cms-gov/security.cms.gov/policy-guidance/cms-guide-federal-laws-regulations-and-policies
2025-02-28 14:41:14 -05:00

1 line
No EOL
1 MiB
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="preload" as="image" href="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg" fetchPriority="high"/><link rel="stylesheet" href="/_next/static/css/ef46db3751d8e999.css" data-precedence="next"/><link rel="stylesheet" href="/_next/static/css/0759e90f4fecfde7.css" data-precedence="next"/><link rel="preload" as="script" fetchPriority="low" href="/_next/static/chunks/webpack-182b67d00f496f9d.js"/><script src="/_next/static/chunks/fd9d1056-ad09c71b7719f2fb.js" async=""></script><script src="/_next/static/chunks/23-260042deb5df7a88.js" async=""></script><script src="/_next/static/chunks/main-app-6de3c3100b91a0a9.js" async=""></script><script src="/_next/static/chunks/30-49b1c1429d73281d.js" async=""></script><script src="/_next/static/chunks/317-0f87feacc1712b2f.js" async=""></script><script src="/_next/static/chunks/223-bc9ed43510898bbb.js" async=""></script><script src="/_next/static/chunks/app/layout-9fc24027bc047aa2.js" async=""></script><script src="/_next/static/chunks/972-6e520d137ef194fb.js" async=""></script><script src="/_next/static/chunks/app/page-cc829e051925e906.js" async=""></script><script src="/_next/static/chunks/app/template-d264bab5e3061841.js" async=""></script><script src="/_next/static/chunks/e37a0b60-b74be3d42787b18d.js" async=""></script><script src="/_next/static/chunks/904-dbddf7494c3e6975.js" async=""></script><script src="/_next/static/chunks/549-c87c1c3bbacc319f.js" async=""></script><script src="/_next/static/chunks/app/policy-guidance/%5Bslug%5D/page-d95d3b4ebc8065f9.js" async=""></script><link rel="preload" href="/assets/javascript/uswds-init.min.js" as="script"/><link rel="preload" href="/assets/javascript/uswds.min.js" as="script"/><title>CMS Guide to Federal Laws, Regulations, and Policies | CMS Information Security &amp; Privacy Group</title><meta name="description" content="A comprehensive list of the federal laws, regulations, and policies that shape how information security and privacy are managed at CMS"/><link rel="canonical" href="https://security.cms.gov/policy-guidance/cms-guide-federal-laws-regulations-and-policies"/><meta name="google-site-verification" content="GMZIwBDJgz_o_JYUB2GpJazkrs7P85BaWDsoCjxF32M"/><meta property="og:title" content="CMS Guide to Federal Laws, Regulations, and Policies | CMS Information Security &amp; Privacy Group"/><meta property="og:description" content="A comprehensive list of the federal laws, regulations, and policies that shape how information security and privacy are managed at CMS"/><meta property="og:url" content="https://security.cms.gov/policy-guidance/cms-guide-federal-laws-regulations-and-policies"/><meta property="og:image:type" content="image/jpeg"/><meta property="og:image:width" content="1200"/><meta property="og:image:height" content="630"/><meta property="og:image" content="https://security.cms.gov/policy-guidance/cms-guide-federal-laws-regulations-and-policies/opengraph-image.jpg?a856d5522b751df7"/><meta property="og:type" content="website"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:title" content="CMS Guide to Federal Laws, Regulations, and Policies | CMS Information Security &amp; Privacy Group"/><meta name="twitter:description" content="A comprehensive list of the federal laws, regulations, and policies that shape how information security and privacy are managed at CMS"/><meta name="twitter:image:type" content="image/jpeg"/><meta name="twitter:image:width" content="1200"/><meta name="twitter:image:height" content="630"/><meta name="twitter:image" content="https://security.cms.gov/policy-guidance/cms-guide-federal-laws-regulations-and-policies/opengraph-image.jpg?a856d5522b751df7"/><link rel="icon" href="/favicon.ico" type="image/x-icon" sizes="48x48"/><script>(self.__next_s=self.__next_s||[]).push(["/assets/javascript/uswds-init.min.js",{}])</script><script src="/_next/static/chunks/polyfills-78c92fac7aa8fdd8.js" noModule=""></script></head><body><a class="usa-skipnav" href="#main">Skip to main content</a><section class="usa-banner" aria-label="Official website of the United States government"><div class="usa-accordion"><header class="usa-banner__header"><div class="usa-banner__inner"><div class="grid-col-auto"><img aria-hidden="true" alt="" loading="lazy" width="16" height="11" decoding="async" data-nimg="1" class="usa-banner__header-flag" style="color:transparent" srcSet="/_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&amp;w=16&amp;q=75 1x, /_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&amp;w=32&amp;q=75 2x" src="/_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&amp;w=32&amp;q=75"/></div><div class="grid-col-fill tablet:grid-col-auto" aria-hidden="true"><p class="usa-banner__header-text">An official website of the United States government</p><p class="usa-banner__header-action">Here&#x27;s how you know</p></div><button type="button" class="usa-accordion__button usa-banner__button" aria-expanded="false" aria-controls="gov-banner-default-default"><span class="usa-banner__button-text">Here&#x27;s how you know</span></button></div></header><div class="usa-banner__content usa-accordion__content" id="gov-banner-default-default" hidden=""><div class="grid-row grid-gap-lg"><div class="usa-banner__guidance tablet:grid-col-6"><img role="img" alt="" aria-hidden="true" loading="lazy" width="40" height="40" decoding="async" data-nimg="1" class="usa-banner__icon usa-media-block__img" style="color:transparent" src="/_next/static/media/icon-dot-gov.3e9cb1b5.svg"/><div class="usa-media-block__body"><p><strong>Official websites use .gov</strong><br/>A <strong>.gov</strong> website belongs to an official government organization in the United States.</p></div></div><div class="usa-banner__guidance tablet:grid-col-6"><img role="img" alt="" aria-hidden="true" loading="lazy" width="40" height="40" decoding="async" data-nimg="1" class="usa-banner__icon usa-media-block__img" style="color:transparent" src="/_next/static/media/icon-https.e7f1a222.svg"/><div class="usa-media-block__body"><p><strong>Secure .gov websites use HTTPS</strong><br/>A <strong>lock</strong> (<span class="icon-lock"><svg xmlns="http://www.w3.org/2000/svg" width="52" height="64" viewBox="0 0 52 64" class="usa-banner__lock-image" role="img" aria-labelledby="banner-lock-description-default" focusable="false"><title id="banner-lock-title-default">Lock</title><desc id="banner-lock-description-default">Locked padlock icon</desc><path fill="#000000" fill-rule="evenodd" d="M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z"></path></svg></span>) or <strong>https://</strong> means you&#x27;ve safely connected to the .gov website. Share sensitive information only on official, secure websites.