved\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jun 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13583\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/08/18/executive-order-13583-establishing-coordinated-government-wide-initiativ\"\u003eEstablishing a Coordinated Government-wide Initiative to Promote Diversity and Inclusion in the Federal Workforce\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Promotes the Federal workplace as a model of equal opportunity, diversity, and inclusion\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Aug 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOPM\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003ePresidents Management Council (PMC)\u003c/li\u003e\u003cli\u003eEqual Employment Opportunity Commission (EEOC)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13589\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/11/09/executive-order-13589-promoting-efficient-spending\"\u003ePromoting Efficient Spending\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Further promote efficient spending in the Federal Government\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Nov 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13636\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity\"\u003eImproving Critical Infrastructure Cybersecurity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Designed to increase the level of core capabilities for our critical infrastructure to manage cyber risk. It does this by focusing on three key areas: (1) information sharing, (2) privacy, and (3) the adoption of cybersecurity practices.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 12, 2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eDHS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13642\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/01/31/executive-order-13564-presidents-council-jobs-and-competitiveness\"\u003eThe President's Council on Jobs and Competitiveness\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Aims to strengthen the Nation's economy and ensure the competitiveness of the United States and to create jobs, opportunity, and prosperity for the American people by ensuring the availability of non partisan advice to the President from participants in and experts on the economy\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jan 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Department of Treasury\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13681\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2014/10/17/executive-order-improving-security-consumer-financial-transactions\"\u003eImproving the Security of Consumer Financial Transactions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the security of consumer financial transactions in both the private and public sectors\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e October 17, 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Treasury\u003c/li\u003e\u003cli\u003eDepartment of Justice\u003c/li\u003e\u003cli\u003eDepartment of Commerce\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eSocial Security Administration (SSA)\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC)\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003eDHS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13719\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2016/02/09/executive-order-establishment-federal-privacy-council\"\u003eEstablishment of the Federal Privacy Council\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The Federal Privacy Council is the principal interagency forum to improve the privacy practices of agencies and entities acting on their behalf.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 9, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Federal Privacy Council (FPC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13800\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/topics/cybersecurity-best-practices/executive-order-strengthening-cybersecurity-federal-networks-and-critical-infrastructure\"\u003eStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Modernizes federal information technology infrastructure, working with state and local government and private sector partners to more fully secure critical infrastructure, and collaborating with foreign allies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 11, 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13833\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2018/05/18/2018-10855/enhancing-the-effectiveness-of-agency-chief-information-officers\"\u003eEnhancing the Effectiveness of Agency Chief Information Officers\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Strengthens the role and responsibilities of Chief Information Officers (CIOs) within federal agencies to improve the efficiency and effectiveness of IT management\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 15, 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13834\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2018/05/22/2018-11101/efficient-federal-operations\"\u003eEfficient Federal Operations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the efficiency, effectiveness, and accountability of federal agencies in managing their operations and resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 17, 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13859\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2019/02/14/2019-02544/maintaining-american-leadership-in-artificial-intelligence\"\u003eMaintaining American Leadership in Artificial Intelligence\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Identifies five key lines of effort, including increasing AI research investment, unleashing Federal AI computing and data resources, setting AI technical standards, building Americas AI workforce, and engaging with international allies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Feb 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e National AI Initiative Office\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eTo oversee and implement the U.S. national AI strategy, the White House established the National Artificial Intelligence Initiative Office in early January 2021, in accordance with the National AI Initiative Act of 2020 (still a bill as of Feb 2024)\u003c/p\u003e\u003ch3\u003eE.O 13873\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2019/05/17/2019-10538/securing-the-information-and-communications-technology-and-services-supply-chain\"\u003eSecuring the Information and Communications Technology and Services Supply Chain\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Strengthens efforts to prevent foreign adversaries from exploiting vulnerabilities in the ICT supply chain and protect the vast amount of sensitive information being stored in and communicated through ICT products and services\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Commerce\u003c/li\u003e\u003cli\u003eCISA\u003c/li\u003e\u003cli\u003eICT SCRM Task Force\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13960\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2020/12/08/2020-27065/promoting-the-use-of-trustworthy-artificial-intelligence-in-the-federal-government\"\u003ePromoting the Use of Trustworthy Artificial Intelligence in the Federal Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes principles for the use of AI in the Federal Government, establishes a common policy for implementing the principles, directs agencies to catalogue their AI use cases\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e December 3, 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 14028\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity\"\u003eImproving the Nation's Cybersecurity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Charges multiple agencies, including NIST, with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e NIST\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 14034\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2021/06/11/2021-12506/protecting-americans-sensitive-data-from-foreign-adversaries\"\u003eProtecting Americans' Sensitive Data From Foreign Adversaries\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires government agencies to issue regulations that prohibit, or otherwise restrict, certain categories of data transactions that pose an unacceptable risk to national security.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e June 2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003eDepartment of Justice\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 14110\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://crsreports.congress.gov/product/pdf/R/R47843\"\u003eSafe, Secure, and Trustworthy Development and Use of Artificial Intelligence\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes a government-wide effort to guide responsible artificial intelligence (AI) development and deployment through federal agency leadership, regulation of industry, and engagement with\u003cbr\u003einternational partners\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e October 30, 2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eOffice of Science and Technology Policy (OSTP)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eGovernment Accountability Office (GAO) and GAO Accounting and Information Management Division (AIMD)\u003c/h2\u003e\u003cp\u003eThe U.S. Government Accountability Office (GAO) provides Congress, the heads of executive agencies, and the public with timely, fact-based, non-partisan information that can be used to improve government and save taxpayers billions of dollars. The GAO reports provide findings from their audits.\u003c/p\u003e\u003ch3\u003eAIMD-10.1.13\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/aimd-10.1.13.pdf\"\u003eAssessing Risks and Returns: A Guide for Evaluating Federal Agencies IT Investment Decision-making\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 3, 1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePaperwork Reduction Act (PRA)\u003c/li\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eGovernment Performance and Results Act (GPRA)\u003c/li\u003e\u003cli\u003eChief Financial Officers Act\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 04-394G\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-04-394g.pdf\"\u003eInformation Technology Investment Management: A Framework for Assessing and Improving Process Maturity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e March 1, 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 05-471\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-05-471.pdf\"\u003eINTERNET PROTOCOL VERSION 6 - Federal Agencies Need to Plan for Transition and Manage\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://www.gao.gov/assets/gao-05-471.pdf\"\u003eSecurity Risks\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 20, 2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 13-87\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-04-394g.pdf\"\u003eInformation Technology Investment Management: A Framework for Assessing and Improving Process Maturity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e March 1, 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 14-413\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/d14413.pdf\"\u003eFederal Software Licenses: Better Management Needed to Achieve Significant Savings Government-Wide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 22, 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 16-469\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-16-469.pdf\"\u003eInformation Technology Reform: Agencies Need to Increase Their Use of Incremental Development Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e August 16, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e FITARA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 20-195G\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-20-195g.pdf\"\u003eCost Estimating and Assessment Guide: Best Practices for Developing and Managing Program Costs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e March 12, 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eFederal Continuity Directives\u003c/h2\u003e\u003cp\u003eFederal Continuity Directives (FCDs) and Presidential Policy Directives (PPDs) and are both types of directives issued by the President of the United States to guide and coordinate specific policies, programs, and activities across the federal government.\u003c/p\u003e\u003cp\u003ePPDs are presidential statements that set forth national policies and decisions, while FCDs are agency-level directives aimed at ensuring the continuity and resilience of government operations during emergencies and crises.\u003c/p\u003e\u003ch3\u003eFCD-1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gpo.gov/docs/default-source/accessibility-privacy-coop-files/January2017FCD1-2.pdf\"\u003eFederal Executive Branch National Continuity Program and Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e January 17, 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFCD-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.fema.gov/sites/default/files/2020-07/Federal_Continuity_Directive-2_June132017.pdf\"\u003eFederal Executive Branch Mission Essential Functions and Candidate Primary Mission Essential Functions\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://www.fema.gov/sites/default/files/2020-07/Federal_Continuity_Directive-2_June132017.pdf\"\u003eIdentification and Submission Process\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e June 13, 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://irp.fas.org/offdocs/ppd/ppd-1.pdf\"\u003eOrganization of the National Security Council System\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 13, 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e National Security Council (NSC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://irp.fas.org/offdocs/ppd/ppd-2.pdf\"\u003eImplementation of the National Strategy for Countering Biological Threats\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e November 23, 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e National Security Staff Executive Secretary\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-40\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.fema.gov/emergency-managers/national-preparedness/continuity/toolkit/chapter-1\"\u003eNational Continuity Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 15, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e Federal Emergency Management Agency (FEMA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-41\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2016/07/26/presidential-policy-directive-united-states-cyber-incident\"\u003eUnited States Cyber Incident Coordination\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 26, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eOMB Circulars\u003c/h2\u003e\u003cp\u003eOMB Circulars are a series of guidance documents issued by the Office of Management and Budget (OMB) of the United States federal government. They provide instructions, requirements, and policies for federal agencies in specific areas of financial management, budgeting, procurement, grants management, and administrative operations.\u003c/p\u003e\u003ch3\u003eA-11\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/06/a11.pdf\"\u003ePreparation, Submission, and Execution of the Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/11/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GRPA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-19\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/Circular-019.pdf\"\u003eLegislative Coordination and Clearance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/20/1979\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Budget Control Act of 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-76\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A76/a76_incl_tech_correction.pdf\"\u003ePerformance of Commercial Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/14/2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFederal Procurement Policy Act\u003c/li\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eEO 11609\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-94\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/11/CircularA-94.pdf\"\u003eGuidelines and Discount Rates for Benefit-Cost Analysis of Federal Programs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Budget and Accounting Act of 1921\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-108\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A108/omb_circular_a-108.pdf\"\u003eFederal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/1975\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act (PRA)\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-123\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/omb/circulars_a123_rev\"\u003eManagements Responsibility for Internal Control\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/21/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eSarbanes-Oxley Act\u003c/li\u003e\u003cli\u003eFederal Managers' Financial Integrity Act\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-130\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf\"\u003eManaging Information as a Strategic Resource\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/28/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eE-Government Act\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003ePRA\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eDigital Accountability and Transparency Act\u003c/li\u003e\u003cli\u003eElectronic Signatures in Global and National Commerce Act\u003c/li\u003e\u003cli\u003eGovernment Paperwork Elimination Act\u003c/li\u003e\u003cli\u003eGPRA\u003c/li\u003e\u003cli\u003eOffice of Federal Procurement Policy Act\u003c/li\u003e\u003cli\u003eBudget and Accounting Procedures Act\u003c/li\u003e\u003cli\u003eChief Financial Officers Act\u003c/li\u003e\u003cli\u003eEO 13719\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-136\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2024/05/A-136-for-FY-2024.pdf\"\u003eFinancial Reporting Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/30/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eChief Financial Officers Act of 1990\u003c/li\u003e\u003cli\u003eGovernment Management Reform Act of 1994\u003c/li\u003e\u003cli\u003eAccountability of Tax Dollars Act of 2002\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eOMB Memos\u003c/h2\u003e\u003cp\u003eThe Office of Management and Budget (OMB) memoranda provide Federal agencies with instructions and implementation guidance for specific management priorities or legislative requirements. They provide annual updates, such as for FISMA reporting requirements, or have longer term guidance for agency implementation.\u003c/p\u003e\u003ch3\u003e2024\u003c/h3\u003e\u003ch4\u003eM-24-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/12/M-24-08-Strengthening-Digital-Accessibility-and-the-Management-of-Section-508-of-the-Rehabilitation-Act.pdf\"\u003eStrengthening Digital Accessibility and the Management of Section 508 of the Rehabilitation Act (digital)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/21/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Section 508 of the Rehabilitation Act\u003c/p\u003e\u003ch4\u003eM-24-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/12/M-24-04-FY24-FISMA-Guidance.pdf\"\u003eFiscal Year 2024 Guidance on Federal Information Security and Privacy Management Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/4/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-24-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/10/M-24-02-Buy-America-Implementation-Guidance-Update.pdf\"\u003eImplementation Guidance on Application of Buy America Preference in Federal Financial Assistance Programs for Infrastructure\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/25/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Buy America Act\u003c/p\u003e\u003ch3\u003e2023\u003c/h3\u003e\u003ch4\u003eM-23-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/09/M-23-22-Delivering-a-Digital-First-Public-Experience.pdf\"\u003eDelivering a Digital-First Public Experience (digital)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/22/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e 21st Century Integrated Digital Experience Act\u003c/p\u003e\u003ch4\u003eM-23-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/08/M-23-20.pdf\"\u003eMulti-Agency Research and Development Priorities for the FY 2025 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/17/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-23-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-18-Administration-Cybersecurity-Priorities-for-the-FY-2025-Budget-s.pdf\"\u003eAdministration Cybersecurity Priorities for the FY 2025 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/27/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e National Cybersecurity Strategy (NCS)\u003c/p\u003e\u003ch4\u003eM-23-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-16-Update-to-M-22-18-Enhancing-Software-Security.pdf\"\u003eUpdate to Memorandum M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements: \u003c/strong\u003eE.O. 14028\u003c/p\u003e\u003ch4\u003eM-23-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/02/M-23-13-No-TikTok-on-Government-Devices-Implementation-Guidance_final.pdf\"\u003e“No TikTok on Government Devices” Implementation Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/27/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e No Tiktok on Government Devices\u003c/p\u003e\u003ch4\u003eM-23-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/02/M-23-10-DOTGOV-Act-Guidance.pdf\"\u003eThe Registration and Use of .gov Domains in the Federal Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/8/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e DOTGOV Online Trust in Government Act of 2020\u003c/p\u003e\u003ch4\u003eM-23-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/12/M_23_07-M-Memo-Electronic-Records_final.pdf\"\u003eUpdate to Transition to Electronic Records\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/23/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-23-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/11/M-23-02-M-Memo-on-Migrating-to-Post-Quantum-Cryptography.pdf\"\u003eMigrating to