</p></div></div></div></div></div></section><div class="usa-overlay"></div><header class="usa-header usa-header--extended"><div class="bg-primary-dark"><div class="usa-navbar"><div class="usa-logo padding-y-4 padding-right-3" id="CyberGeek-logo"><a title="CMS CyberGeek Home" href="/"><img alt="CyberGeek logo" fetchPriority="high" width="298" height="35" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg"/></a></div><button aria-label="Open menu" type="button" class="usa-menu-btn" data-cy="menu-button">Menu</button></div></div><nav aria-label="Primary navigation" class="usa-nav padding-0 desktop:width-auto bg-white grid-container float-none"><div class="usa-nav__inner"><button type="button" class="usa-nav__close margin-0"><img alt="Close" loading="lazy" width="24" height="24" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/close.1fafc2aa.svg"/></button><ul class="usa-nav__primary usa-accordion"><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="roles"><span>Roles</span></button><ul id="roles" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Roles</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/information-system-security-officer-isso">Information System Security Officer (ISSO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook"><span>ISSO Handbook</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos"><span>Getting started (for new ISSOs)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/isso-mentorship-program"><span>ISSO Mentorship Program</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook#training"><span>ISSO Training</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/data-guardian">Data Guardian</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/data-guardian-handbook"><span>Data Guardian Handbook</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/cyber-risk-advisor-cra">Cyber Risk Advisor (CRA)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks"><span>CMS Security and Privacy Handbooks</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters"><span>Risk Management Handbook (RMH)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/business-system-owner">Business / System Owner (BO/SO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity and Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-information-exchange-agreement-iea"><span>Information Exchange Agreement (IEA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-computer-matching-agreement-cma"><span>Computer Matching Agreement (CMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/isso-service"><span>ISSO As A Service</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="compliance-authorization"><span>Compliance &amp; Authorization</span></button><ul id="compliance-authorization" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Compliance &amp; Authorization</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/learn/authorization-operate-ato">Authorization to Operate (ATO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato"><span>About ATO at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#types-of-authorizations"><span>Types of authorizations</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#ato-stakeholders"><span>ATO stakeholders</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#related-documents-and-resources"><span>ATO tools and resources</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-technical-reference-architecture-tra"><span>CMS Technical Reference Architecture (TRA)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/learn/ongoing-authorization-oa">Ongoing Authorization (OA)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/ongoing-authorization-oa"><span>About OA at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa"><span>OA eligibility requirements</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Assessments &amp; Audits</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/security-impact-analysis-sia"><span>Security Impact Analysis (SIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/system-audits"><span>System Audits</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="policy-guidance"><span>Policy &amp; Guidance</span></button><ul id="policy-guidance" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Policy &amp; Guidance</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/cms-policies-and-guidance">CMS Policies and Guidance</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-acceptable-risk-safeguards-ars"><span>CMS Acceptable Risk Safeguards (ARS)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-systems-security-privacy-policy-is2p2"><span>CMS Information Security and Privacy Policy (IS2P2)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks"><span>CMS Security and Privacy Handbooks</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/cms-risk-management-framework-rmf"><span>CMS Risk Management Framework (RMF)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/email-encryption-requirements-cms"><span>CMS Email Encryption</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/federal-policies-and-guidance">Federal Policies and Guidance</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/national-institute-standards-and-technology-nist"><span>National Institute of Standards and Technology (NIST)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/federal-information-security-modernization-act-fisma"><span>Federal Information Security Modernization Act (FISMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/fedramp"><span>Federal Risk and Authorization Management Program (FedRAMP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/zero-trust"><span>Zero Trust</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="system-security"><span>System Security</span></button><ul id="system-security" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">System Security</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/application-security">Application Security</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/threat-modeling"><span>Threat Modeling</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/zero-trust"><span>Zero Trust</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cloud-services"><span>CMS Cloud Services</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/software-bill-materials-sbom"><span>Software Bill of Materials (SBOM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/security-operations">Security Operations</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir"><span>Incident Response</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cybersecurity-integration-center-ccic"><span>CMS Cybersecurity Integration Center (CCIC)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/risk-management-and-reporting">Risk Management and Reporting</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cyber-risk-reports"><span>Cyber Risk Reports</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/plan-action-and-milestones-poam"><span>Plan of Action and Milestones (POA&amp;M)</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="privacy"><span>Privacy</span></button><ul id="privacy" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Privacy</span></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Agreements</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-computer-matching-agreement-cma"><span>Computer Matching Agreement (CMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-information-exchange-agreement-iea"><span>Information Exchange Agreement (IEA)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Privacy Activities</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/breach-response"><span>Breach Response</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/system-records-notice-sorn"><span>System of Records Notice (SORN)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Privacy Resources</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/ispg/privacy"><span>Privacy at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-breach-response-handbook"><span>CMS Breach Response Handbook</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/health-insurance-portability-and-accountability-act-1996-hipaa"><span>Health Insurance Portability and Accessibility Act (HIPAA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-privacy-impact-assessment-pia-handbook"><span>CMS Privacy Impact Assessment (PIA) Handbook</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="tools-services"><span>Tools &amp; Services</span></button><ul id="tools-services" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Tools &amp; Services</span></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Reporting &amp; Compliance</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/isso-service"><span>ISSO As A Service</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-fisma-continuous-tracking-system-cfacts"><span>CFACTS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cyber-risk-reports"><span>Cyber Risk Reports and Dashboards</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">System Security</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/threat-modeling"><span>Threat Modeling</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cloud-services"><span>CMS Cloud Services</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cybersecurity-integration-center-ccic"><span>CMS Cybersecurity Integration Center (CCIC)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/cms-security-data-lake-sdl"><span>CMS Security Data Lake (SDL)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Tests &amp; Assessments</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li></ul></section></div></li></ul></li></ul><div class="usa-nav__secondary padding-left-2"><section aria-label="Header search box"><form class="usa-search usa-search--small" role="search" action="/search"><label class="usa-sr-only" for="header-search-box">Search</label><input class="usa-input search__input" id="header-search-box" type="search" name="ispg[query]"/><button aria-label="header search box button" class="usa-button" id="header-search-box-btn" type="submit"><svg aria-describedby="searchIcon" class="usa-icon" aria-hidden="true" focusable="false" role="img"><title id="searchIcon">Search</title><use href="/assets/img/sprite.svg#search"></use></svg></button></form></section></div></div></nav></header><main id="main"><div id="template"><!--$--><!--/$--><section class="hero hero--theme-library undefined"><div class="maxw-widescreen margin-x-auto padding-x-2 desktop:padding-x-0 padding-top-4 padding-bottom-6 desktop:padding-y-7"><div class="tablet:grid-container position-relative "><div class="hero__row grid-row grid-gap"><div class="tablet:grid-col-5 widescreen:position-relative"></div><div class="hero__column tablet:grid-col-7 flow padding-bottom-2"><h1 class="hero__heading margin-0 line-height-sans-3 desktop:line-height-sans-2">CMS Guide to Federal Laws, Regulations, and Policies</h1><p class="hero__description">A comprehensive list of the federal laws, regulations, and policies that shape how information security and privacy are managed at CMS</p><p class="font-sans-2xs line-height-sans-5 margin-bottom-0">Last reviewed<!-- -->: <!-- -->2/16/2024</p><div class="hero__meta radius-lg padding-x-2 padding-y-1 bg-white font-sans-2xs line-height-sans-5 display-inline-block text-primary-darker">Contact: <span class="text-bold">CISO Team</span><span class="hidden-mobile"> | </span><span class="break-mobile"><a href="mailto:CISO@cms.hhs.gov">CISO@cms.hhs.gov</a></span></div></div></div></div></div></section><div class="grid-container"><div class="grid-row grid-gap margin-top-5"><div class="tablet:grid-col-4"><nav class="table-of-contents overflow-y-auto overflow-x-hidden position-sticky top-3 padding-1 radius-lg shadow-2 display-none tablet:display-block" aria-label="Table of contents"><div class="text-uppercase text-bold border-bottom border-base-lighter padding-bottom-1">Table of Contents</div><p class="text-italic text-base font-sans-xs">No table of content entries to display.