Post-Quantum Cryptography\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/18/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2022\u003c/h3\u003e\u003ch4\u003eM-22-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/09/M-22-18.pdf\"\u003eEnhancing the Security of the Software Supply Chain through Secure Software Development Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/14/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-22-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/07/M-22-16.pdf\"\u003eAdministration Cybersecurity Priorities for the FY 2024 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/22/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch4\u003eM-22-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/07/M-22-15.pdf\"\u003eMulti-Agency Research and Development Priorities for the FY 2024 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/22/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-22-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf\"\u003eMoving the U.S. Government Toward Zero Trust Cybersecurity Principles\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/26/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-22-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/12/M-22-04-IG-Cooperation.pdf\"\u003ePromoting Accountability through Cooperation among Agencies and Inspectors General\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/3/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e IG Act\u003c/p\u003e\u003ch4\u003eM-22-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/10/M-22-01.pdf\"\u003eImproving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Systems through Endpoint Detection and Response\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/8/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch3\u003e2021\u003c/h3\u003e\u003ch4\u003eM-21-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/07/M-21-32-Multi-Agency-Research-and-Development-Prioirties-for-FY-2023-Budget-.pdf\"\u003eMulti-Agency Research and Development Priorities for the FY 2023 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/27/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-21-31\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf\"\u003eImproving the Federal Governments Investigative and Remediation Capabilities Related to Cybersecurity Incident\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/27/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch4\u003eM-21-30\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-30.pdf\"\u003eProtecting Critical Software Through Enhanced Security Measures\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/10/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch4\u003eM-21-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-07.pdf\"\u003eCompleting the Transition to Internet Protocol Version 6 (IPv6)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/19/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FAR\u003c/p\u003e\u003ch4\u003eM-21-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-06.pdf\"\u003eGuidance for Regulation of Artificial Intelligence Applications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/17/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 13859\u003c/p\u003e\u003ch4\u003eM-21-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-05.pdf\"\u003eExtension of Data Center Optimization Initiative (DCOI)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/13/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch4\u003eM-21-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-04.pdf\"\u003eModernizing Access to and Consent for Disclosure of Records Subject to the Privacy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/12/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e The Privacy Act of 1974\u003c/p\u003e\u003ch3\u003e2020\u003c/h3\u003e\u003ch4\u003eM-20-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/09/M-20-32.pdf\"\u003eImproving Vulnerability Identification, Management, and Remediation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/2/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA\u003c/p\u003e\u003ch4\u003eM-20-29\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/08/M-20-29.pdf\"\u003eR \u0026amp; D Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/14/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-20-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/03/M-20-19.pdf\"\u003eHarnessing Technology to Support Mission Continuity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/22/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-20-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/11/M-20-04.pdf\"\u003eFiscal Year 2019-2020 Guidance on Federal Information Security and Privacy Management Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/19/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2019\u003c/h3\u003e\u003ch4\u003eM-19-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/09/M-19-26.pdf\"\u003eUpdate to the Trusted Internet Connections (TIC) Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/12/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-19-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/08/M-19-21-new-2.pdf\"\u003eTransition of Electronic Records\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/28/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e NARA\u003c/p\u003e\u003ch4\u003eM-19-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/06/M-19-19-Data-Centers.pdf\"\u003eUpdate to Data Center Optimization Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/25/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch4\u003eM-19-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/06/M-19-18.pdf\"\u003eFederal Data Strategy A Framework for Consistency\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/4/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-19-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/05/M-19-17.pdf\"\u003eEnabling Mission Delivery through Improved Identity, Credential, and Access Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/21/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-19-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/02/M-19-10.pdf\"\u003eGuidance for Achieving Interoperability with the National Freedom of Information Act (FOIA) Portal on FOIA.gov\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/12/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FOIA\u003c/p\u003e\u003ch4\u003eM-19-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/12/M-19-03.pdf\"\u003eStrengthening the Cybersecurity of Federal Agencies by enhancing the High Value Asset Program\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/10/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e High Value Asset (HVA) program\u003c/p\u003e\u003ch4\u003eM-19-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/10/M-19-02.pdf\"\u003eFiscal Year 2018-2019 Guidance on Federal Information Security and Privacy Management Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/25/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-19-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/10/M-19-01.pdf\"\u003eRequest for Agency Feedback on the Federal Data Strategy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/16/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Federal Data Strategy\u003c/p\u003e\u003ch3\u003e2018\u003c/h3\u003e\u003ch4\u003eM-18-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/09/M-18-26.pdf\"\u003eIncentivizing Workforce Participation and Expanding Recruitment Sources for the 2020 Decennial Census\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/28/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-18-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/07/M-18-22.pdf\"\u003eFY 2020 Administration Research and Development Budget Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/31/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-18-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/06/M-18-20.pdf\"\u003eAppendix C to OMB Circular No. A-123, Requirements for Payment Integrity Improvement\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/26/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch3\u003e2017\u003c/h3\u003e\u003ch4\u003eM-17-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-32.pdf\"\u003eTravel on Government-Owned Rented, Leased or Chartered Aircraft\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/29/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-126\u003c/p\u003e\u003ch4\u003eM-17-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-25.pdf\"\u003eReporting Guidance for Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/19/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-17-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-23.pdf\"\u003eGuidance on Regulatory Reform Accountability under Executive Order 13777, titled “Enforcing the Regulatory Reform Agenda”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/28/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13777\u003c/p\u003e\u003ch4\u003eM-17-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-22.pdf\"\u003eComprehensive Plan for Reforming the Federal Government and Reducing the Federal Civilian Workforce\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/12/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GPRA Modernization Act of 2010\u003c/p\u003e\u003ch4\u003eM-17-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-21-OMB.pdf\"\u003eImplementing Executive Order 13771, Titled “Reducing Regulation and Controlling Regulatory Costs”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/5/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13771\u003c/p\u003e\u003ch4\u003eM-17-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-19-OMB.pdf\"\u003eLegislative Coordination and Clearance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/28/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-19\u003c/p\u003e\u003ch4\u003eM-17-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-15.pdf\"\u003eRescission of Memoranda Relating to Identity Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/19/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-17-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-12_0.pdf\"\u003ePreparing for and Responding to a Breach of Personally Identifiable Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/3/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-17-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-09.pdf\"\u003eManagement of Federal High Value Assets\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/9/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eB.O.D. 18-02\u003c/li\u003e\u003cli\u003eHHS HVA Program\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-17-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-04.pdf\"\u003eAdditional Guidance for Data Act Implementation: Further Requirements For Reporting And Assuring Data Reliability\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/4/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e DATA Act\u003c/p\u003e\u003ch4\u003eM-17-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-03.pdf\"\u003eInstitutionalizing Hiring Excellence To Achieve Mission Outcomes\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/1/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda (PMA) Cross Agency Priority (CAP)\u003c/p\u003e\u003ch4\u003eM-17-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-02.pdf\"\u003ePrecision Medicine Initiative Privacy and Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/21/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eGenetic Information Nondiscrimination Act\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2016\u003c/h3\u003e\u003ch4\u003eM-16-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_24_0.pdf\"\u003eRole and Designation of Senior Agency Officials for Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/15/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13719\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-16-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_23.pdf\"\u003ePrioritizing Federal Investments in Promise Zones\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/2/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-16-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_21.pdf\"\u003eFederal Source Code Policy: Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/8/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger Cohen Act\u003c/p\u003e\u003ch4\u003eM-16-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-17.pdf\"\u003eOMB Circular No. A-123, Managements Responsibility for Enterprise Risk Management and Internal Control\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/15/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-16-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-15.pdf\"\u003eFederal Cybersecurity Workforce Strategy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/12/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-16-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-14.pdf\"\u003eCategory Management Policy 16-2: Providing Comprehensive Identity Protection Services, Identity Monitoring, and Data Breach Response\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-16-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-12_1.pdf\"\u003eCategory Management Policy 16-1: Improving the Acquisition and Management of Common Information Technology: Software Licensing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/2/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GAO 14-413\u003c/p\u003e\u003ch4\u003eM-16-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-11.pdf\"\u003eImproving Administrative Functions Through Shared Services\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/4/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Federal Cloud Computing Strategy - Cloud Smart\u003c/p\u003e\u003ch4\u003eM-16-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-08.pdf\"\u003eEstablishment of the Core Federal Services Council\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/30/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda (PMA) Cross Agency Priority (CAP)\u003c/p\u003e\u003ch4\u003eM-16-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-04.pdf\"\u003eCybersecurity Strategy and Implementation Plan (CSIP) for the Federal Civilian Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/30/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-16-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-02.pdf\"\u003eCategory Management Policy 15-1: Improving the Acquisition and Management of Common Information Technology: Laptops and Desktops\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/16/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch3\u003e2015\u003c/h3\u003e\u003ch4\u003eM-15-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-18.pdf\"\u003eFiscal Year 2017 Budget Guidance for Countering Biological Threats Resource Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/9/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e PPD-2\u003c/p\u003e\u003ch4\u003eM-15-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-16.pdf\"\u003eMulti-Agency Science and Technology Priorities for the FY 2017 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/9/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-15-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-15.pdf\"\u003eImproving Statistical Activities through Interagency Collaboration\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/8/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Economy Act\u003c/p\u003e\u003ch4\u003eM-15-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-14.pdf\"\u003eManagement and Oversight of Federal Information Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/10/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch4\u003eM-15-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-13.pdf\"\u003ePolicy to Require Secure Connections across Federal Websites and Web Services\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/8/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-15-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-11.pdf\"\u003eFiscal Year 2017 Budget Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/1/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDATA Act\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-15-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-09.pdf\"\u003eGuidance on Implementing the Federal Customer Service Awards Program\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/19/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13571\u003c/p\u003e\u003ch4\u003eM-15-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-07.pdf\"\u003eEstablishment of a Diversity and Inclusion in Government Council\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/6/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13583\u003c/p\u003e\u003ch4\u003eM-15-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-02.pdf\"\u003eAppendix C to Circular No. A-123, Requirements for Effective Estimation and Remediation of Improper Payments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/20/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch3\u003e2014\u003c/h3\u003e\u003ch4\u003eM-14-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-17.pdf\"\u003eMetrics for Uniform Guidance (2 C.F.R. 200\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/30/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13520\u003c/p\u003e\u003ch4\u003eM-14-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-16.pdf\"\u003eGuidance on Managing Email\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/15/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Managing Government Records Directive of 2012\u003c/p\u003e\u003ch4\u003eM-14-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-15.pdf\"\u003eEnsuring That Employment and Training Programs Are Job-Driven\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/22/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-14.pdf\"\u003eFiscal Year 2016 Budget Guidance for Countering Biological Threats Resource Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e PPD-2\u003c/p\u003e\u003ch4\u003eM-14-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/M-14-13.pdf\"\u003eFiscal Year 2016 Budget Guidance for Combating Antibiotic Resistant Bacteria Resource Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e PPD-1\u003c/p\u003e\u003ch4\u003eM-14-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-12.pdf\"\u003eManagement Agenda Priorities for the FY 2016 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-11.pdf\"\u003eScience and Technology Priorities for FY 2016 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-06.pdf\"\u003eGuidance for Providing and Using Administrative Data for Statistical Purposes\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/14/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-04.pdf\"\u003eFiscal Year 2013 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/18/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-14-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-03.pdf\"\u003eEnhancing the Security of Federal Information and Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/1/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GPRA Modernization Act 0f 2010\u003c/p\u003e\u003ch3\u003e2013\u003c/h3\u003e\u003ch4\u003eM-13-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-20.pdf\"\u003eProtecting Privacy while Reducing Improper Payments with the Do Not Pay Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/16/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIPERIA 2012\u003c/li\u003e\u003cli\u003eDo Not Pay (DNP) Initiative\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-13-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-17.pdf\"\u003eNext Steps in the Evidence and Innovation Agenda\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/26/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-13-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-16.pdf\"\u003eScience and Technology Priorities for the FY 2015 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/26/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-13-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-13.pdf\"\u003eOpen Data Policy Managing Information as an Asset\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/9/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13642\u003c/p\u003e\u003ch4\u003eM-13-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-10.pdf\"\u003eAntideficiency Act Implications of Certain Online Terms of Service Agreements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/4/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Antideficiency Act\u003c/p\u003e\u003ch4\u003eM-13-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-09.pdf\"\u003eFiscal Year 2013 PortfolioStat Guidance: Strengthening Federal IT Portfolio Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/27/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-13-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-06.pdf\"\u003eIssuance of the Sequestration Order Pursuant To Section 251A of the Balanced Budget and Emergency Deficit Control Act of 1985, as Amended\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/1/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Budget Control Act of 2011\u003c/p\u003e\u003ch4\u003eM-13-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-02_0.pdf\"\u003eImproving Acquisition through Strategic Sourcing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/5/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e2012\u003c/h3\u003e\u003ch4\u003eM-12-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-20.pdf\"\u003eFY 2012 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/27/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-12-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-18.pdf\"\u003eManaging Government Records Directive\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/24/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidential Memorandum - Managing Government Records\u003c/p\u003e\u003ch4\u003eM-12-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-15.pdf\"\u003eScience and Technology Priorities for the FY 2014 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/6/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-12-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-14_1.pdf\"\u003eUse