</p></nav></div><div class="tablet:grid-col-8"><section class="resource-collection radius-md padding-y-2 padding-x-3 bg-base-lightest"><h1 class="resource-collection__header h3 margin-top-0 margin-bottom-2">Related Resources</h1><div class="grid-row grid-gap-4"><div class="tablet:grid-col-4 tablet:margin-top-0"><a class="text-no-underline text-bold" href="https://security.cms.gov/learn/cms-governance-risk-and-compliance-grc">CMS Governance, Risk, and Compliance (GRC)<svg class="usa-icon" aria-hidden="true" role="img" data-testid="library-resources-external"><use href="/assets/img/sprite.svg#launch"></use></svg></a></div><div class="tablet:grid-col-4 margin-top-4 tablet:margin-top-0"><a class="text-no-underline text-bold" href="https://csrc.nist.gov/publications/sp">NIST Special Publications<svg class="usa-icon" aria-hidden="true" role="img" data-testid="library-resources-external"><use href="/assets/img/sprite.svg#launch"></use></svg></a></div><div class="tablet:grid-col-4 margin-top-4 tablet:margin-top-0"><a class="text-no-underline text-bold" href="https://csrc.nist.gov/publications/fips">Federal Information Processing Standards (FIPS)<svg class="usa-icon" aria-hidden="true" role="img" data-testid="library-resources-external"><use href="/assets/img/sprite.svg#launch"></use></svg></a></div></div></section><section><div class="text-block text-block--theme-library"><p>There are federal laws, regulations, and policies outside of CMS that shape how security and privacy is managed inside CMS. This page contains a comprehensive list of these external requirements, and shows how they relate to the security and privacy policies and guidance at CMS.</p><p><strong>DISCLAIMER:</strong></p><p><em>The laws, regulations, standards, and guidelines provided herein are considered a work in progress and are subject to continuous updates. While we strive to ensure the accuracy and relevance of the information presented, it is important to note that legislative changes, regulatory updates, or evolving standards may impact the content provided. Users are encouraged to regularly check for the latest revisions and consult official sources to ensure compliance with the most current legal and regulatory requirements. The information offered is intended for general informational purposes only and should not be construed as legal advice. Any reliance on the content provided is at the user's own risk. We reserve the right to modify, amend, or update the information without prior notice.</em></p><p><strong>QUESTIONS OR COMMENTS?</strong> Check out CMS Slack channel:&nbsp;</p><p><a href="https://cmsgov.slack.com/archives/C06KFL4RSSC"># cms_fed_laws_policies</a></p><h2>Federal Laws</h2><p>Laws are passed by both branches of Congress and signed by the President. Laws establish requirements or prohibitions. This list contains all federal laws that relate to information security and privacy at CMS.</p><h3>FISMA</h3><p><strong>Title: </strong><a href="https://www.cisa.gov/topics/cyber-threats-and-advisories/federal-information-security-modernization-act">Federal Information Security Modernization Act of 2014 (FISMA 2014</a>)</p><p><strong>Description: </strong>Federal legislation that defines a framework of guidelines and security standards to protect government information and operations</p><p><strong>Date released: </strong>Dec 2014</p><p><strong>Oversight responsibility: </strong>Department of Homeland Security (DHS)</p><p><strong>Notes: </strong>FISMA 2014 amends the FISMA of 2002</p><h3>The Privacy Act of 1974</h3><p><strong>Title: </strong><a href="https://www.justice.gov/opcl/overview-privacy-act-1974-2020-edition/introduction">The Privacy Act of 1974</a></p><p><strong>Description: </strong>Establishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies</p><p><strong>Date released:</strong> Sep 1975</p><p><strong>Oversight responsibility: </strong>Office of Management and Budget (OMB)</p><p><strong>Notes:</strong></p><h3>HIPAA</h3><p><strong>Title: </strong><a href="https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html">Health Insurance Portability and Accountability Act (HIPAA) of 1996</a></p><p><strong>Description: </strong>Federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patients consent or knowledge</p><p><strong>Date released: </strong>Aug 1996</p><p><strong>Oversight responsibility: </strong>Department of Health and Human Services (HHS)</p><p><strong>Notes: </strong>HHS issued the Privacy Rule and the Security Rule to implement the requirement of HIPAA</p><h3>E-Government Act</h3><p><strong>Title: </strong><a href="https://www.justice.gov/opcl/e-government-act-2002">E-Government Act of 2002</a></p><p><strong>Description: </strong>Improves the management of Federal e-government services and processes involving the collection, maintenance, or dissemination of public or personal information</p><p><strong>Date released: </strong>Dec 2002</p><p><strong>Oversight responsibility: </strong>Office of Management and Budget (OMB)</p><p><strong>Notes: </strong>Section 208 requires Privacy Impact Assessments (PIAs)</p><h3>FedRAMP</h3><p><strong>Title: </strong><a href="https://www.fedramp.gov/program-basics/">Federal Risk and Authorization Management Program (FedRAMP)</a></p><p><strong>Description: </strong>A government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies</p><p><strong>Date released: </strong>2011</p><p><strong>Oversight responsibility:&nbsp;</strong></p><ul><li>Joint Authorization Board (JAB)</li><li>Department of Defense (DoD)</li><li>Department of Homeland Security (DHS)</li><li>General Services Administration (GSA)</li></ul><p><strong>Notes:&nbsp;</strong></p><h3>Computer Matching and Privacy Protection Act of 1988</h3><p><strong>Title: </strong><a href="https://www.congress.gov/bill/100th-congress/senate-bill/496">Computer Matching and Privacy Protection Act of 1988</a></p><p><strong>Description: </strong>Requires agencies engaged in computer matching activities to provide notice to individuals if their information is being disclosed to other federal and state agencies</p><p><strong>Date released: </strong>Sep 1988</p><p><strong>Oversight responsibility:&nbsp;</strong></p><ul><li>Office of Management and Budget (OMB)</li><li>Government Accountability Office (GAO)</li></ul><p><strong>Notes:</strong></p><h3>Section 508</h3><p><strong>Title: </strong><a href="https://www.section508.gov/manage/laws-and-policies/">Section 508 of the Rehabilitation Act</a></p><p><strong>Description: </strong>A federal law that requires agencies to provide individuals with disabilities equal access to electronic information and data comparable to those who do not have disabilities, unless an undue burden would be imposed on the agency</p><p><strong>Date released: </strong>1988</p><p><strong>Oversight responsibility:&nbsp;</strong></p><ul><li>Office of Management and Budget (OMB)</li><li>U.S. Access Board</li><li>General Services Administration (GSA)</li></ul><p><strong>Notes: </strong>Amended in 2000</p><h3>HSPD-12</h3><p><strong>Title: </strong><a href="https://www.dhs.gov/homeland-security-presidential-directive-12">Homeland Security Presidential Directive 12 (HSPD-12)</a></p><p><strong>Description: </strong>A Government-wide standard for a secure and reliable form of identification issued by the Federal government to its employees and employees of Federal contractors for access to Federally-controlled facilities and Government information systems</p><p><strong>Date released: </strong>Aug 2004</p><p><strong>Oversight responsibility: </strong>Department of Homeland Security (DHS)</p><p><strong>Notes:&nbsp;</strong></p><h3>FASCSA</h3><p><strong>Title: </strong><a href="https://www.congress.gov/bill/115th-congress/senate-bill/3085/text">Federal Acquisition Supply Chain Security Act (FASCSA) of 2018</a></p><p><strong>Description: </strong>To establish a Federal Acquisition Security Council and to provide executive agencies with authorities relating to mitigating supply chain risks in the procurement of information technology, and for other purposes</p><p><strong>Date released: </strong>Dec 2018</p><p><strong>Oversight responsibility: </strong>Government Accountability Office (GAO)</p><p><strong>Notes:&nbsp;</strong></p><h3>FITARA</h3><p><strong>Title: </strong><a href="https://www.cio.gov/handbook/it-laws/fitara-2014/">Federal Information Technology Acquisition Reform Act (FITARA) of 2014</a></p><p><strong>Description: </strong>Strengthens the role of agency Chief Information Officers (CIOs) and provided greater accountability for the delivery of IT capabilities across the Federal Government</p><p><strong>Date released: </strong>Dec 2014</p><p><strong>Oversight responsibility: </strong>Office of Management and Budget (OMB)</p><p><strong>Notes: </strong>OMB M-15-14 implements</p><h3>MMA of 2003</h3><p><strong>Title: </strong><a href="https://www.ssa.gov/privacy/pia/Medicare%20Modernization%20Act%20(MMA)%20FY07.htm">Medicare Prescription Drug, Improvement, and Modernization Act (MMA) of 2003</a></p><p><strong>Description: </strong>Amended section 1144 of the Social Security Act to require the Commissioner of Social Security to conduct additional outreach efforts to identify individuals entitled to benefits, or enrolled under the Medicare program under Title XVIII, who may be eligible for transitional assistance under the Medicare Prescription Drug Discount Card Program and premium and cost-sharing subsidies under the Prescription Drug Card Part D Program</p><p><strong>Date released: </strong>Dec 2003</p><p><strong>Oversight responsibility: </strong>Department of Health and Human Services (HHS) - Centers for MEDICARE &amp; MEDICAID Services (CMS)</p><p><strong>Notes:&nbsp;</strong></p><h3>Buy America Act</h3><p><strong>Title: </strong><a href="https://www.gao.gov/products/105519">Buy America Act</a></p><p><strong>Description: </strong>Requires Federal agencies to procure domestic materials and products</p><p><strong>Date released: </strong>Apr 1978</p><p><strong>Oversight responsibility: </strong>Government Accountability Office (GAO)</p><p><strong>Notes:&nbsp;</strong></p><h3>No TikTok on Government Devices Act</h3><p><strong>Title: </strong><a href="https://www.congress.gov/bill/117th-congress/senate-bill/1143">No TikTok on Government Devices Act</a></p><p><strong>Description: </strong>Requires the social media video application TikTok to be removed from the information technology of federal agencies</p><p><strong>Date released: </strong>Dec 2022</p><p><strong>Oversight responsibility: </strong>Office of Management and Budget (OMB)</p><p><strong>Notes:&nbsp;</strong></p><h3>FOIA</h3><p><strong>Title: </strong><a href="https://www.foia.gov/">Freedom of Information Act (FOIA)</a></p><p><strong>Description: </strong>Provides that any person has the right to request access to federal agency records or information except to the extent the records are protected from disclosure by any of nine exemptions contained in the law or by one of three special law enforcement record exclusions</p><p><strong>Date released: </strong>Jul 1967</p><p><strong>Oversight responsibility: </strong>Department of Justice (DOJ)</p><p><strong>Notes:&nbsp;</strong></p><h3>IG Act of 1978</h3><p><strong>Title: </strong><a href="https://www.ignet.gov/content/inspector-general-act-1978">Inspectors General Act (IG Act) of 1978</a></p><p><strong>Description: </strong>Creates Inspector General positions and offices in more than a dozen specific departments and agencies. The Act gave these inspectors general the authority to review the internal documents of their departments or offices. They were given responsibility to investigate fraud, to give policy advice (5 U.S.C. § 404; IG Act, sec. 4), to handle certain complaints by employees, and to report to the heads of their agencies and to Congress on their activities every six months</p><p><strong>Date released: </strong>Oct 1978</p><p><strong>Oversight responsibility: </strong>Department of Homeland Security (DHS)</p><p><strong>Notes:&nbsp;</strong></p><h3>DOTGOV Act of 2020</h3><p><strong>Title: </strong><a href="https://www.federalregister.gov/documents/2022/07/26/2022-15670/federal-management-regulation-fmr-internet-gov-domain">DOTGOV Online Trust in Government Act of 2020</a></p><p><strong>Description: </strong>Transfers the DotGov internet domain program, as operated by the General Services Administration under title 41, Code of Federal Regulations, to DHS CISA. The Act also orders that on the date CISA begins operational administration of the DotGov internet domain program, the GSA Administrator shall rescind the requirements in part 102173 of title 41, Code of Federal Regulations applicable to any Federal, State, local, or territorial government entity, or other publicly controlled entity, including any Tribal government recognized by the Federal Government or a State government that is registering or operating a DotGov internet domain. Finally, the DOTGOV orders that in place of the requirements in part 102173 of title 41, Code of Federal Regulations, CISA, in consultation with the Director of Management and Budget (OMB), shall establish and publish a new set of requirements for the registration and operation of DotGov domains.