of Evidence and Evaluation in the 2014 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/18/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-12-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-12_0.pdf\"\u003ePromoting Efficient Spending to Support Agency Operations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/11/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13589\u003c/p\u003e\u003ch4\u003eM-12-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-11_1.pdf\"\u003eReducing Improper Payments through the “Do Not Pay List”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/12/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13520\u003c/p\u003e\u003ch4\u003eM-12-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-09_0.pdf\"\u003eFederal Activities Inventory Reform (FAIR) Act Submission for Fiscal Year 2012\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/26/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-12-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-01.pdf\"\u003eCreation of the Council on Financial Assistance Reform\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/27/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13576\u003c/p\u003e\u003ch3\u003e2011\u003c/h3\u003e\u003ch4\u003eM-11-33\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-33.pdf\"\u003eFY 2011 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/14/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-11-27\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-27.pdf\"\u003eImplementing the Telework Enhancement Act of 2010: Security Guidelines\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/15/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Telework Enhancement Act of 2010\u003c/p\u003e\u003ch4\u003eM-11-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-26.pdf\"\u003eNew Fast-Track Process for Collecting Service Delivery Feedback Under the Paperwork Reduction Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/15/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003eM-11-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-21.pdf\"\u003eImplementing the Presidential Memorandum “Administrative Flexibility, Lower Costs, and Better Results for State, Local, and Tribal Governments”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/29/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidential Memorandum - Administrative Flexibility\u003c/p\u003e\u003ch4\u003eM-11-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-16.pdf\"\u003e2011 Issuance of Revised Parts I and II to Appendix C of OMB Circular A-123\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/14/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-11-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-15.pdf\"\u003e2011 Final Guidance on Implementing the Plain Writing Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/13/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Plain Writing Act of 2010\u003c/p\u003e\u003ch4\u003eM-11-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-11.pdf\"\u003eContinued Implementation of Homeland Security Presidential Directive (HSPD) 12Policy for a Common Identification Standard for Federal Employees and Contractors\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/3/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-11-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-08.pdf\"\u003eInitial Assessments of Safeguarding and Counterintelligence Postures for Classified National Security Information in Automated Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/3/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13526\u003c/p\u003e\u003ch4\u003eM-11-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-04.pdf\"\u003eIncreasing Efforts to Recapture Improper Payments by Intensifying and Expanding Payment Recapture Audits\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/16/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e IPERIA 2012\u003c/p\u003e\u003ch4\u003eM-11-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-02.pdf\"\u003eSharing Data While Protecting Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/3/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Privacy Act of 1974\u003c/p\u003e\u003ch4\u003eM-11-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-01.pdf\"\u003ePilot Projects for the Partnership Fund for Program Integrity Innovation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/19/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Consolidated Appropriations Act of 2010\u003c/p\u003e\u003ch3\u003e2010\u003c/h3\u003e\u003ch4\u003eM-10-34\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-34.pdf\"\u003eUpdated Guidance on the American Recovery and Reinvestment Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/24/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-30\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-30.pdf\"\u003eScience and Technology Priorities for the FY 2012 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-10-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m-10-26.pdf\"\u003eImmediate Review of Financial Systems IT Projects\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/28/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-10-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-23.pdf\"\u003eGuidance for Agency Use of Third-Party Websites and Applications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/25/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003eM-10-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-22.pdf\"\u003eGuidance for Online Use of Web Measurement and Customization Technologies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/25/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB M-10-06\u003c/p\u003e\u003ch4\u003eM-10-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-21.pdf\"\u003eDeveloping Effective Place-Based Policies for the FY 2012 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/21/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-10-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-16.pdf\"\u003eGrants.gov Return to Normal Operations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/23/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-14.pdf\"\u003eUpdated Guidance on the American Recovery and Reinvestment Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/22/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-13.pdf\"\u003eIssuance of Part III to OMB Circular A-123, Appendix C\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/22/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-10-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-10.pdf\"\u003eFederal Agency Coordination on Health Information Technology (HIT)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/19/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HITECH\u003c/p\u003e\u003ch4\u003eM-10-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-03.pdf\"\u003ePayments to State Grantees for their Administrative Costs for Recovery Act Funding Alternative Allocation Methodologies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/13/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-01.pdf\"\u003eIncreased Emphasis on Program Evaluations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/7/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e2009\u003c/h3\u003e\u003ch4\u003eM-09-33\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-33.pdf\"\u003eTechnical Amendments to OMB Bulletin No. 07-04, Audit Requirements for Federal Financial Statements\u003c/a\u003e\u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-01.pdf\"\u003eIncreased Emphasis on Program Evaluations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/23/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-136\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-09-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-32.pdf\"\u003eUpdate on the Trusted Internet Connections Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/16/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch4\u003eM-09-27\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-27.pdf\"\u003eScience and Technology Priorities for the FY 2011 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/4/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-09-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-18.pdf\"\u003ePayments to State Grantees for Administrative Costs of Recovery Act Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/11/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-17.pdf\"\u003eImproving Grants.gov\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/8/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-15.pdf\"\u003eUpdated Implementing Guidance for the American Recovery and Reinvestment Act of 2009\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/3/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-14.pdf\"\u003eRecovery Act Implementation Improving Grants.gov and Other Critical Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/9/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-14.pdf\"\u003eRecovery Act Implementation Improving Grants.gov and Other Critical Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/9/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-10.pdf\"\u003eInitial Implementing Guidance for the American Recovery and Reinvestment Act of 2009\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/18/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch3\u003e2008\u003c/h3\u003e\u003ch4\u003eM-08-27\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-27.pdf\"\u003eGuidance for Trusted Internet Connection (TIC) Compliance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/30/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch4\u003eM-08-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-25.pdf\"\u003eGuidance for Completing FY 2008 Financial and Performance Reports\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/252008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-08-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-24.pdf\"\u003eTechnical Amendments to OMB Bulletin No. 07-04, Audit Requirements for Federal Financial Statements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB Bulletin No. 07-04\u003c/p\u003e\u003ch4\u003eM-08-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-16.pdf\"\u003eGuidance for Trusted Internet Connection Statement of Capability Form (SOC)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/4/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch4\u003eM-08-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-15.pdf\"\u003eTools Available for Implementing Electronic Records Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/31/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-08-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-14.pdf\"\u003e2008 Inventories of Commercial and Inherently Governmental Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/26/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-08-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-13.pdf\"\u003eUpdate to Civilian Position Full Fringe Benefit Cost Factor, Federal Pay Raise Assumptions, and Inflation Factors used in OMB Circular No. A-76, “Performance of Commercial Activities”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/11/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements: \u003c/strong\u003eOMB A-76\u003c/p\u003e\u003ch4\u003eM-08-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-11.pdf\"\u003eCompetitive Sourcing Requirements in Division D of Public Law 110-161\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/20/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Consolidated Appropriations Act of 2010\u003c/p\u003e\u003ch4\u003eM-08-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-09.pdf\"\u003eNew FISMA Privacy Reporting Requirements for FY 2008\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/18/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-08-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-05.pdf\"\u003eImplementation of Trusted Internet Connections (TIC)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/20/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch3\u003e2007\u003c/h3\u003e\u003ch4\u003eM-07-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-25.pdf\"\u003eBioShield Procurement Approval Anthrax Vaccine Adsorbed\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/20/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eProject BioShield Act of 2004\u003c/li\u003e\u003cli\u003ePublic Health Service Act\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-07-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-24.pdf\"\u003eUpdated Principles for Risk Analysis\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/19/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB Memorandum - Principles for Risk Analysis\u003c/p\u003e\u003ch4\u003eM-07-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-23.pdf\"\u003eRequiring Agency Use of the International Trade Data System\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/10/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13439\u003c/p\u003e\u003ch4\u003eM-07-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-21.pdf\"\u003eVerifying the Employment Eligibility of Federal Employees\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/10/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-07-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-20.pdf\"\u003eFY 2007 E-Government Act Reporting Instructions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/14/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-07-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-18.pdf\"\u003eEnsuring New Acquisitions Include Common Security Configurations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/1/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-07-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-16.pdf\"\u003eSafeguarding Against and Responding to the Breach of Personally Identifiable Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/22/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/business_migrations.pdf\"\u003eCompetition Framework for Human Resources Management Line of Business Migrations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/18/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-07-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-14.pdf\"\u003e2007 Inventories of Commercial and Inherently Governmental Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/3/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-07-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-02.pdf\"\u003eUpdate to Civilian Position Full Fringe Benefit Cost Factor, Federal Pay Raise Assumptions, Inflation Factors, and Tax Rates used in OMB Circular No. A-76, “Performance of Commercial Activities”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/31/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-76\u003c/p\u003e\u003ch3\u003e2006\u003c/h3\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/task_force_theft_memo.pdf\"\u003eRecommendations for Identity Theft Related Data Breach Notification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/20/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13402\u003c/p\u003e\u003ch4\u003eM-06-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-25.pdf\"\u003eFY 2006 E-Government Act Reporting Instructions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-06-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-21.pdf\"\u003eReciprocal Recognition of Existing Personnel Security Clearances\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/17/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 12958\u003c/p\u003e\u003ch4\u003eM-06-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-19.pdf\"\u003eReporting Incidents Involving Personally Identifiable Information Incorporating the Cost for Security in Agency Information Technology Investments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/12/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-06-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-18.pdf\"\u003eAcquisition of Products and Services for Implementation of HSPD-12\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/30/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-06-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m-06-15.pdf\"\u003eSafeguarding Personally Identifiable Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/22/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Privacy Act of 1974\u003c/p\u003e\u003ch4\u003eM-06-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-12.pdf\"\u003eFollow-up Memorandum on “Implementation of the Presidents Executive Order “Improving Agency Disclosure of Information”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/13/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FOIA\u003c/p\u003e\u003ch4\u003eM-06-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-06.pdf\"\u003eSample Privacy Documents for Agency Implementation of Homeland Security Presidential Directive (HSPD) 12\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/17/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-06-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-04.pdf\"\u003eImplementation of the Presidents Executive Order “Improving Agency Disclosure of Information”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/30/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FOIA\u003c/p\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/reciprocal121205.pdf\"\u003eReciprocal Recognition of Existing Personnel Security Clearances\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/12/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Intelligence Reform and Terrorism Prevention Act of 2004\u003c/p\u003e\u003ch4\u003eM-06-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-02.pdf\"\u003eImproving Public Access to and Dissemination of Government Information and Using the Federal Enterprise Architecture Data Reference Model\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/16/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2005\u003c/h3\u003e\u003ch4\u003eM-05-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-25.pdf\"\u003eSmartBUY Agreement with Oracle\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-05-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-24.pdf\"\u003eImplementation of Homeland Security Presidential Directive (HSPD) 12 Policy for a Common Identification Standard for Federal Employees and Contractors\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-05-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-23.pdf\"\u003eImproving Information Technology (IT) Project Planning and Execution\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/4/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-05-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-22.pdf\"\u003eTransition Planning for Internet Protocol Version 6 (IPv6)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/2/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GAO 05-471\u003c/p\u003e\u003ch4\u003eM-05-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-17.pdf\"\u003eAllocation of Responsibilities For Security Clearances Under the Executive Order, Strengthening Processes Relating to Determining Eligibility for Access to Classified National Security Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/30/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13381\u003c/p\u003e\u003ch4\u003eM-05-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-16.pdf\"\u003eRegulation on Maintaining Telecommunication Services During a Crisis or Emergency in Federally-owned Buildings\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/30/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Section 414 of the Transportation, Treasury, Independent Agencies, and General Government Appropriations Act\u003c/p\u003e\u003ch4\u003eM-05-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-08.pdf\"\u003eDesignation of Senior Agency Officials for Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/11/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Privacy Act of 1974\u003c/p\u003e\u003ch4\u003eM-05-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-05.pdf\"\u003eElectronic Signatures: How to Mitigate the Risk of Commercial Managed Services\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/20/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-05-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-04.pdf\"\u003ePolicies for Federal Agency Public Websites\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/17/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch3\u003e2004\u003c/h3\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-25_template.xls\"\u003eSection E — FY04 FISMA Reporting Template\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-04-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/omb/memoranda_fy04_m04-24/\"\u003eExpanded Electronic Government (E-Gov) Presidents Management Agenda (PMA) Scorecard Cost, Schedule and Performance Standard for Success\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/23/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda - Expanded Electronic Government (E-Gov) Initiative\u003c/p\u003e\u003ch4\u003eM-04-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-19.pdf\"\u003eInformation Technology (IT) Project Manager (PM) Qualification Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/21/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-04-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m-04-18.pdf\"\u003eMedicare Modernization Act and Federal Programs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/19/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Medicare Prescription Drug, Improvement, and Modernization Act (MMA)\u003c/p\u003e\u003ch4\u003eM-04-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2004-M-04-16-Software-Acquisition-.pdf\"\u003eSoftware Acquisition\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-04-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m-04-15.pdf\"\u003eDevelopment of Homeland Security Presidential Directive(HSPD) 7 Critical Infrastructure Protection Plans to Protect Federal Critical Infrastructures and Key Resources\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/17/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-04-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-08.pdf\"\u003eMaximizing Use of SmartBuy and Avoiding Duplication of Agency Activities with the Presidents 24 E-Gov Initiatives\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/25/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda - Expanded Electronic Government (E-Gov) Initiative\u003c/p\u003e\u003ch4\u003eM-04-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-04.pdf\"\u003eE-Authentication Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/16/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003ePaperwork Elimination Act of 1998\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2003\u003c/h3\u003e\u003ch4\u003eM-03-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/203-M-03-22-OMB-Guidance-for-Implementing-the-Privacy-Provisions-of-the-E-Government-Act-of-2002-1.pdf\"\u003eOMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/16/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-03-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2003/m03-18.pdf\"\u003eImplementation Guidance for the E-Government Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/1/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-03-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2003-M-03-04-Determination-Orders-Organizing-the-Department-of-Homeland-Security-1.pdf\"\u003eDetermination Orders Organizing the Department of Homeland Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/7/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Public Law 107-296 - Establishing the Department of Homeland Security\u003c/p\u003e\u003ch3\u003e2002\u003c/h3\u003e\u003ch4\u003eM-02-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2002/m02-14.pdf\"\u003eAdditional Information Requirements for Overseas Combating Terrorism and Homeland Security for the FY 2004 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/8/2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-02-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2002/m02-11.pdf\"\u003eDepartment of Homeland Security Transition Issues\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/16/2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Public Law 107-296 - Establishing the Department of Homeland Security\u003c/p\u003e\u003ch4\u003eM-02-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2002-M-02-01-Guidance-for-Preparing-and-Submitting-Security-Plans-of-Action-and-Milestones-1.pdf\"\u003eGuidance for Preparing and Submitting Security Plans of Action and Milestones\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/17/2001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Government Information Security Reform Act\u003c/p\u003e\u003ch3\u003e2001\u003c/h3\u003e\u003ch4\u003eM-01-28\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2001-M-01-28-Citizen-Centered-E-Government-Developing-the-Action-Plan.pdf\"\u003eCitizen-Centered E-Government: Developing the Action Plan\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e President Management Agenda - e-Government\u003c/p\u003e\u003ch4\u003eM-01-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2001-M-01-05-Guidance-on-Inter-Agency-Sharing-of-Personal-Data-Protecting-Personal-Privacy.pdf\"\u003eGuidance on Inter-Agency Sharing of Personal Data Protecting Personal Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/20/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Computer Matching and Privacy Protection Act\u003c/p\u003e\u003ch3\u003e2000\u003c/h3\u003e\u003ch4\u003eM-00-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-15-OMB-Guidance-on-Implementing-the-Electronic-Signatures-in-Global-and-National-Commerce-Act.pdf\"\u003eOMB Guidance on Implementing the Electronic Signatures in Global and National Commerce Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/25/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Sign Act\u003c/p\u003e\u003ch4\u003eM-00-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-13-Privacy-Policies-and-Data-Collection-on-Federal-Web-Sites.pdf\"\u003ePrivacy Policies and Data Collection on Federal Web Sites\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/22/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eChildrens Online Privacy Protection Act\u003c/li\u003e\u003cli\u003ePrivacy Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-00-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-10-OMB-Procedures-and-Guidance-on-Implementing-the-Government-Paperwork-Elimination-Act.pdf\"\u003eOMB Procedures and Guidance on Implementing the Government Paperwork Elimination Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/25/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003eM-00-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-03-Reporting-Y2K-Compliance-of-Non-mission-Critical-Systems.pdf\"\u003eReporting Y2K Compliance of Non-mission Critical Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/10/1999\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e1999\u003c/h3\u003e\u003ch4\u003eM-99-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1999-M-99-18-Privacy-Policies-on-Federal-Web-Sites.pdf\"\u003ePrivacy Policies on Federal Web Sites\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/2/1999\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-99-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1999-M-99-01-New-Statutory-Language-on-Paperwork-Reduction-FY-1999-ICB.pdf\"\u003eNew Statutory Language on Paperwork Reduction FY 1999 ICB\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/16/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003e1998\u003c/h4\u003e\u003ch4\u003eM-98-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1995-1998-M-98-14-Comprehensive-Plans-and-Associated-Funding-Requirements-for-Achieving-Year-2000-Computer-Compliance.pdf\"\u003eComprehensive Plans and Associated Funding Requirements for Achieving Year 2000 Computer Compliance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/13/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-11\u003c/p\u003e\u003ch4\u003eM-98-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1995-1998-M-98-09-Updated-Guidance-on-Developing-a-Handbook-for-Individuals-Seeking-Access-of-Public-Information.pdf\"\u003eUpdated Guidance on Developing a Handbook for Individuals Seeking Access of Public Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/23/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eElectronic Freedom of Information Act Amendments of 1996\u003c/li\u003e\u003cli\u003eFOIA\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-98-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1998-M-98-04-Annual-Performance-Plans-Required-by-the-Government-Performance-and-Results-Act-GPRA.pdf\"\u003eAnnual Performance Plans Required by the Government Performance and Results Act (GPRA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/29/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GPRA Modernization Act of 2010\u003c/p\u003e\u003ch3\u003e1997\u003c/h3\u003e\u003ch4\u003eM-97-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/1995-1998/m97-15.pdf\"\u003eLocal Telecommunications Services Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/12/1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch4\u003eM-97-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-09-Interagency-Support-for-Information-Technology.pdf\"\u003eInteragency Support for Information Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/10/1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch4\u003eM-97-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-07-Multiagency-Contracts-Under-the-Information-Technology-Management-Reform-Act-of-1996.pdf\"\u003eMultiagency Contracts Under the Information Technology Management Reform Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/26/1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch4\u003eM-97-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-02-Funding-Information-Systems-Investments.pdf\"\u003eFunding Information Systems Investments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/25/1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eGPRA Modernization Act of 2010\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e1996\u003c/h3\u003e\u003ch4\u003eM-96-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1996-M-96-20-Implementation-of-the-Information-Technology-Management-Reform-Act-of-1996.pdf\"\u003eImplementation of the Information Technology Management Reform Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/4/1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch3\u003e1995\u003c/h3\u003e\u003ch4\u003eM-95-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/1995-1998/m95-17.pdf\"\u003eContingency Planning for Agency Operations in Fiscal Year 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/17/1995\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch2\u003eHHS Policies, Standards, Memorandum, and Guides\u003c/h2\u003e\u003ch3\u003eHHS Policies\u003c/h3\u003e\u003cp\u003eThe HHS Cybersecurity Program develops policies, standards, memoranda, guides, and standard operating procedures. They are collectively referred to as policy documents. HHS policy documents help to apply Federal legislation, OMB regulations, NIST standards, and U.S. Computer Emergency Readiness Team (US-CERT) guidelines in the context of the HHS environment, thus standardizing the implementation of information security and privacy practices across the Department.\u003c/p\u003e\u003cp\u003eNOTE: The HHS Polices can be found at \u003cem\u003ehttp://intranet.hhs.gov/working-at-hhs/cybersecurity/ocio-policies\u003c/em\u003e and are only accessible through the HHS intranet/CMS network and cannot be accessed with a public internet connection.\u003c/p\u003e\u003ch4\u003eCybersecurity Awareness and Training\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2024-03-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Identifies the baseline requirements for providing HHS personnel with the requirements for Awareness Training and of their responsibility to help protect the confidentiality, integrity, and availability of HHS information systems and data\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/role-based-training-rbt\"\u003eCyberGeek - Role Based Training (RBT)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-2-awareness-and-training\"\u003eCyberGeek - Risk Management Handbook (RMH) Chapter 2: Awareness \u0026amp; Training (AT)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e5 CFR 930.301\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS Policy for Information Security and Privacy Protection (IS2P)\u003c/li\u003e\u003cli\u003eNIST S.P. 800-16\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-50\u003c/li\u003e\u003cli\u003eNIST SP 800-181 rev 1\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRecords Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-CDO-2024-02-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the principles, responsibilities, and requirements for managing HHS records\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 2/1/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003eCMS Records and Information Management Program\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B\u003c/li\u003e\u003cli\u003e32 CFR Part 2002\u003c/li\u003e\u003cli\u003e18 U.S. Code § 641\u003c/li\u003e\u003cli\u003e18 U.S. Code § 2071\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 2901-2910\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 3101-3107\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 3106\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 3301-3324\u003c/li\u003e\u003cli\u003e44 U.S. Code § 3301\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eFederal Rules of Civil Procedures\u003c/li\u003e\u003cli\u003eNARA Bulletin 2010-05\u003c/li\u003e\u003cli\u003eNARA Bulletin 2013-02\u003c/li\u003e\u003cli\u003eNARA Bulletin 2014-02\u003c/li\u003e\u003cli\u003eNARA Bulletin 2015-02\u003c/li\u003e\u003cli\u003eNARA Bulletin 2023-02\u003c/li\u003e\u003cli\u003eNARA Criteria for Successfully Managing Permanent Electronic Records\u003c/li\u003e\u003cli\u003eNARA Guidance on Records Management Language for Contracts\u003c/li\u003e\u003cli\u003eNARA Universal Electronic Records Management Requirements\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB M-19-21\u003c/li\u003e\u003cli\u003eOMB M-23-07\u003c/li\u003e\u003cli\u003eHHS Policy for Litigation Holds\u003c/li\u003e\u003cli\u003eHHS Policy for Rules of Behavior for Use of Information and IT Resources\u003c/li\u003e\u003cli\u003eHHS Policy for Mobile Devices and Removable Media\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePrivacy Impact Assessments\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2023-09-005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Set forth the minimum HHS Privacy Threshold Analysis (PTA), PIA, and Internal PIA requirements, as well as accompanying approval and publication processes\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/privacy-impact-assessment-pia\"\u003eCyberGeek - Privacy Impact Assessment (PIA)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS Policy for Information Security and Privacy Protection (IS2P)\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53 Rev. 5\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management v1.0\u003c/li\u003e\u003cli\u003eOMB Circular A-108\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eOMB M-17-06\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act (PRA)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eLitigation Holds\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-CDO-2023-08-004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish that HHS takes all reasonable steps to preserve potentially relevant information in the possession, custody, or control of HHS when civil litigation has commenced or when there is reasonable anticipation of litigation\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/10/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Litigation Holds and Essential Records Program\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B §§ 1220.30-1220.34\u003c/li\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B §§ 1230.1-1230.18\u003c/li\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B §§ 1236.2-1236.36\u003c/li\u003e\u003cli\u003e18 USC § 641\u003c/li\u003e\u003cli\u003e18 USC § 2071\u003c/li\u003e\u003cli\u003e44 USC §§ 2071-2120\u003c/li\u003e\u003cli\u003e44 USC §§ 2901-2912\u003c/li\u003e\u003cli\u003e44 USC §§ 3101-3107\u003c/li\u003e\u003cli\u003e44 USC §§ 3301-3314\u003c/li\u003e\u003cli\u003e44 USC §§ 3501-3583\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eDuty to Disclose, Rule 26\u003c/li\u003e\u003cli\u003eProducing Documents, Rule 34\u003c/li\u003e\u003cli\u003eFailure to Make Disclosures or to Cooperate in Discovery, Rule 37\u003c/li\u003e\u003cli\u003eDelivering Government Solutions in 21st Century\u003c/li\u003e\u003cli\u003eNARA 2010-05\u003c/li\u003e\u003cli\u003eNARA 2014-02\u003c/li\u003e\u003cli\u003eNARA 2015-02\u003c/li\u003e\u003cli\u003eNARA Criteria for Successfully Managing Permanent Electronic Records\u003c/li\u003e\u003cli\u003eNARA Guidance on Records Management Language for Contracts\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMA/NARA M-23-07\u003c/li\u003e\u003cli\u003ePublic Law 113-187\u003c/li\u003e\u003cli\u003eUniversal Electronic Records Management Requirements\u003c/li\u003e\u003cli\u003eNARA General Records Schedules\u003c/li\u003e\u003cli\u003eGeneral Record Schedule 6.1\u003c/li\u003e\u003cli\u003eHHS Implementing Email Records Management\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior for Use of Information and IT Resources\u003c/li\u003e\u003cli\u003eHHS Mobile Devices and Removable Media\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eData Loss Prevention\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2022-05-003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish comprehensive DLP requirements for HHS systems and information that are compliant with FISMA 2014, NIST S.P. 800-53, EO 14028\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/16/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eEO 13556\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHSS IS2P\u003c/li\u003e\u003cli\u003eNARA CUI Program\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB M-22-09\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRules of Behavior for Use of Information and IT Resources\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2023-02-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Defines the acceptable use of HHS information and IT resources and establishes the baseline requirements for developing Rules of Behavior that all users, including privileged users, are required to sign prior to accessing HHS information systems and resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 2/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/hhs-policy-rules-behavior-use-information-it-resources\"\u003eCyberGeek - HHS Policy for Rules of Behavior for Use of Information and IT Resources\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eNIST S.P. 800-18\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003ePublic Law § 115-232 889\u003c/li\u003e\u003cli\u003e5 USC § 552a\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eCommon Data Use Agreement (DUA) Structure and Repository\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-CDO-2023-01-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Defines a DUA as a document that establishes the terms and conditions under which the Data Provider will provide, and the Data Recipient will receive and use, the data covered under the Agreement, which is nonpublic, restricted HHS data shared for a limited government purpose\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/23/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/cms-data-use-agreement-dua\"\u003eCyberGeek - CMS Data Use Agreement (DUA)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e44 USC § 3520\u003c/li\u003e\u003cli\u003e44 USC § 3576\u003c/li\u003e\u003cli\u003eOMB M-14-06\u003c/li\u003e\u003cli\u003eOMB M-01-05\u003c/li\u003e\u003cli\u003eHHS Enterprise Data Management\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEncryption of Computing Devices and Information\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2022-12-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish comprehensive encryption requirements for HHS systems and information that are compliant with FISMA 2014, NIST S.P. 800-53, EO 14028, OMB M-22-09\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/9/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-15-13\u003c/li\u003e\u003cli\u003eOMB M-22-09\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSecuring AI Technology\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-12-007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensure secure implementation of AI technology within HHS, secure HHS networks and information, protect privacy, and address risks\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/14/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13859\u003c/li\u003e\u003cli\u003eEO 13960\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST Privacy Framework\u003c/li\u003e\u003cli\u003eNIST S.P. 800-167\u003c/li\u003e\u003cli\u003eNIST S.P. 800-94\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eDHS AI Using Standards to Mitigate Risks\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Security and Privacy Protection (IS2P)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-11-0006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish comprehensive security and privacy requirements for HHS systems and information that are compliant with FISMA 2014 and NIST S.P. 800-53\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/18/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eEO 13556\u003c/li\u003e\u003cli\u003eFERPA\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eBuy American Act\u003c/li\u003e\u003cli\u003eFASCSA 2018\u003c/li\u003e\u003cli\u003ePublic Law 115-232 § 889\u003c/li\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eHSPD-12\u003c/li\u003e\u003cli\u003eNARA\u003c/li\u003e\u003cli\u003eB.O.D 18-02\u003c/li\u003e\u003cli\u003eFIPS 140-2, 199, 200, 201-1\u003c/li\u003e\u003cli\u003eNIST S.P. 800-111\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST S.P. 800-144\u003c/li\u003e\u003cli\u003eNIST S.P. 800-152\u003c/li\u003e\u003cli\u003eNIST S.P. 800-171\u003c/li\u003e\u003cli\u003eNIST S.P. 800-175A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-175B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-46\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-79-2\u003c/li\u003e\u003cli\u003eNIST S.P. 800-88\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB Circular A-108\u003c/li\u003e\u003cli\u003eOMB M-02-01\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eOMB M-10-22\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-16-17\u003c/li\u003e\u003cli\u003eOMB M-14-03\u003c/li\u003e\u003cli\u003eOMB M-16-17\u003c/li\u003e\u003cli\u003eOMB M-14-03\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003e5 CFR § 930.301\u003c/li\u003e\u003cli\u003ePublic Law 113-291 Title VIII Subtitle D\u003c/li\u003e\u003cli\u003eSection 508 of the Rehabilitation Act of 1973\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Portfolio Management (PfM)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2021-09-005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Describes the Captital Planning and Investment Control (CPIC) principles and requirements, and establishes standard methodologies for conducting OAs, evaluating Investment Risks, certifying adequate Incremental Development, and successfully implementing TBM\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 9/23/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e \u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition\"\u003eCyberGeek - Risk Management Handbook Chapter 15: System \u0026amp; Services Acquisition\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGovernment Performance and Results Act of 1993\u003c/li\u003e\u003cli\u003eFederal Acquisition Streamlining Act of 1994\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act of 1995\u003c/li\u003e\u003cli\u003eFederal Financial Management Improvement Act of 