</p><p><strong>Date released: </strong>Dec 2020</p><p><strong>Oversight responsibility: </strong>Department of Homeland Security (DHS) - Cybersecurity &amp; Infrastructure Security Agency (CISA)</p><p><strong>Notes: </strong>Part of the Consolidated Appropriations Act, 2021</p><h3>Government Performance and Results Act (GPRA) of 1993</h3><p><strong>Title: </strong><a href="https://www.federalreserve.gov/publications/gpra.htm">Government Performance and Results Act (GPRA) of 1993</a></p><p><strong>Description:</strong> Requires federal agencies to prepare a strategic plan covering a multiyear period and requires each agency to submit an annual performance plan and an annual performance report.</p><p><strong>Date released: </strong>Aug 1993</p><p><strong>Oversight responsibility: </strong>Office of Management and Budget (OMB)</p><p><strong>Notes:&nbsp;</strong></p><h3>Federal Acquisition Streamlining Act (FASA) of 1994</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/bill/103rd-congress/senate-bill/1587">Federal Acquisition Streamlining Act (FASA) of 1994</a></p><p><strong>Description:</strong> Streamlines the federal governments acquisition system and dramatically changes the way the government performs its contracting functions. Generally, the statute seeks to: (1) increase the governments reliance on commercial goods and services; (2) streamline the procurement process for high volume, low value acquisitions; (3) improve access by small businesses to government contracting opportunities; (4) improve the bid protest process; and (5) extend the Truth in Negotiations Act to civilian agencies and raise the threshold for submitting certified cost or pricing data under that Act.</p><p><strong>Date released: </strong>Oct 1994</p><p><strong>Oversight responsibility:</strong> Office of Management and Budget (OMB)</p><p><strong>Notes:&nbsp;</strong></p><h3>Paperwork Reduction Act (PRA) of 1995</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/bill/104th-congress/senate-bill/244">Paperwork Reduction Act (PRA) of 1995</a></p><p><strong>Description:</strong> Requires that agencies obtain Office of Management and Budget (OMB) approval before requesting most types of information from the public. “Information collections” include forms, interviews, and record keeping, to name a few categories.</p><p><strong>Date released: </strong>May 1995</p><p><strong>Oversight responsibility: </strong>Office of Management and Budget (OMB)</p><p><strong>Notes:&nbsp;</strong></p><h3>Federal Financial Management Improvement Act of 1996</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/bill/104th-congress/house-bill/4319">Federal Financial Management Improvement Act of 1996</a></p><p><strong>Description:</strong> Advances Federal financial management by ensuring that Federal financial management systems provide accurate, reliable, and timely financial management information to the governments managers.</p><p><strong>Date released: </strong>Sep 1996</p><p><strong>Oversight responsibility: </strong>Office of Management and Budget (OMB)</p><p><strong>Notes:</strong></p><h3>Clinger-Cohen Act of 1996</h3><p><strong>Title:</strong> <a href="https://www.cio.gov/handbook/it-laws/clinger-cohen-act/">Clinger-Cohen Act of 1996</a></p><p><strong>Description:</strong> The IT Management Reform Act (ITMRA) and the Federal Acquisition Reform Act (FARA) together make up the Clinger-Cohen Act</p><p><strong>Date released: </strong>Feb 1996</p><p><strong>Oversight responsibility: </strong>Office of Management and Budget (OMB)</p><p><strong>Notes:</strong></p><h3>Federal Records Act (FRA) (Records Management Act of 1950)</h3><p><strong>Title:</strong> <a href="https://presidentialtransition.org/wp-content/uploads/sites/6/2020/11/Federal-Records-Act-Overview.pdf">Records Management Act of 1950 / Federal Records Act (FRA)</a></p><p><strong>Description:</strong> Designed to ensure that institutional records of vital historical, fiscal and legal value are identified and preserved by the government, providing the public with a historical record of federal; decision-making.</p><p><strong>Date released: </strong>Jul 1950</p><p><strong>Oversight responsibility: </strong>National Archives and Records Administration (NARA)</p><p><strong>Notes:</strong></p><h3>Section 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)</h3><p><strong>Title:</strong> <a href="https://www.acquisition.gov/Section-889-Policies">Section 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)</a></p><p><strong>Description:</strong> Prohibits the Federal Government from procuring or obtaining, or extending or renewing a contract to procure or obtain “any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system,” on or after August 13, 2019, unless an exception applies or a waiver is granted.</p><p><strong>Date released: </strong>Jul 2020</p><p><strong>Oversight responsibility:&nbsp;</strong></p><ul><li>Department of Defense (DoD)</li><li>National Aeronautics and Space Administration (NASA)</li><li>General Services Administration (GSA)</li></ul><p><strong>Notes:</strong></p><h3>FITARA Enhancement Act of 2017</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/bill/115th-congress/house-bill/3243">FITARA Enhancement Act of 2017</a></p><p><strong>Description:</strong> An act to amend title 40, United States Code, to eliminate the sunset of certain provisions relating to information technology, to amend the National Defense Authorization Act for Fiscal Year 2015 to extend the sunset relating to the Federal Data Center Consolidation Initiative, and for other purposes.</p><p><strong>Date released: </strong>Nov 2017</p><p><strong>Oversight responsibility: </strong>Office of Management and Budget (OMB)</p><p><strong>Notes:</strong></p><h3>Making Electronic Government Accountable by Yielding Tangible Efficiencies (MEGABYTE) Act of 2016</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/bill/114th-congress/house-bill/4904/text">Making Electronic Government Accountable by Yielding Tangible Efficiencies (MEGABYTE) Act of 2016</a></p><p><strong>Description:</strong> Requires the Director of the Office of Management and Budget to issue a directive on the management of software licenses by the US federal government.