1996\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFITARA 2014\u003c/li\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003ePolicies \u0026amp; Priorities, Technology Business Management. CIO. GOV\u003c/li\u003e\u003cli\u003eRecords Management Act of 1950\u003c/li\u003e\u003cli\u003eSection 508 of the Rehabilitation Act\u003c/li\u003e\u003cli\u003eEO 13636\u003c/li\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eGAO-04-394G\u003c/li\u003e\u003cli\u003eAIMD-10.1.13\u003c/li\u003e\u003cli\u003eGAO-13-87\u003c/li\u003e\u003cli\u003eGAO Report 16-469\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-94\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB Federal Cloud Computing Strategy - Cloud Smart\u003c/li\u003e\u003cli\u003eOMB M-97-02\u003c/li\u003e\u003cli\u003eOMB M-05-23\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eFederal Continuity Directive 1\u003c/li\u003e\u003cli\u003eFederal Continuity Directive 2\u003c/li\u003e\u003cli\u003eFIPS 140-2\u003c/li\u003e\u003cli\u003eNIST S.P. 800-30\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-39\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-56A\u003c/li\u003e\u003cli\u003eSection 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)\u003c/li\u003e\u003cli\u003eHHS Section 508 Electronic and IT\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation\u003c/li\u003e\u003cli\u003eHHS OCIO Roles and Responsibilities\u003c/li\u003e\u003cli\u003eHHS OCIO Enterprise Performance Life Cycle Framework Overview Document\u003c/li\u003e\u003cli\u003eHHS IT Strategic Plan\u003c/li\u003e\u003cli\u003eHHS IT Policy for Enterprise Architecture\u003c/li\u003e\u003cli\u003eHHS Office of Acquisition Management and Policy (OAMP) Acquisition Policy Memorandum\u003c/li\u003e\u003cli\u003eHHS IT Acquisition Reviews (ITAR)\u003c/li\u003e\u003cli\u003eHHS IT Enterprise Performance Life Cycle\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Records Management\u003c/li\u003e\u003cli\u003eHHS Enterprise Risk Management Framework\u003c/li\u003e\u003cli\u003eHHS Cloud Computing and FedRamp Guidance\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy Language\u003c/li\u003e\u003cli\u003eHHS Cyber Supply Chain Risk Management\u003c/li\u003e\u003cli\u003eHHS High Value Asset (HVA) Program\u003c/li\u003e\u003cli\u003eOCIO FITARA Approval Guidance\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eTransition to IPv6\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2021-08-004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides guidance to which HHS Operating Divisions (OpDivs) and Staff Divsions (StaffDivs) must follow to meet the requirements and milestones laid out in the OMB Memorandum 21-07, Completing the Transition to IPv6 (M-21-07)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/1/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eFederal Acquisition Regulation (FAR)\u003c/li\u003e\u003cli\u003eNIST S.P. 500-267A\u003c/li\u003e\u003cli\u003eNIST S.P. 500-267B\u003c/li\u003e\u003cli\u003eNIST S.P. 500-281A\u003c/li\u003e\u003cli\u003eNIST S.P. 500-281B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-21-07\u003c/li\u003e\u003cli\u003eOMB M-05-22\u003c/li\u003e\u003cli\u003eHHS IT Acquisition Reviews (ITAR)\u003c/li\u003e\u003cli\u003eHHS IT Asset Management (ITAM)\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy Language\u003c/li\u003e\u003cli\u003eHHS IT System Inventory Management\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eImplementation of DHS Directive on Vulnerability Disclosure\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-05-003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the HHS compliance requirements under the DHS B.O.D 20-01\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/4/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCarnegie Mellon SEI, The CERT Guide to Coordinated Vulnerable Disclosure\u003c/li\u003e\u003cli\u003eB.O.D. 20-01\u003c/li\u003e\u003cli\u003eDOJ A Framework for a Vulnerability Disclosure Program for Online Systems\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eISO/IEC 29147:2018\u003c/li\u003e\u003cli\u003eNIST Framework for Improving Critical Infrastructure Cybersecurity\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-20-32\u003c/li\u003e\u003cli\u003eEO 13800\u003c/li\u003e\u003cli\u003eTitle 44, U.S. Code, Section 3553(b)(2) Authority and Functions of the Director and the Secretary\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eImplementation of Trusted Internet Connections (TIC)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-03-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the requirements to which HHS Operating Divisions (OpDivs) must adhere when implementing TICs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/17/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e6 USC 1523(b)(1)(D)\u003c/li\u003e\u003cli\u003eOMB M-19-26\u003c/li\u003e\u003cli\u003eCommittee on National Security Systems (CNSS), Internet Engineering Task Force (IETF) RFC 4949\u003c/li\u003e\u003cli\u003eDHS CISA TIC Reference Architecture Document\u003c/li\u003e\u003cli\u003eDHS CISA TIC Volume 1-5\u003c/li\u003e\u003cli\u003eDHS CISA TIC Interim Telework Guidance\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA) Enterprise Infrastructure Solutions (EIS) Management and Operations Handbook\u003c/li\u003e\u003cli\u003eGSA, Transition Handbook, Network, WITS 3, and GSA Regional Local Services to EIS Contracts\u003c/li\u003e\u003cli\u003eNational Cybersecurity Protection System (NCPS) Cloud Interface Reference Architecture\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-41\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-145\u003c/li\u003e\u003cli\u003eNIST S.P. 800-152\u003c/li\u003e\u003cli\u003eNIST S.P. 800-207\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Internet and Email Security\u003c/li\u003e\u003cli\u003eHHS POA\u0026amp;M Standard\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Procurements - Security And Privacy Language\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-03-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Mandates the standard security and privacy language for information and information technology (IT) procurements throughout HHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/3/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/security-and-privacy-requirements-it-procurements\"\u003eCyberGeek - Security and Privacy Requirements for IT Procurements\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eBuy American Act\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eFASCSA 2018\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePublic Law 115-232 § 889\u003c/li\u003e\u003cli\u003ePublic Law 115-390\u003c/li\u003e\u003cli\u003eU.S.C of CFR\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eIT System Inventory Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2020-12-011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Direct HHS entities (i.e., Operating Divisions [OpDiv] and Staff Divisions [StaffDiv]) to establish and maintain an enterprise-wide inventory of HHS IT systems by providing guidance and baseline standards for maintaining a comprehensive inventory of all IT systems and related information\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA 2014\u003c/li\u003e\u003cli\u003eFITARA Enhancement Act of 2017\u003c/li\u003e\u003cli\u003eMEGABYTE Act of 2016\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-17-09\u003c/li\u003e\u003cli\u003eOMB M-19-01\u003c/li\u003e\u003cli\u003eOMB M-19-21\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eHHS CPIC\u003c/li\u003e\u003cli\u003eHHS HVA\u003c/li\u003e\u003cli\u003eHHS ITAM\u003c/li\u003e\u003cli\u003eHHS Records Management\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Asset Management (ITAM)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OCPO-2020-08-008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the HHS program for the management of IT and Telecommunication assets in compliance with the Cap Goal 7: Category Management - Leveraging Common Contracts and Best Practices to Drive Saving and Efficiencies, within the Presidents Management Agenda (PMA); to buy common goods and services as an enterprise to eliminate redundancies, increase efficiency, and to deliver more value and savings from the governments acquisition programs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/19/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003eE-Government Act\u003c/li\u003e\u003cli\u003eMEGABYTE Act of 2016\u003c/li\u003e\u003cli\u003eSection 508 of the Rehabilitation Act\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eFederal Accounting Standards Advisory Board (FASAB), Statement of Federal Financial Accounting Standards (SFFAS) No. 10, Accounting for Internal Use Software\u003c/li\u003e\u003cli\u003eFASAB, Federal Finacial Accounting Technical Release 16, Implementation Guidance for Internal Use Software\u003c/li\u003e\u003cli\u003eGAO 14-413\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-16-12\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-19-13\u003c/li\u003e\u003cli\u003eHHS FITARA Implementation-Revised HHS IT Governance Framework\u003c/li\u003e\u003cli\u003eHHS FITAR Implementation Plan\u003c/li\u003e\u003cli\u003eGAO audit recommendations of HHSs Telecommunications inventory management and IT Strategic Planning\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eVulnerability Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-08-009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the baseline requirements for maintaining and effective vulnerability management program to implement and support activities pertaining to vulnerability scanning and remediation and to continually manage risks impacting HHS IT resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/19/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eSection International Organization for Standardization (ISO) 27002\u003c/li\u003e\u003cli\u003eNIST S.P. 800-40\u003c/li\u003e\u003cli\u003eNIST S.P. 800-51\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-126\u003c/li\u003e\u003cli\u003eNIST S.P. 800-128\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eCyber Supply Chain Risk Management (C-SCRM)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-08-010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the baseline requirements for securing the information and communications technology (ICT) products and services supply chain in order to protect HHS information systems and information from the risks involving ICT procurement supply chain\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/18/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eSECURE Technology Act\u003c/li\u003e\u003cli\u003eBuy American Act\u003c/li\u003e\u003cli\u003ePublic Law 115-232 § 889\u003c/li\u003e\u003cli\u003eFASCSA 2018\u003c/li\u003e\u003cli\u003eComprehensive National Cybersecurity Initiative (CNCI)\u003c/li\u003e\u003cli\u003eCISA National Risk Management Center\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eNIST S.P. 800-161\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eHHS ISP2\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSection 508 Compliance and Accessibility of Information and Communications Technology (ICT)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2020-07-007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Implement uniformity and conformity of accessibility compliance across all of HHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCommunications Act of 1934\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003e36 CFR § 1193-1194\u003c/li\u003e\u003cli\u003eOMB M-17-06\u003c/li\u003e\u003cli\u003eOMB M-13-13\u003c/li\u003e\u003cli\u003eOMB M-16-20\u003c/li\u003e\u003cli\u003eOMB Memorandum, Improving the Accessibility of Government Information\u003c/li\u003e\u003cli\u003eOMB Strategic Plan for Improving Management of Section 508 of the Rehabilitation Act\u003c/li\u003e\u003cli\u003eRehabilitation Act of 1973\u003c/li\u003e\u003cli\u003eWorkforce Innovation and Opportunities Act\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Acquisition Reviews (ITAR)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2020-06-006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the HHS ITAR Program, which ensures HHS conducts its due diligence to manage and maintain oversight and governance over the procurement of IT therefore contributing to effective planning, budgeting, and execution of IT resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eNational Defense Authorization Act for Fiscal Year 2015\u003c/li\u003e\u003cli\u003eEO 13833\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-16-12\u003c/li\u003e\u003cli\u003eHHS FITARA Implementation-Revised HHS IT Governance Framework\u003c/li\u003e\u003cli\u003eHHS FITARA HHS Implementation Plan\u003c/li\u003e\u003cli\u003eHHS Memorandum for Record, HHS Chief Information Officer Delegation of Authorities to Operating Divsiion Chief Information Officers\u003c/li\u003e\u003cli\u003eHHS CPIC\u003c/li\u003e\u003cli\u003eHHS EPLC\u003c/li\u003e\u003cli\u003eHHS Procedures, Guidance and Instructions (PGI)\u003c/li\u003e\u003cli\u003eInformation Technology Decision Criteria and Clause Matrix\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy language\u003c/li\u003e\u003cli\u003eHHS Standard for Encryption of computing Devices and Information\u003c/li\u003e\u003cli\u003eHHS Minumun Security Configuration Standards Guidance\u003c/li\u003e\u003cli\u003eHHS Software Development Secure Coding Practices\u003c/li\u003e\u003cli\u003eHHS Directive for Acquisition Strategy\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePreparing for and Responding to a Breach\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-PIM-2020-05-003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Addresses OMB M-17-22, Preparing for and Responding to a Breach of PII, and sets forth the approach of HHS in preparing for and responding to breaches of PII in any medium or form\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\"\u003eCyberGeek - Risk Management Handbook Chapter 8: Incident Response (IR)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-20-04\u003c/li\u003e\u003cli\u003eOMB M-16-14\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePPD-41\u003c/li\u003e\u003cli\u003eNIST S.P. 800-34\u003c/li\u003e\u003cli\u003eNIST S.P. 800-61\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eUS-CERT Federal Incident Notification Guidelines\u003c/li\u003e\u003cli\u003eNational Cybersecurity and Communications Integration Center (NCCIC) Cyber Incident Scoring System\u003c/li\u003e\u003cli\u003eIdentity Protection Services (IPS) Multiple Award Blanket Purchase Agreement (BPA)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSecuring Wireless Local Area Networks\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-01-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Updates the requirements and specification for securing all HHS WLANs in compliance with the NIST S.P. 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs) and the Institute of Electrical and Electronic Engineers (IEEE) 802.11 WLANs standards\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/13/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-153\u003c/li\u003e\u003cli\u003eNIST S.P. 800-97\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Memorandum, Addendum to the HHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEnterprise Data Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-02-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the requirements for the efficient and secure management and protection of enterprise data\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/13/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-13-13\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eDomain Name System (DNS) and DNS Security Extensions (DNSSEC) Services\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2019-11-011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the minumum requirements for implementing the DNS and DNSEC services across the HHS and the OpDiv networks\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eDHS DNS Security Reference Architecture\u003c/li\u003e\u003cli\u003eNIST S.P. 800-81\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eDHS B.O.D. 19-01\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInternet and Email Security\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2019-10-009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the minimum requirements for securing the internet and email services throughout HHS, including OpDivs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-16-system-communications-protection\"\u003eCyberGeek - RMH Chapter 16: System \u0026amp; Communications Protection\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/email-encryption-requirements-cms\"\u003eCyberGeek - Email Encryption Requirements at CMS\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13800\u003c/li\u003e\u003cli\u003eOMB M-15-13\u003c/li\u003e\u003cli\u003eDHS B.O.D 19-01\u003c/li\u003e\u003cli\u003eDHS B.O.D 18-01\u003c/li\u003e\u003cli\u003eNIST S.P. 800-177\u003c/li\u003e\u003cli\u003eNIST S.P. 800-119\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC) Bureau of Consumer Protections, Businesses Can Help Stop Phishing and Protect their Brands Using Email Authentication\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior (ROB)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHigh Value Asset (HVA) Program\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2018-09-006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides HHS OpDivs and StaffDivs with the policy for governance of HHS HVAs along with the requirements for the identification, categorization, prioritization, reporting, assessment, and the remediation of finding of HVAs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-16-04\u003c/li\u003e\u003cli\u003eOMB M-19-02\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-13-13\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eDHS B.O.D. 18-02\u003c/li\u003e\u003cli\u003eCybersecurity Strategy and Implementation Plan for the Federal Civilian Government (CSIP)\u003c/li\u003e\u003cli\u003eCybersecurity National Action Plan (CNAP)\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Continuity of Operation Program\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy Language\u003c/li\u003e\u003cli\u003eSenior Accountable Official for Risk Management (SAORM) Designee for Department of Homeland Security B.O.D. 18-02 Securing HVAs\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMobile Devices and Removable Media\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2019-09-0005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Protects HHS information and information systems from risks related to the use of mobile devices for government businesses and the risks of using mobile devices to access HHS information systems remotely from outside of HHS facilities\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-5-configuration-management-cm\"\u003eCyberGeek - Risk Management Handbook Chapter 5: Configuration Management (CM)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-10-media-protection-mp\"\u003eCyberGeek - Risk Management Handbook Chapter 10: Media Protection (MP)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-access-control-handbook\"\u003eCyberGeek - CMS Access Control Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFederal Records Act of 1950\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-124\u003c/li\u003e\u003cli\u003eEO 13556\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior for Use of HHS Information and IT Resources Policy\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSoftware Development Secure Coding Practices\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2019-08-005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the minimum baseline secure coding practices that must be implemented to ensure secure code is “built in” in the early phases of the software development lifecycle in order to protect and secure all HHS information, IT systems, and networks\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMobile Applications Privacy Policy\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-PIM-2018-09-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Sets forth HHS policy for protecting privacy in HHS Mobile Applications\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eCOPPA 1998\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eOMB M-17-06\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB A-108\u003c/li\u003e\u003cli\u003eDigital Government: Building a 21st Century Platform to Better Serve the American People\u003c/li\u003e\u003cli\u003eNIST 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-163\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-61\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eHHS Policy and Plan for Preparing for and Responding to Breaches of PII\u003c/li\u003e\u003cli\u003eHHS Privacy Impact Assessment Guidance\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Privacy Impact Assessments (PIA)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology (IT) Policy for Enterprise Performance Life Cycle (EPLC)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2008-004.002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e All HHS IT projects shall be managed using the HHS EPLC Framework, including life cycle phases, reviews, deliverables, activities, responsibilities, and tailoring, regardless of the specific development methodology used\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.cms.gov/data-research/cms-information-technology/tlc\"\u003eCMS.gov - Target Life Cycle (TLC)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition\"\u003eCyberGeek - Risk Management Handbook Chapter 15: System \u0026amp; Services Acquisition\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-16-system-communications-protection\"\u003eCyberGeek - RMH Chapter 16: System \u0026amp; Communications Protection\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003eFederal Acquisition Certification-Program and Project Manager Program (FAC-P/PM)\u003c/li\u003e\u003cli\u003eHHS IT Capital Planning and Investment Control\u003c/li\u003e\u003cli\u003eHHS IRM Policy for Conducting IT Alternatives Analysis\u003c/li\u003e\u003cli\u003eHHS IT Performance Management (PfM)\u003c/li\u003e\u003cli\u003eHHS Enterprise Architecture (EA)\u003c/li\u003e\u003cli\u003eHHS IT System Inventory Management\u003c/li\u003e\u003cli\u003eHHS Records Mangement\u003c/li\u003e\u003cli\u003eHHS Implementing Email Records Management\u003c/li\u003e\u003cli\u003eHHS Section 508 and Accessibility of Technology and Communications Technology (ICT)\u003c/li\u003e\u003cli\u003eHHS Security Policies, Standards, Charters and Training Resources\u003c/li\u003e\u003cli\u003eHHS Incident Reporting, Policy and Incident Management Reference\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eGAO Cost Estimating and Assessment Guide\u003c/li\u003e\u003cli\u003eOMB M-05-23\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-127\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEnvironmental Practices of Electronics\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the framework for the implementation of sound environmental practices in the acquisition, operations and maintenance, and end-of-life management of HHS-purchased electronic products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/5/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Property Management\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13423\u003c/li\u003e\u003cli\u003eEO 13514\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eElectronic Stewardship\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2011-0002.001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the framework for the implementation of sound environmental practices in the acquisition, operations and maintenance, and end-of-life management of HHS-purchased electronic products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Property Management\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13423\u003c/li\u003e\u003cli\u003eEO 13514\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for FOIA Investigatory \u0026amp; Audit Matters\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides HHS staff with a policy for legal holds and to inform HHS staff about FOIA, investigatory, and audit matters that require holds on HHS records and other related documentary materials\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/26/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Freedom of Information Group\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFOIA\u003c/li\u003e\u003cli\u003e44 U.S.C Chapter 31\u003c/li\u003e\u003cli\u003e44 U.S.C Chapter 33\u003c/li\u003e\u003cli\u003e5 U.S.C Chapter 552\u003c/li\u003e\u003cli\u003e36 CFR Chapter XII, subchapter B\u003c/li\u003e\u003cli\u003eFederal Rules of Civil Procedure (FRCP)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for Networks Program Designated Agency Representatives\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2010-0005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Identifies and provides supplemental information in the establishment of titles, roles and responsibilities of Designated Agency Representatives (DARs) for the move from the FTS-2001 contract to the Networx contract and its transition program\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/10/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA) guidelines regarding Networx contracts, policies, and procedures\u003c/li\u003e\u003cli\u003eGSA DAR Guidelines for Network Services Contracts of the Office of ITS FAA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for Enterprise Architecture\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2008-0003.001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Outlines the roles and responsibilities for ensuring compliance with legislative and executive level guidance on Enterprise Architecture (EA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/7/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGRPA 1993\u003c/li\u003e\u003cli\u003eFASA V 1994\u003c/li\u003e\u003cli\u003ePRA 1995\u003c/li\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003eGovernment Paperwork Elimination Act of 1998\u003c/li\u003e\u003cli\u003eGISRA 2000\u003c/li\u003e\u003cli\u003eFISMA 2002\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eEO 13011\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-109\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-127\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-00-07\u003c/li\u003e\u003cli\u003eOMB M-97-02\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for eGov Forms\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2006-0003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensures that HHS maintains accurate form content for those HHS forms that are in the E-Gov Forms Catalogue, managed by the Small Business Administration (SBA) and the General Services Administration (GSA) under the Business Gateway (BG) initiative\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/7/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFederal Property and Administrative Services Act of 1949\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eSection 508 Rehabilitation Act\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act of 1980\u003c/li\u003e\u003cli\u003eInformation Quality Act\u003c/li\u003e\u003cli\u003e5 U.S.C. 552a(e)(1)\u003c/li\u003e\u003cli\u003e44 U.S.C. 3508\u003c/li\u003e\u003cli\u003eSmall Business Paperwork Relief Act of 2002\u003c/li\u003e\u003cli\u003e36 CFR Parts 1220-1238\u003c/li\u003e\u003cli\u003e5 CFR part 1320\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for HHSMail Change Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO 2006-0002.001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the policy for change management within the HHS HHSMail project\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eHHS Standards\u003c/h3\u003e\u003ch4\u003eHHS Standard for Plan of Action and Milestones (POAM) Management and Reporting\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2019-0002.001S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides OpDivs with the baseline standards and guidelines for properly documenting and managing POA\u0026amp;Ms and support the OpDivs in their development and management of POA\u0026amp;Ms within their respective organizations\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/3/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-plan-action-and-milestones-poam-handbook\"\u003eCyberGeek - CMS Plan of Action and Milestones (POA\u0026amp;M) Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eEO 13800\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-14-04\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Standard for System Inventory Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2018-0001.002S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides guidance and the baseline standards for maintaining a comprehensive inventory of all systems throughout HHS and enable management to have continuous accounting of all information systems and information assets\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/27/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Memorandum, FY15 Cybersecurity IT Priorities\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMinimum Security Configuration Standards Guidance\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2017-0001.001S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides personnel involved in configuring or connecting servers, workstations, or network devices to the HHS infrastructure with minimum security configuration standards for each respective device\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/5/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCyber Security Research and Development Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eCNSS Instruction No. 4009\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-52\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-60\u003c/li\u003e\u003cli\u003eNIST S.P. 800-70\u003c/li\u003e\u003cli\u003eNIST S.P. 800-115\u003c/li\u003e\u003cli\u003eNIST S.P. 800-128\u003c/li\u003e\u003cli\u003eNIST S.P. 800-152\u003c/li\u003e\u003cli\u003eNIST S.P. 800-175A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-179\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Minimum Security Configuration Standards for Palo Alto Networks\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2017-0001-002S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides OpDivs with specific technical configuration guidance for implementing the Palo Alto Networks Uniform Resource Locator (URL) filtering and Transport Layer Security (TLS) decryption solution\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/31/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-privacy-impact-assessment-pia-handbook\"\u003eCyberGeek - CMS Privacy Impact Assessment (PIA) Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eNIST S.P. 800-66\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eHHS Memoranda\u003c/h3\u003e\u003ch4\u003eHHS Approved Physical Access and Logical Access Authentication Mechanisms\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/15/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-access-control-handbook\"\u003eCyberGeek - CMS Access Control Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHSPD-12\u003c/li\u003e\u003cli\u003eOMB M-19-17\u003c/li\u003e\u003cli\u003eOMB M-22-09\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63-3\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63C\u003c/li\u003e\u003cli\u003eNIST S.P. 800-157\u003c/li\u003e\u003cli\u003eNIST S.P. 800-217\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eReminder of Existing HHS IT User Policies Relevant for Third-Party Generative AI Tools\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/20/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e40 U.S.C § 11319(b)(1)(A)\u003c/li\u003e\u003cli\u003e40 U.S.C § 11319\u003c/li\u003e\u003cli\u003e40 U.S.C § 11315(c)(2)\u003c/li\u003e\u003cli\u003eHHS Securing AI Technology\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior for Use of Information and IT Resources\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMemorandum M-23-13 “No TikTok on Government Devices” Implementation\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/31/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNo TikTok on Government Devices Act\u003c/li\u003e\u003cli\u003eOMB M-23-13\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eIS2P / NIST S.P. 800-53 Revision 5 - Compliance Timeline\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/20/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eHHS IS2P \u0026nbsp;\u003c/li\u003e\u003cli\u003eHHS Control Catalog\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eUpdated Department Standard Warning Banner for HHS Systems\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 9/12/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRescission of Outdated and Superseded Policy\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/9/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Control Catalog\u003c/li\u003e\u003cli\u003eHHS Minimum Security Configuration Standards Guidance\u003c/li\u003e\u003cli\u003eHHS Minimum Security Configuration Standards for Palo Alto Networks\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Social Security Number (SSN) Reduction and Elimination\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/10/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act of 1995\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eOMB M-07-16\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eEO 9397\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eHHS Sensitive PII Definition and Guidance\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eComplete Transition to IPv 6 Memorandum\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 4/29/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-21-07\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRoles \u0026amp; Repsonsibilities of OpDiv SOPs\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/3/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eImplementing Recommendations of the 9/11 Commission Act of 2007\u003c/li\u003e\u003cli\u003eEO 13636\u003c/li\u003e\u003cli\u003eEO 9397\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-20-04\u003c/li\u003e\u003cli\u003eOMB M-16-24\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-10-22\u003c/li\u003e\u003cli\u003eOMB M-07-16\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS IT Acquisition Reviews (ITAR)\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS High Value Asset (HVA) Program\u003c/li\u003e\u003cli\u003eHHS IT Procurements Security and Privacy Language\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003eHHS Mobile Applications Privacy Policy\u003c/li\u003e\u003cli\u003eHHS POA\u0026amp;M Standard\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eHHS Sensitive PII Definition and Guidance\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eUse of Government Furnished Equipment (GFE) During Foreign Travel\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 2/10/21\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Counterintelligence and Insider Threat - Foreign Travel\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140-2\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRescission of Security and Privacy Outdated and Superseded Policies\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/25/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS IT Security and Privacy Incident Reporting and Response\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Minimum Security Configurations Standards Guidance\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSensitive PII Definition and Guidance\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/4/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST S.P. 800-88\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAddendum to the HHS IS2P\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/24/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003ch4\u003eRequirement for Role-Based Training of Personnel with Significant Security Responsibilities\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/28/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/role-based-training-rbt\"\u003eCyberGeek - Role Based Training (RBT)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFCWAA 2015\u003c/li\u003e\u003cli\u003e5 CFR 930.301\u003c/li\u003e\u003cli\u003eNIST S.P. 800-181\u003c/li\u003e\u003cli\u003eNIST S.P. 800-16\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Cloud Computing and Federal Risk and Authorization Management Program Guidance\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/15/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/fedramp\"\u003eCyberGeek - Federal Risk and Authorization Management Program (FedRAMP)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFedRAMP\u003c/li\u003e\u003cli\u003eNIST S.P. 800-144\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eHHS Cloud Computing Strategy\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEnd-of-Life Operating Systems, Software and Applications Policy\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/19/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eFY15 Cybersecurity IT Priorities\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/1/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eEO 13636\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Usage of Unauthorized External Information Systems to Conduct Department Business Memorandum\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/8/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Security Data Warehouse Escalation Memorandum\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/15/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for Monitoring Employee Use of HHS IT Resources (2013)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/26/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIG Act 1978\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eWhistleblower Protection Act\u003c/li\u003e\u003cli\u003eFOIA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eDetermining Non-Sensitive Data on Mobile Computers/Devices\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/11/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-06-16\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eImplementation of OMB M-10-22 and M-10-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/21/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-10-22\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-07-16\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eResolving Security Audit Finding Disputes\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/13/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-08-21\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eUpdated Departmental Standard for the Definition of Sensitive Information\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/18/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003ch4\u003eApplicability of FISMA to HHS Grantees\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/29/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2002\u003c/li\u003e\u003cli\u003eOMB M-07-19\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eHHS Guides, Forms, and Templates\u003c/h3\u003e\u003ch4\u003eInformation Security \u0026amp; Privacy Certification Checklist\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/1/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition\"\u003eCyberGeek - Risk Management Handbook Chapter 15: System \u0026amp; Services Acquisition\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eNIST S.P. 800-60\u003c/li\u003e\u003cli\u003eNIST S.P. 800-88\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy Exception-Risk Based Decision Request\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/10/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e44 U.S. C, Sec. 3502\u003c/li\u003e\u003cli\u003eOMB A-127\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Guidance for Selection of e-Authentication Assurance Levels\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13681\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63-3\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63C\u003c/li\u003e\u003cli\u003eOMB M-04-04\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Guidance for e-Authentication RA Template\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-63\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63-3\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63C\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eCharter Establishing the EPLC Change Control Board\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e \u003ca href=\"https://www.cms.gov/data-research/cms-information-technology/tlc\"\u003eCMS.gov - Target Life Cycle\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eNon-Disclosure Agreement\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e N/A\u003c/p\u003e"])</script><script>self.__next_f.push([1,"274:{\"value\":\"$275\",\"format\":\"body_text\",\"processed\":\"$276\",\"summary\":\"\"}\n279:[]\n278:{\"uri\":\"https://security.cms.gov/learn/cms-governance-risk-and-compliance-grc\",\"title\":\"CMS Governance, Risk, and Compliance (GRC)\",\"options\":\"$279\",\"url\":\"https://security.cms.gov/learn/cms-governance-risk-and-compliance-grc\"}\n27b:[]\n27a:{\"uri\":\"https://csrc.nist.gov/publications/sp\",\"title\":\"NIST Special Publications\",\"options\":\"$27b\",\"url\":\"https://csrc.nist.gov/publications/sp\"}\n27d:[]\n27c:{\"uri\":\"https://csrc.nist.gov/publications/fips\",\"title\":\"Federal Information Processing Standards (FIPS)\",\"options\":\"$27d\",\"url\":\"https://csrc.nist.gov/publications/fips\"}\n277:[\"$278\",\"$27a\",\"$27c\"]\n27e:{\"value\":\"A comprehensive list of the federal laws, regulations, and policies that shape how information security and privacy are managed at CMS\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eA comprehensive list of the federal laws, regulations, and policies that shape how information security and privacy are managed at CMS\u003c/p\u003e\\n\"}\n272:{\"drupal_internal__nid\":1171,\"drupal_internal__vid\":5872,\"langcode\":\"en\",\"revision_timestamp\":\"2024-08-20T13:08:41+00:00\",\"status\":true,\"title\":\"CMS Guide to Federal Laws, Regulations, and Policies\",\"created\":\"2024-02-16T17:33:29+00:00\",\"changed\":\"2024-08-07T15:53:44+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$273\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":\"$274\",\"field_contact_email\":\"CISO@cms.hhs.gov\",\"field_contact_name\":\"CISO Team\",\"field_last_reviewed\":\"2024-02-16\",\"field_related_resources\":\"$277\",\"field_short_description\":\"$27e\"}\n282:{\"drupal_internal__target_id\":\"library\"}\n281:{\"type\":\"node_type--node_type\",\"id\":\"ab4b0312-f678-40b9-ae06-79025f52ff43\",\"meta\":\"$282\"}\n284:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/node_type?resourceVersion=id%3A5872\"}\n285:{\"href\":\"https"])</script><script>self.__next_f.push([1,"://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/relationships/node_type?resourceVersion=id%3A5872\"}\n283:{\"related\":\"$284\",\"self\":\"$285\"}\n280:{\"data\":\"$281\",\"links\":\"$283\"}\n288:{\"drupal_internal__target_id\":105}\n287:{\"type\":\"user--user\",\"id\":\"0a524d8d-c305-48cb-b7e8-ac3897f622d2\",\"meta\":\"$288\"}\n28a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/revision_uid?resourceVersion=id%3A5872\"}\n28b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/relationships/revision_uid?resourceVersion=id%3A5872\"}\n289:{\"related\":\"$28a\",\"self\":\"$28b\"}\n286:{\"data\":\"$287\",\"links\":\"$289\"}\n28e:{\"drupal_internal__target_id\":6}\n28d:{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":\"$28e\"}\n290:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/uid?resourceVersion=id%3A5872\"}\n291:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/relationships/uid?resourceVersion=id%3A5872\"}\n28f:{\"related\":\"$290\",\"self\":\"$291\"}\n28c:{\"data\":\"$28d\",\"links\":\"$28f\"}\n294:{\"drupal_internal__target_id\":91}\n293:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"e3394b9a-cbff-4bad-b68e-c6fad326132e\",\"meta\":\"$294\"}\n296:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/field_resource_type?resourceVersion=id%3A5872\"}\n297:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/relationships/field_resource_type?resourceVersion=id%3A5872\"}\n295:{\"related\":\"$296\",\"self\":\"$297\"}\n292:{\"data\":\"$293\",\"links\":\"$295\"}\n29b:{\"drupal_internal__target_id\":66}\n29a:{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":\"$29b\"}\n29d:{\"drupal_internal__target_id\":81}\n29c:{\"type\":\"taxonomy_term--roles\",\"id\":\"a2b33f6a-8172-4862-9c0e-6e5076b6cf26\",\"meta\":\"$29d\"}\n29f:{\"drupal_internal__target_id\":61}\n29e:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab"])</script><script>self.