</p><p><strong>Date released: </strong>Jul 2016</p><p><strong>Oversight responsibility: </strong>Office of Management and Budget (OMB)</p><p><strong>Notes:</strong></p><h3>Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure (SECURE) Technology Act</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/bill/115th-congress/house-bill/7327/text">Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure (SECURE) Technology Act</a></p><p><strong>Description:</strong> Requires the Secretary of Homeland Security to establish a security vulnerability disclosure policy, to establish a bug bounty program for the Department of Homeland Security, to amend title 41, United States Code, to provide for Federal acquisition supply chain security, and for other purposes.</p><p><strong>Date released: </strong>Dec 2018</p><p><strong>Oversight responsibility: </strong>Department of Homeland Security (DHS)</p><p><strong>Notes:</strong></p><h3>Communications Act of 1934</h3><p><strong>Title:</strong> <a href="https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1288">Communications Act of 1934</a></p><p><strong>Description:</strong> Combined and organized federal regulation of telephone, telegraph, and radio communications. The Act created the Federal Communications Commission (FCC) to oversee and regulate these industries. The Act is updated periodically to add provisions governing new communications technologies, such as broadcast, cable and satellite television.</p><p><strong>Date released: </strong>Jun 1934</p><p><strong>Oversight responsibility: </strong>Federal Communications Commission (FCC)</p><p><strong>Notes:</strong></p><h3>Workforce Innovation and Opportunities Act</h3><p><strong>Title:</strong> <a href="https://www.dol.gov/agencies/eta/wioa">Workforce Innovation and Opportunities Act</a></p><p><strong>Description:</strong> Designed to strengthen and improve our nation's public workforce system and help get Americans, including youth and those with significant barriers to employment, into high-quality jobs and careers and help employers hire and retain skilled workers.</p><p><strong>Date released: </strong>Jul 2014</p><p><strong>Oversight responsibility:&nbsp;</strong></p><ul><li>Department of Labor (DOL)</li><li>Department of Education (ED)</li><li>Department of Health and Human Services (HHS)</li></ul><p><strong>Notes:</strong></p><h3>Childrens Online Privacy Protection Act (COPPA) of 1998</h3><p><strong>Title:</strong> <a href="https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa">Childrens Online Privacy Protection Act (COPPA) of 1998</a></p><p><strong>Description:</strong> Imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.</p><p><strong>Date released: </strong>Apr 2020</p><p><strong>Oversight responsibility: </strong>Federal Trade Commission (FTC)</p><p><strong>Notes:</strong></p><h3>Government Paperwork Elimination Act of 1998</h3><p><strong>Title:</strong> <a href="https://www.cio.gov/handbook/it-laws/gpea/">Government Paperwork Elimination Act of 1998</a></p><p><strong>Description:</strong> It requires Federal agencies, by October 21, 2003, to provide individuals or entities that deal with agencies the option to submit information or transact with the agency electronically, and to maintain records electronically, when practicable.</p><p><strong>Date released: </strong>Oct 1998</p><p><strong>Oversight responsibility: </strong>Office of Management and Budget (OMB)</p><p><strong>Notes:</strong></p><h3>Federal Property and Administrative Services Act of 1949</h3><p><strong>Title:</strong> <a href="https://www.govinfo.gov/content/pkg/USCODE-2011-title40/html/USCODE-2011-title40-subtitleI-chap1.htm">Federal Property and Administrative Services Act of 1949</a></p><p><strong>Description:</strong> Establishes the General Services Administration (GSA). The act also provides for various Federal Standards to be published by the GSA.</p><p><strong>Date released: </strong>Jul 1949</p><p><strong>Oversight responsibility: </strong>General Services Administration (GSA)</p><p><strong>Notes:</strong></p><h3>Information Quality Act</h3><p><strong>Title:</strong> <a href="https://www.cio.gov/handbook/it-laws/information-quality-act/">Information Quality Act</a></p><p><strong>Description:</strong> Requires the OMB to promulgate guidance to agencies ensuring the quality, objectivity, utility, and integrity of information (including statistical information) disseminated by Federal agencies.</p><p><strong>Date released: </strong>Dec 2000</p><p><strong>Oversight responsibility: </strong>Office of Management and Budget (OMB)</p><p><strong>Notes:</strong></p><h3>Small Business Paperwork Relief Act of 2002</h3><p><strong>Title:</strong> <a href="https://www.sba.gov/document/policy-guidance--small-business-paperwork-relief-act-2002">Small Business Paperwork Relief Act of 2002</a></p><p><strong>Description:</strong> Institutes a process to reduce paperwork, and introduces measures to make it easier for small businesses to comply with the law.</p><p><strong>Date released: </strong>Jun 2002</p><p><strong>Oversight responsibility: </strong>Office of Management and Budget (OMB)</p><p><strong>Notes:</strong></p><h3>Cyber Security Research and Development Act of 2002</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/bill/107th-congress/house-bill/3394">Cyber Security Research and Development Act of 2002</a></p><p><strong>Description:</strong> Authorizes appropriations to the National Science Foundation (NSF) and to the Secretary of Commerce for the National Institute of Standards and Technology (NIST) to establish new programs, and to increase funding for certain current programs, for computer and network security (CNS) research and development and CNS research fellowships.</p><p><strong>Date released: </strong>Nov 2002</p><p><strong>Oversight responsibility:&nbsp;</strong></p><ul><li>National Science Foundation (NSF)</li><li>National Institute of Standards and Technology (NIST)</li></ul><p><strong>Notes:</strong></p><h3>Implementing Recommendations of the 9/11 Commission Act of 2007</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/bill/110th-congress/house-bill/1">Implementing Recommendations of the 9/11 Commission Act of 2007</a></p><p><strong>Description:</strong> Provides for implementation of recommendations of the National Commission on Terrorist Attacks Upon the United States (9/11 Commission).