__next_f.push([1,"\",\"meta\":\"$29f\"}\n2a1:{\"drupal_internal__target_id\":76}\n2a0:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":\"$2a1\"}\n299:[\"$29a\",\"$29c\",\"$29e\",\"$2a0\"]\n2a3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/field_roles?resourceVersion=id%3A5872\"}\n2a4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/relationships/field_roles?resourceVersion=id%3A5872\"}\n2a2:{\"related\":\"$2a3\",\"self\":\"$2a4\"}\n298:{\"data\":\"$299\",\"links\":\"$2a2\"}\n2a8:{\"drupal_internal__target_id\":16}\n2a7:{\"type\":\"taxonomy_term--topics\",\"id\":\"c12221c3-2c7e-4eb0-903f-0470aad63bf0\",\"meta\":\"$2a8\"}\n2aa:{\"drupal_internal__target_id\":21}\n2a9:{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"meta\":\"$2aa\"}\n2a6:[\"$2a7\",\"$2a9\"]\n2ac:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/field_topics?resourceVersion=id%3A5872\"}\n2ad:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/relationships/field_topics?resourceVersion=id%3A5872\"}\n2ab:{\"related\":\"$2ac\",\"self\":\"$2ad\"}\n2a5:{\"data\":\"$2a6\",\"links\":\"$2ab\"}\n27f:{\"node_type\":\"$280\",\"revision_uid\":\"$286\",\"uid\":\"$28c\",\"field_resource_type\":\"$292\",\"field_roles\":\"$298\",\"field_topics\":\"$2a5\"}\n26f:{\"type\":\"node--library\",\"id\":\"76ca103f-df48-4164-be97-c4a6902a3f94\",\"links\":\"$270\",\"attributes\":\"$272\",\"relationships\":\"$27f\"}\n"])</script><script>self.__next_f.push([1,"5:[\"$\",\"$L17\",null,{\"content\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"a0111527-6756-4576-8c52-5a7f3a032b20\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20?resourceVersion=id%3A5748\"}},\"attributes\":{\"drupal_internal__nid\":316,\"drupal_internal__vid\":5748,\"langcode\":\"en\",\"revision_timestamp\":\"2024-08-05T15:50:25+00:00\",\"status\":true,\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"created\":\"2022-08-29T15:11:08+00:00\",\"changed\":\"2024-08-05T15:50:25+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/federal-information-security-modernization-act-fisma\",\"pid\":306,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CISO@cms.hhs.gov\",\"field_contact_name\":\"ISPG Policy Team\",\"field_short_description\":{\"value\":\"FISMA is federal legislation that defines a framework of guidelines and security standards to protect government information and operations\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eFISMA is federal legislation that defines a framework of guidelines and security standards to protect government information and operations\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#ispg-sec_privacy-policy\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/node_type?resourceVersion=id%3A5748\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/node_type?resourceVersion=id%3A5748\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"4420e728-6dc2-4022-bf8d-5bd1329e5e64\",\"meta\":{\"drupal_internal__target_id\":159}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/revision_uid?resourceVersion=id%3A5748\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/revision_uid?resourceVersion=id%3A5748\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/uid?resourceVersion=id%3A5748\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/uid?resourceVersion=id%3A5748\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"4ffd074a-8ca7-41ad-8c6c-d270330af3fa\",\"meta\":{\"target_revision_id\":19016,\"drupal_internal__target_id\":1146}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/field_page_section?resourceVersion=id%3A5748\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/field_page_section?resourceVersion=id%3A5748\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"3d88d941-7844-4a24-8d87-b884cf205f36\",\"meta\":{\"target_revision_id\":19017,\"drupal_internal__target_id\":1941}},{\"type\":\"paragraph--internal_link\",\"id\":\"5087f368-5c99-41a5-b39b-e27bc9df3950\",\"meta\":{\"target_revision_id\":19018,\"drupal_internal__target_id\":1946}},{\"type\":\"paragraph--internal_link\",\"id\":\"4b2ee6b4-cbfd-46c8-a65f-9b2b18e1a793\",\"meta\":{\"target_revision_id\":19019,\"drupal_internal__target_id\":1951}},{\"type\":\"paragraph--internal_link\",\"id\":\"dd735dee-c392-4312-bc59-7a2163ad21a6\",\"meta\":{\"target_revision_id\":19020,\"drupal_internal__target_id\":3517}},{\"type\":\"paragraph--internal_link\",\"id\":\"b88a7b64-a818-4f85-b969-a2f77482f8ce\",\"meta\":{\"target_revision_id\":19021,\"drupal_internal__target_id\":3518}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/field_related_collection?resourceVersion=id%3A5748\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/field_related_collection?resourceVersion=id%3A5748\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":{\"drupal_internal__target_id\":131}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/field_resource_type?resourceVersion=id%3A5748\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/field_resource_type?resourceVersion=id%3A5748\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":{\"drupal_internal__target_id\":66}},{\"type\":\"taxonomy_term--roles\",\"id\":\"a2b33f6a-8172-4862-9c0e-6e5076b6cf26\",\"meta\":{\"drupal_internal__target_id\":81}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}},{\"type\":\"taxonomy_term--roles\",\"id\":\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\",\"meta\":{\"drupal_internal__target_id\":71}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/field_roles?resourceVersion=id%3A5748\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/field_roles?resourceVersion=id%3A5748\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"meta\":{\"drupal_internal__target_id\":21}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/field_topics?resourceVersion=id%3A5748\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/field_topics?resourceVersion=id%3A5748\"}}}}},\"included\":[{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node_type/node_type/d185e460-4998-4d2b-85cb-b04f304dfb1b\"}},\"attributes\":{\"langcode\":\"en\",\"status\":true,\"dependencies\":{\"module\":[\"menu_ui\",\"scheduler\"]},\"third_party_settings\":{\"menu_ui\":{\"available_menus\":[],\"parent\":\"\"},\"scheduler\":{\"expand_fieldset\":\"when_required\",\"fields_display_mode\":\"vertical_tab\",\"publish_enable\":false,\"publish_past_date\":\"error\",\"publish_past_date_created\":false,\"publish_required\":false,\"publish_revision\":false,\"publish_touch\":false,\"show_message_after_update\":true,\"unpublish_enable\":false,\"unpublish_required\":false,\"unpublish_revision\":false}},\"name\":\"Explainer page\",\"drupal_internal__type\":\"explainer\",\"description\":\"Use \u003ci\u003eExplainer pages\u003c/i\u003e to provide general information in plain language about a policy, program, tool, service, or task related to security and privacy at CMS.\",\"help\":null,\"new_revision\":true,\"preview_mode\":1,\"display_submitted\":true}},{\"type\":\"user--user\",\"id\":\"4420e728-6dc2-4022-bf8d-5bd1329e5e64\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/4420e728-6dc2-4022-bf8d-5bd1329e5e64\"}},\"attributes\":{\"display_name\":\"jcallan - retired\"}},{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/dca2c49b-4a12-4d5f-859d-a759444160a4\"}},\"attributes\":{\"display_name\":\"meg - retired\"}},{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22?resourceVersion=id%3A131\"}},\"attributes\":{\"drupal_internal__tid\":131,\"drupal_internal__revision_id\":131,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:13:33+00:00\",\"status\":true,\"name\":\"General Information\",\"description\":null,\"weight\":2,\"changed\":\"2023-03-10T19:04:03+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"3a0127c4-ee06-41ed-8239-f796f6d78eb3\",\"meta\":{\"drupal_internal__target_id\":\"resource_type\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/vid?resourceVersion=id%3A131\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/relationships/vid?resourceVersion=id%3A131\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/revision_user?resourceVersion=id%3A131\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/relationships/revision_user?resourceVersion=id%3A131\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--resource_type\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/parent?resourceVersion=id%3A131\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/relationships/parent?resourceVersion=id%3A131\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5?resourceVersion=id%3A66\"}},\"attributes\":{\"drupal_internal__tid\":66,\"drupal_internal__revision_id\":66,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:26+00:00\",\"status\":true,\"name\":\"Cyber Risk Advisor (CRA)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:26+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/vid?resourceVersion=id%3A66\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/vid?resourceVersion=id%3A66\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/revision_user?resourceVersion=id%3A66\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/revision_user?resourceVersion=id%3A66\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/parent?resourceVersion=id%3A66\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/parent?resourceVersion=id%3A66\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"a2b33f6a-8172-4862-9c0e-6e5076b6cf26\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26?resourceVersion=id%3A81\"}},\"attributes\":{\"drupal_internal__tid\":81,\"drupal_internal__revision_id\":81,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:09:11+00:00\",\"status\":true,\"name\":\"Data Guardian\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:09:11+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/vid?resourceVersion=id%3A81\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/relationships/vid?resourceVersion=id%3A81\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/revision_user?resourceVersion=id%3A81\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/relationships/revision_user?resourceVersion=id%3A81\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/parent?resourceVersion=id%3A81\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/relationships/parent?resourceVersion=id%3A81\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab?resourceVersion=id%3A61\"}},\"attributes\":{\"drupal_internal__tid\":61,\"drupal_internal__revision_id\":61,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:12+00:00\",\"status\":true,\"name\":\"Information System Security Officer (ISSO)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:12+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/vid?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/vid?resourceVersion=id%3A61\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/revision_user?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/revision_user?resourceVersion=id%3A61\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/parent?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/parent?resourceVersion=id%3A61\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34?resourceVersion=id%3A76\"}},\"attributes\":{\"drupal_internal__tid\":76,\"drupal_internal__revision_id\":76,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:55+00:00\",\"status\":true,\"name\":\"System / Business Owner\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:55+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/vid?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/vid?resourceVersion=id%3A76\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/revision_user?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/revision_user?resourceVersion=id%3A76\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/parent?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/parent?resourceVersion=id%3A76\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e?resourceVersion=id%3A71\"}},\"attributes\":{\"drupal_internal__tid\":71,\"drupal_internal__revision_id\":71,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:42+00:00\",\"status\":true,\"name\":\"System Teams\",\"description\":null,\"weight\":0,\"changed\":\"2024-08-02T21:29:47+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/vid?resourceVersion=id%3A71\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/relationships/vid?resourceVersion=id%3A71\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/revision_user?resourceVersion=id%3A71\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/relationships/revision_user?resourceVersion=id%3A71\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/parent?resourceVersion=id%3A71\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/relationships/parent?resourceVersion=id%3A71\"}}}}},{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38?resourceVersion=id%3A21\"}},\"attributes\":{\"drupal_internal__tid\":21,\"drupal_internal__revision_id\":21,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:05:35+00:00\",\"status\":true,\"name\":\"Federal Policy \u0026 Guidance\",\"description\":null,\"weight\":3,\"changed\":\"2023-03-10T19:04:22+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":{\"drupal_internal__target_id\":\"topics\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/vid?resourceVersion=id%3A21\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/relationships/vid?resourceVersion=id%3A21\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/revision_user?resourceVersion=id%3A21\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/relationships/revision_user?resourceVersion=id%3A21\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/parent?resourceVersion=id%3A21\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/relationships/parent?resourceVersion=id%3A21\"}}}}},{\"type\":\"paragraph--page_section\",\"id\":\"4ffd074a-8ca7-41ad-8c6c-d270330af3fa\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/4ffd074a-8ca7-41ad-8c6c-d270330af3fa?resourceVersion=id%3A19016\"}},\"attributes\":{\"drupal_internal__id\":1146,\"drupal_internal__revision_id\":19016,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T17:06:13+00:00\",\"parent_id\":\"316\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":{\"value\":\"$18\",\"format\":\"body_text\",\"processed\":\"$19\"}},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":{\"drupal_internal__target_id\":\"page_section\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/4ffd074a-8ca7-41ad-8c6c-d270330af3fa/paragraph_type?resourceVersion=id%3A19016\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/4ffd074a-8ca7-41ad-8c6c-d270330af3fa/relationships/paragraph_type?resourceVersion=id%3A19016\"}}},\"field_specialty_item\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/4ffd074a-8ca7-41ad-8c6c-d270330af3fa/field_specialty_item?resourceVersion=id%3A19016\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/4ffd074a-8ca7-41ad-8c6c-d270330af3fa/relationships/field_specialty_item?resourceVersion=id%3A19016\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"3d88d941-7844-4a24-8d87-b884cf205f36\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/3d88d941-7844-4a24-8d87-b884cf205f36?resourceVersion=id%3A19017\"}},\"attributes\":{\"drupal_internal__id\":1941,\"drupal_internal__revision_id\":19017,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T20:52:21+00:00\",\"parent_id\":\"316\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/3d88d941-7844-4a24-8d87-b884cf205f36/paragraph_type?resourceVersion=id%3A19017\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/3d88d941-7844-4a24-8d87-b884cf205f36/relationships/paragraph_type?resourceVersion=id%3A19017\"}}},\"field_link\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"630cad0d-24c7-44f0-8b25-b3ab2faf97cf\",\"meta\":{\"drupal_internal__target_id\":671}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/3d88d941-7844-4a24-8d87-b884cf205f36/field_link?resourceVersion=id%3A19017\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/3d88d941-7844-4a24-8d87-b884cf205f36/relationships/field_link?resourceVersion=id%3A19017\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"5087f368-5c99-41a5-b39b-e27bc9df3950\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5087f368-5c99-41a5-b39b-e27bc9df3950?resourceVersion=id%3A19018\"}},\"attributes\":{\"drupal_internal__id\":1946,\"drupal_internal__revision_id\":19018,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T20:52:44+00:00\",\"parent_id\":\"316\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5087f368-5c99-41a5-b39b-e27bc9df3950/paragraph_type?resourceVersion=id%3A19018\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5087f368-5c99-41a5-b39b-e27bc9df3950/relationships/paragraph_type?resourceVersion=id%3A19018\"}}},\"field_link\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"a279358b-5b24-49bc-a98e-11681bd7e65c\",\"meta\":{\"drupal_internal__target_id\":326}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5087f368-5c99-41a5-b39b-e27bc9df3950/field_link?resourceVersion=id%3A19018\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5087f368-5c99-41a5-b39b-e27bc9df3950/relationships/field_link?resourceVersion=id%3A19018\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"4b2ee6b4-cbfd-46c8-a65f-9b2b18e1a793\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b2ee6b4-cbfd-46c8-a65f-9b2b18e1a793?resourceVersion=id%3A19019\"}},\"attributes\":{\"drupal_internal__id\":1951,\"drupal_internal__revision_id\":19019,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T20:53:13+00:00\",\"parent_id\":\"316\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b2ee6b4-cbfd-46c8-a65f-9b2b18e1a793/paragraph_type?resourceVersion=id%3A19019\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b2ee6b4-cbfd-46c8-a65f-9b2b18e1a793/relationships/paragraph_type?resourceVersion=id%3A19019\"}}},\"field_link\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"adea5bd3-a6c3-4b20-a953-0673e8f5ac17\",\"meta\":{\"drupal_internal__target_id\":706}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b2ee6b4-cbfd-46c8-a65f-9b2b18e1a793/field_link?resourceVersion=id%3A19019\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b2ee6b4-cbfd-46c8-a65f-9b2b18e1a793/relationships/field_link?resourceVersion=id%3A19019\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"dd735dee-c392-4312-bc59-7a2163ad21a6\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dd735dee-c392-4312-bc59-7a2163ad21a6?resourceVersion=id%3A19020\"}},\"attributes\":{\"drupal_internal__id\":3517,\"drupal_internal__revision_id\":19020,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-07-15T18:59:09+00:00\",\"parent_id\":\"316\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dd735dee-c392-4312-bc59-7a2163ad21a6/paragraph_type?resourceVersion=id%3A19020\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dd735dee-c392-4312-bc59-7a2163ad21a6/relationships/paragraph_type?resourceVersion=id%3A19020\"}}},\"field_link\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"af385f5f-f61b-47af-a235-7dc48efd251e\",\"meta\":{\"drupal_internal__target_id\":381}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dd735dee-c392-4312-bc59-7a2163ad21a6/field_link?resourceVersion=id%3A19020\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dd735dee-c392-4312-bc59-7a2163ad21a6/relationships/field_link?resourceVersion=id%3A19020\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"b88a7b64-a818-4f85-b969-a2f77482f8ce\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/b88a7b64-a818-4f85-b969-a2f77482f8ce?resourceVersion=id%3A19021\"}},\"attributes\":{\"drupal_internal__id\":3518,\"drupal_internal__revision_id\":19021,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-07-15T18:59:18+00:00\",\"parent_id\":\"316\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/b88a7b64-a818-4f85-b969-a2f77482f8ce/paragraph_type?resourceVersion=id%3A19021\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/b88a7b64-a818-4f85-b969-a2f77482f8ce/relationships/paragraph_type?resourceVersion=id%3A19021\"}}},\"field_link\":{\"data\":{\"type\":\"node--library\",\"id\":\"76ca103f-df48-4164-be97-c4a6902a3f94\",\"meta\":{\"drupal_internal__target_id\":1171}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/b88a7b64-a818-4f85-b969-a2f77482f8ce/field_link?resourceVersion=id%3A19021\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/b88a7b64-a818-4f85-b969-a2f77482f8ce/relationships/field_link?resourceVersion=id%3A19021\"}}}}},{\"type\":\"node--explainer\",\"id\":\"630cad0d-24c7-44f0-8b25-b3ab2faf97cf\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf?resourceVersion=id%3A6076\"}},\"attributes\":{\"drupal_internal__nid\":671,\"drupal_internal__vid\":6076,\"langcode\":\"en\",\"revision_timestamp\":\"2025-01-15T16:28:16+00:00\",\"status\":true,\"title\":\"Zero Trust \",\"created\":\"2023-02-02T19:12:26+00:00\",\"changed\":\"2025-01-15T16:28:16+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/zero-trust\",\"pid\":661,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"ISPGZeroTrust@cms.hhs.gov\",\"field_contact_name\":\"Zero Trust Team\",\"field_short_description\":{\"value\":\"Security paradigm that requires the continuous verification of system users to promote system security\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eSecurity paradigm that requires the continuous verification of system users to promote system security\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#cms-zero-trust\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/node_type?resourceVersion=id%3A6076\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/node_type?resourceVersion=id%3A6076\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"bebd6b4a-b250-4060-a68d-15e540df32b8\",\"meta\":{\"drupal_internal__target_id\":138}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/revision_uid?resourceVersion=id%3A6076\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/revision_uid?resourceVersion=id%3A6076\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/uid?resourceVersion=id%3A6076\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/uid?resourceVersion=id%3A6076\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"9271f09e-6087-42ce-9b2a-2ddf6888888d\",\"meta\":{\"target_revision_id\":19936,\"drupal_internal__target_id\":536}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_page_section?resourceVersion=id%3A6076\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_page_section?resourceVersion=id%3A6076\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"c6911d3e-5198-4b35-ac2a-13d123aedee1\",\"meta\":{\"target_revision_id\":19941,\"drupal_internal__target_id\":3398}},{\"type\":\"paragraph--internal_link\",\"id\":\"2bcabaa5-d621-42c9-bdc8-e0b80b3869d3\",\"meta\":{\"target_revision_id\":19946,\"drupal_internal__target_id\":1616}},{\"type\":\"paragraph--internal_link\",\"id\":\"670741af-bf41-4d99-a21c-a24dc57f4424\",\"meta\":{\"target_revision_id\":19951,\"drupal_internal__target_id\":3499}},{\"type\":\"paragraph--internal_link\",\"id\":\"f7a739a6-3d16-4633-bfad-fd8f469ffb64\",\"meta\":{\"target_revision_id\":19956,\"drupal_internal__target_id\":1611}},{\"type\":\"paragraph--internal_link\",\"id\":\"80d01d00-9ecf-4254-8e6e-a9242e8289f1\",\"meta\":{\"target_revision_id\":19961,\"drupal_internal__target_id\":1621}},{\"type\":\"paragraph--internal_link\",\"id\":\"d576257b-f5ba-4ad4-a81b-7628a82e8dce\",\"meta\":{\"target_revision_id\":19966,\"drupal_internal__target_id\":1626}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_related_collection?resourceVersion=id%3A6076\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_related_collection?resourceVersion=id%3A6076\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":{\"drupal_internal__target_id\":131}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_resource_type?resourceVersion=id%3A6076\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_resource_type?resourceVersion=id%3A6076\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":{\"drupal_internal__target_id\":66}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_roles?resourceVersion=id%3A6076\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_roles?resourceVersion=id%3A6076\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"meta\":{\"drupal_internal__target_id\":21}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_topics?resourceVersion=id%3A6076\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_topics?resourceVersion=id%3A6076\"}}}}},{\"type\":\"node--explainer\",\"id\":\"a279358b-5b24-49bc-a98e-11681bd7e65c\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c?resourceVersion=id%3A5942\"}},\"attributes\":{\"drupal_internal__nid\":326,\"drupal_internal__vid\":5942,\"langcode\":\"en\",\"revision_timestamp\":\"2024-10-17T14:55:23+00:00\",\"status\":true,\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"created\":\"2022-08-29T15:22:00+00:00\",\"changed\":\"2024-10-17T14:55:23+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/fedramp\",\"pid\":316,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"FedRAMP@cms.hhs.gov\",\"field_contact_name\":\"CMS FedRAMP PMO\",\"field_short_description\":{\"value\":\"Provides a federally-recognized and standardized security framework for all cloud products and services\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eProvides a federally-recognized and standardized security framework for all cloud products and services\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#fedramp\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/node_type?resourceVersion=id%3A5942\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/node_type?resourceVersion=id%3A5942\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"d3421e1d-1fda-4bd0-83ab-e404455b0e66\",\"meta\":{\"drupal_internal__target_id\":114}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/revision_uid?resourceVersion=id%3A5942\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/revision_uid?resourceVersion=id%3A5942\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/uid?resourceVersion=id%3A5942\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/uid?resourceVersion=id%3A5942\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"2ce39e48-81e4-4bea-a0ff-04f25ddd0041\",\"meta\":{\"target_revision_id\":19451,\"drupal_internal__target_id\":1171}},{\"type\":\"paragraph--page_section\",\"id\":\"77ea2e89-2433-4815-b869-52b2d900029e\",\"meta\":{\"target_revision_id\":19452,\"drupal_internal__target_id\":1211}},{\"type\":\"paragraph--page_section\",\"id\":\"deedf0fe-44e9-4015-90a1-f86ce6cbaf24\",\"meta\":{\"target_revision_id\":19462,\"drupal_internal__target_id\":3431}},{\"type\":\"paragraph--page_section\",\"id\":\"2b2216d8-24c3-4940-930f-6e79f68a279a\",\"meta\":{\"target_revision_id\":19472,\"drupal_internal__target_id\":1261}},{\"type\":\"paragraph--page_section\",\"id\":\"cbda5c42-489d-4480-85f5-db10db44de3e\",\"meta\":{\"target_revision_id\":19474,\"drupal_internal__target_id\":1266}},{\"type\":\"paragraph--page_section\",\"id\":\"37970dd4-a515-4370-a09f-f5177c2f98c2\",\"meta\":{\"target_revision_id\":19475,\"drupal_internal__target_id\":3433}},{\"type\":\"paragraph--page_section\",\"id\":\"434b1960-73e8-43fa-9b9e-253ce35fa55a\",\"meta\":{\"target_revision_id\":19476,\"drupal_internal__target_id\":3434}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/field_page_section?resourceVersion=id%3A5942\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/field_page_section?resourceVersion=id%3A5942\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"7a5f06f0-e0ba-4ed2-aade-79b2233ec125\",\"meta\":{\"target_revision_id\":19477,\"drupal_internal__target_id\":1956}},{\"type\":\"paragraph--internal_link\",\"id\":\"61509c21-9c9e-48d0-8110-b98574cee727\",\"meta\":{\"target_revision_id\":19478,\"drupal_internal__target_id\":1961}},{\"type\":\"paragraph--internal_link\",\"id\":\"c2480fc7-b7c3-49d4-8643-cd42bcd3b56b\",\"meta\":{\"target_revision_id\":19479,\"drupal_internal__target_id\":1966}},{\"type\":\"paragraph--internal_link\",\"id\":\"63dffb2c-c587-4991-8523-142b2378a5aa\",\"meta\":{\"target_revision_id\":19480,\"drupal_internal__target_id\":3435}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/field_related_collection?resourceVersion=id%3A5942\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/field_related_collection?resourceVersion=id%3A5942\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":{\"drupal_internal__target_id\":131}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/field_resource_type?resourceVersion=id%3A5942\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/field_resource_type?resourceVersion=id%3A5942\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":{\"drupal_internal__target_id\":66}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/field_roles?resourceVersion=id%3A5942\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/field_roles?resourceVersion=id%3A5942\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"meta\":{\"drupal_internal__target_id\":21}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/field_topics?resourceVersion=id%3A5942\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/field_topics?resourceVersion=id%3A5942\"}}}}},{\"type\":\"node--explainer\",\"id\":\"adea5bd3-a6c3-4b20-a953-0673e8f5ac17\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17?resourceVersion=id%3A5740\"}},\"attributes\":{\"drupal_internal__nid\":706,\"drupal_internal__vid\":5740,\"langcode\":\"en\",\"revision_timestamp\":\"2024-07-31T23:05:04+00:00\",\"status\":true,\"title\":\"CMS Enterprise Data Encryption (CEDE)\",\"created\":\"2023-02-08T23:02:09+00:00\",\"changed\":\"2024-07-31T23:05:04+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/cms-enterprise-data-encryption-cede\",\"pid\":696,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CISO@cms.hhs.gov\",\"field_contact_name\":\"ISPG Policy Team\",\"field_short_description\":{\"value\":\"How CMS satisfies federal requirements for the encryption of data to keep sensitive information safe\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eHow CMS satisfies federal requirements for the encryption of data to keep sensitive information safe\u003c/p\u003e\\n\"},\"field_slack_channel\":[\" #ispg-sec_privacy-policy\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/node_type?resourceVersion=id%3A5740\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/relationships/node_type?resourceVersion=id%3A5740\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":{\"drupal_internal__target_id\":6}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/revision_uid?resourceVersion=id%3A5740\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/relationships/revision_uid?resourceVersion=id%3A5740\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":{\"drupal_internal__target_id\":6}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/uid?resourceVersion=id%3A5740\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/relationships/uid?resourceVersion=id%3A5740\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"4b1d8d6e-a8a2-4e11-80a6-27a405215623\",\"meta\":{\"target_revision_id\":18947,\"drupal_internal__target_id\":991}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/field_page_section?resourceVersion=id%3A5740\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/relationships/field_page_section?resourceVersion=id%3A5740\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"fd0df184-c977-437e-a3cf-dca03ceb1ece\",\"meta\":{\"target_revision_id\":18948,\"drupal_internal__target_id\":1766}},{\"type\":\"paragraph--internal_link\",\"id\":\"30c05b72-b1c5-4a6c-8763-f01546196041\",\"meta\":{\"target_revision_id\":18949,\"drupal_internal__target_id\":1771}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/field_related_collection?resourceVersion=id%3A5740\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/relationships/field_related_collection?resourceVersion=id%3A5740\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":{\"drupal_internal__target_id\":131}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/field_resource_type?resourceVersion=id%3A5740\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/relationships/field_resource_type?resourceVersion=id%3A5740\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/field_roles?resourceVersion=id%3A5740\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/relationships/field_roles?resourceVersion=id%3A5740\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"c12221c3-2c7e-4eb0-903f-0470aad63bf0\",\"meta\":{\"drupal_internal__target_id\":16}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/field_topics?resourceVersion=id%3A5740\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/adea5bd3-a6c3-4b20-a953-0673e8f5ac17/relationships/field_topics?resourceVersion=id%3A5740\"}}}}},{\"type\":\"node--explainer\",\"id\":\"af385f5f-f61b-47af-a235-7dc48efd251e\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e?resourceVersion=id%3A5993\"}},\"attributes\":{\"drupal_internal__nid\":381,\"drupal_internal__vid\":5993,\"langcode\":\"en\",\"revision_timestamp\":\"2024-12-03T14:43:06+00:00\",\"status\":true,\"title\":\"National Institute of Standards and Technology (NIST)\",\"created\":\"2022-08-29T16:46:36+00:00\",\"changed\":\"2024-12-03T14:43:06+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/national-institute-standards-and-technology-nist\",\"pid\":371,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CISO@cms.hhs.gov\",\"field_contact_name\":\"ISPG Policy Team\",\"field_short_description\":{\"value\":\"Information about NIST and how the agency's policies and guidance relate to security and privacy at CMS\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eInformation about NIST and how the agency\u0026#039;s policies and guidance relate to security and privacy at CMS\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#security_community\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/node_type?resourceVersion=id%3A5993\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/node_type?resourceVersion=id%3A5993\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":{\"drupal_internal__target_id\":6}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/revision_uid?resourceVersion=id%3A5993\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/revision_uid?resourceVersion=id%3A5993\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/uid?resourceVersion=id%3A5993\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/uid?resourceVersion=id%3A5993\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"65807e01-7389-4561-8818-b4453d59c7ac\",\"meta\":{\"target_revision_id\":19645,\"drupal_internal__target_id\":496}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_page_section?resourceVersion=id%3A5993\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_page_section?resourceVersion=id%3A5993\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"858b57e7-3499-42a6-9fd4-b045a2aa9c42\",\"meta\":{\"target_revision_id\":19646,\"drupal_internal__target_id\":2001}},{\"type\":\"paragraph--internal_link\",\"id\":\"d171c5fe-3bb3-47be-bd3e-c53cc75c4f9e\",\"meta\":{\"target_revision_id\":19647,\"drupal_internal__target_id\":2011}},{\"type\":\"paragraph--internal_link\",\"id\":\"26c9c7a0-fcc3-4d04-ab8c-21924a868e28\",\"meta\":{\"target_revision_id\":19648,\"drupal_internal__target_id\":2286}},{\"type\":\"paragraph--internal_link\",\"id\":\"4e888450-31b6-43e1-95a0-9ac56298fcc9\",\"meta\":{\"target_revision_id\":19649,\"drupal_internal__target_id\":2281}},{\"type\":\"paragraph--internal_link\",\"id\":\"f43c4cb2-4d4e-4020-a165-aab378f6254d\",\"meta\":{\"target_revision_id\":19650,\"drupal_internal__target_id\":2291}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_related_collection?resourceVersion=id%3A5993\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_related_collection?resourceVersion=id%3A5993\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":{\"drupal_internal__target_id\":131}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_resource_type?resourceVersion=id%3A5993\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_resource_type?resourceVersion=id%3A5993\"}}},\"field_roles\":{\"data\":[],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_roles?resourceVersion=id%3A5993\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_roles?resourceVersion=id%3A5993\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"meta\":{\"drupal_internal__target_id\":21}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_topics?resourceVersion=id%3A5993\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_topics?resourceVersion=id%3A5993\"}}}}},{\"type\":\"node--library\",\"id\":\"76ca103f-df48-4164-be97-c4a6902a3f94\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94?resourceVersion=id%3A5872\"}},\"attributes\":{\"drupal_internal__nid\":1171,\"drupal_internal__vid\":5872,\"langcode\":\"en\",\"revision_timestamp\":\"2024-08-20T13:08:41+00:00\",\"status\":true,\"title\":\"CMS Guide to Federal Laws, Regulations, and Policies\",\"created\":\"2024-02-16T17:33:29+00:00\",\"changed\":\"2024-08-07T15:53:44+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/policy-guidance/cms-guide-federal-laws-regulations-and-policies\",\"pid\":1172,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":{\"value\":\"$1a\",\"format\":\"body_text\",\"processed\":\"$1b\",\"summary\":\"\"},\"field_contact_email\":\"CISO@cms.hhs.gov\",\"field_contact_name\":\"CISO Team\",\"field_last_reviewed\":\"2024-02-16\",\"field_related_resources\":[{\"uri\":\"https://security.cms.gov/learn/cms-governance-risk-and-compliance-grc\",\"title\":\"CMS Governance, Risk, and Compliance (GRC)\",\"options\":[],\"url\":\"https://security.cms.gov/learn/cms-governance-risk-and-compliance-grc\"},{\"uri\":\"https://csrc.nist.gov/publications/sp\",\"title\":\"NIST Special Publications\",\"options\":[],\"url\":\"https://csrc.nist.gov/publications/sp\"},{\"uri\":\"https://csrc.nist.gov/publications/fips\",\"title\":\"Federal Information Processing Standards (FIPS)\",\"options\":[],\"url\":\"https://csrc.nist.gov/publications/fips\"}],\"field_short_description\":{\"value\":\"A comprehensive list of the federal laws, regulations, and policies that shape how information security and privacy are managed at CMS\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eA comprehensive list of the federal laws, regulations, and policies that shape how information security and privacy are managed at CMS\u003c/p\u003e\\n\"}},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"ab4b0312-f678-40b9-ae06-79025f52ff43\",\"meta\":{\"drupal_internal__target_id\":\"library\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/node_type?resourceVersion=id%3A5872\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/relationships/node_type?resourceVersion=id%3A5872\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"0a524d8d-c305-48cb-b7e8-ac3897f622d2\",\"meta\":{\"drupal_internal__target_id\":105}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/revision_uid?resourceVersion=id%3A5872\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/relationships/revision_uid?resourceVersion=id%3A5872\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":{\"drupal_internal__target_id\":6}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/uid?resourceVersion=id%3A5872\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/relationships/uid?resourceVersion=id%3A5872\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"e3394b9a-cbff-4bad-b68e-c6fad326132e\",\"meta\":{\"drupal_internal__target_id\":91}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/field_resource_type?resourceVersion=id%3A5872\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/relationships/field_resource_type?resourceVersion=id%3A5872\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":{\"drupal_internal__target_id\":66}},{\"type\":\"taxonomy_term--roles\",\"id\":\"a2b33f6a-8172-4862-9c0e-6e5076b6cf26\",\"meta\":{\"drupal_internal__target_id\":81}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/field_roles?resourceVersion=id%3A5872\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/relationships/field_roles?resourceVersion=id%3A5872\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"c12221c3-2c7e-4eb0-903f-0470aad63bf0\",\"meta\":{\"drupal_internal__target_id\":16}},{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"meta\":{\"drupal_internal__target_id\":21}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/field_topics?resourceVersion=id%3A5872\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/relationships/field_topics?resourceVersion=id%3A5872\"}}}}}],\"includedMap\":{\"d185e460-4998-4d2b-85cb-b04f304dfb1b\":\"$1c\",\"4420e728-6dc2-4022-bf8d-5bd1329e5e64\":\"$26\",\"dca2c49b-4a12-4d5f-859d-a759444160a4\":\"$2a\",\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\":\"$2e\",\"9d999ae3-b43c-45fb-973e-dffe50c27da5\":\"$48\",\"a2b33f6a-8172-4862-9c0e-6e5076b6cf26\":\"$62\",\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\":\"$7c\",\"f591f442-c0b0-4b8e-af66-7998a3329f34\":\"$96\",\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\":\"$b0\",\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\":\"$ca\",\"4ffd074a-8ca7-41ad-8c6c-d270330af3fa\":\"$e4\",\"3d88d941-7844-4a24-8d87-b884cf205f36\":\"$f7\",\"5087f368-5c99-41a5-b39b-e27bc9df3950\":\"$109\",\"4b2ee6b4-cbfd-46c8-a65f-9b2b18e1a793\":\"$11b\",\"dd735dee-c392-4312-bc59-7a2163ad21a6\":\"$12d\",\"b88a7b64-a818-4f85-b969-a2f77482f8ce\":\"$13f\",\"630cad0d-24c7-44f0-8b25-b3ab2faf97cf\":\"$151\",\"a279358b-5b24-49bc-a98e-11681bd7e65c\":\"$19b\",\"adea5bd3-a6c3-4b20-a953-0673e8f5ac17\":\"$1ed\",\"af385f5f-f61b-47af-a235-7dc48efd251e\":\"$22d\",\"76ca103f-df48-4164-be97-c4a6902a3f94\":\"$26f\"}}}]\n"])</script><script>self.__next_f.push([1,"a:[[\"$\",\"meta\",\"0\",{\"name\":\"viewport\",\"content\":\"width=device-width, initial-scale=1\"}],[\"$\",\"meta\",\"1\",{\"charSet\":\"utf-8\"}],[\"$\",\"title\",\"2\",{\"children\":\"Federal Information Security Modernization Act (FISMA) | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"3\",{\"name\":\"description\",\"content\":\"FISMA is federal legislation that defines a framework of guidelines and security standards to protect government information and operations\"}],[\"$\",\"link\",\"4\",{\"rel\":\"canonical\",\"href\":\"https://security.cms.gov/learn/federal-information-security-modernization-act-fisma\"}],[\"$\",\"meta\",\"5\",{\"name\":\"google-site-verification\",\"content\":\"GMZIwBDJgz_o_JYUB2GpJazkrs7P85BaWDsoCjxF32M\"}],[\"$\",\"meta\",\"6\",{\"property\":\"og:title\",\"content\":\"Federal Information Security Modernization Act (FISMA) | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"7\",{\"property\":\"og:description\",\"content\":\"FISMA is federal legislation that defines a framework of guidelines and security standards to protect government information and operations\"}],[\"$\",\"meta\",\"8\",{\"property\":\"og:url\",\"content\":\"https://security.cms.gov/learn/federal-information-security-modernization-act-fisma\"}],[\"$\",\"meta\",\"9\",{\"property\":\"og:image:type\",\"content\":\"image/jpeg\"}],[\"$\",\"meta\",\"10\",{\"property\":\"og:image:width\",\"content\":\"1200\"}],[\"$\",\"meta\",\"11\",{\"property\":\"og:image:height\",\"content\":\"630\"}],[\"$\",\"meta\",\"12\",{\"property\":\"og:image\",\"content\":\"https://security.cms.gov/learn/federal-information-security-modernization-act-fisma/opengraph-image.jpg?d21225707c5ed280\"}],[\"$\",\"meta\",\"13\",{\"property\":\"og:type\",\"content\":\"website\"}],[\"$\",\"meta\",\"14\",{\"name\":\"twitter:card\",\"content\":\"summary_large_image\"}],[\"$\",\"meta\",\"15\",{\"name\":\"twitter:title\",\"content\":\"Federal Information Security Modernization Act (FISMA) | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"16\",{\"name\":\"twitter:description\",\"content\":\"FISMA is federal legislation that defines a framework of guidelines and security standards to protect government information and operations\"}],[\"$\",\"meta\",\"17\",{\"name\":\"twitter:image:type\",\"content\":\"image/jpeg\"}],[\"$\",\"meta\",\"18\",{\"name\":\"twitter:image:width\",\"content\":\"1200\"}],[\"$\",\"meta\",\"19\",{\"name\":\"twitter:image:height\",\"content\":\"630\"}],[\"$\",\"meta\",\"20\",{\"name\":\"twitter:image\",\"content\":\"https://security.cms.gov/learn/federal-information-security-modernization-act-fisma/opengraph-image.jpg?d21225707c5ed280\"}],[\"$\",\"link\",\"21\",{\"rel\":\"icon\",\"href\":\"/favicon.ico\",\"type\":\"image/x-icon\",\"sizes\":\"48x48\"}]]\n"])</script><script>self.__next_f.push([1,"4:null\n"])</script></body></html>
Reference in a new issue View git blame Copy permalink