</p><p><strong>Date released: </strong>Aug 2007</p><p><strong>Oversight responsibility: </strong>Department of Homeland Security (DHS)</p><p><strong>Notes:</strong></p><h3>Federal Cybersecurity Workforce Assessment Act (FCWAA) of 2015</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/113/plaws/publ246/PLAW-113publ246.pdf">Federal Cybersecurity Workforce Assessment Act (FCWAA) of 2015</a></p><p><strong>Description:</strong> Requires the Secretary of Homeland Security to assess the cybersecurity workforce of the Department of Homeland Security and develop a comprehensive workforce strategy, and for other purposes.</p><p><strong>Date released: </strong>Dec 2014</p><p><strong>Oversight responsibility: </strong>Department of Homeland Security (DHS)</p><p><strong>Notes:</strong></p><h3>Whistleblower Protection Act of 1989</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/bill/101st-congress/senate-bill/20">Whistleblower Protection Act of 1989</a></p><p><strong>Description:</strong> Prohibits retaliation against most executive branch employees when they blow the whistle on &nbsp;ignificant agency wrongdoing or when they engage in protected conduct.</p><p><strong>Date released: </strong>Apr 1989</p><p><strong>Oversight responsibility: </strong>Office of Special Counsel</p><p><strong>Notes:</strong></p><h3>Computer Security Act of 1987</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/bill/100th-congress/house-bill/145/all-info">Computer Security Act of 1987</a></p><p><strong>Description:</strong> Provides for a computer standards program within the National Bureau of Standards, to provide for Government-wide computer security, and to provide for the training in security matters of persons who are involved in the management, operation, and use of Federal computer systems, and for other purposes.</p><p><strong>Date released: </strong>Jan 1988</p><p><strong>Oversight responsibility: </strong>National Institute of Standards and Technology (NIST)</p><p><strong>Notes:</strong></p><h3>Office of Federal Procurement Policy Act</h3><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/omb/management/office-federal-procurement-policy/">Office of Federal Procurement Policy Act</a></p><p><strong>Description:</strong> The Office of Federal Procurement Policy (OFPP) was established by Congress in 1974 to provide overall direction for government-wide procurement policies, regulations and procedures and to promote economy, efficiency, and effectiveness in acquisition processes.</p><p><strong>Date released:</strong> Aug 1974</p><p><strong>Oversight responsibility: </strong>Office of Management and Budget (OMB)</p><p><strong>Notes:</strong></p><h3>Federal Activities Inventory Reform (FAIR) Act</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/105/plaws/publ270/PLAW-105publ270.pdf">Federal Activities Inventory Reform (FAIR) Act</a></p><p><strong>Description:</strong> Requires federal agencies to submit to the Office of Management and Budget inventories of commercial activities performed by federal employees every year by June 30.</p><p><strong>Date released:</strong> Oct 1998</p><p><strong>Oversight responsibility: </strong>Office of Management and Budget (OMB)</p><p><strong>Notes:</strong></p><h3>Budget and Accounting Act of 1921</h3><p><strong>Title:</strong> <a href="https://www.gao.gov/assets/D03855.pdf">Budget and Accounting Act of 1921</a></p><p><strong>Description:</strong> Provides a national budget system and an independent audit of Government accounts, and for other purposes.</p><p><strong>Date released:</strong> Jun 1921</p><p><strong>Oversight responsibility: </strong>Office of Management and Budget (OMB)</p><p><strong>Notes:</strong></p><h3>Federal Managers' Financial Integrity Act</h3><p><strong>Title:</strong> <a href="https://obamawhitehouse.archives.gov/omb/financial_fmfia1982">Federal Managers Financial Integrity Act</a></p><p><strong>Description:</strong> Provides the statutory basis for managements responsibility for and assessment of accounting and administrative internal controls. Such controls include program, operational, and administrative areas, as well as accounting and financial management.</p><p><strong>Date released:</strong> Sep 1982</p><p><strong>Oversight responsibility: </strong>Office of Management and Budget (OMB)</p><p><strong>Notes:</strong></p><h3>Sarbanes-Oxley Act</h3><p><strong>Title:</strong> <a href="https://sarbanes-oxley-act.com/">Sarbanes-Oxley Act</a></p><p><strong>Description:</strong> Contains provisions affecting corporate governance, risk management, auditing, and financial reporting of public companies, including provisions intended to deter and punish corporate accounting fraud and corruption.</p><p><strong>Date released:</strong> Jul 2002</p><p><strong>Oversight responsibility: </strong>Public Company Accounting Oversight Board (PCAOB)</p><p><strong>Notes:</strong></p><h3>Digital Accountability and Transparency Act (DATA)</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/113/plaws/publ101/PLAW-113publ101.pdf">Digital Accountability and Transparency Act (DATA)</a></p><p><strong>Description:</strong> Requires federal agencies to prepare and submit standardized, accurate information about their spending.</p><p><strong>Date released:</strong> May 2014</p><p><strong>Oversight responsibility:&nbsp;</strong></p><ul><li>Office of Management and Budget (OMB)</li><li>Department of Treasury</li></ul><p><strong>Notes:</strong></p><h3>Electronic Signatures in Global and National Commerce (E-Sign) Act</h3><p><strong>Title:</strong> <a href="https://www.govinfo.gov/content/pkg/PLAW-106publ229/pdf/PLAW-106publ229.pdf">Electronic Signatures in Global and National Commerce (E-Sign) Act</a></p><p><strong>Description:</strong> Facilitates the use of electronic records and signatures in interstate or foreign commerce.</p><p><strong>Date released:</strong> Jun 2000</p><p><strong>Oversight responsibility:&nbsp;</strong></p><ul><li>Department of Commerce</li><li>Federal Trade Commission (FTC)</li></ul><p><strong>Notes: </strong>Specifies that, in the United States, the use of an electronic signature (e-signature) is as legally valid as a traditional signature written in ink on paper.</p><h3>Chief Financial Officers Act</h3><p><strong>Title:</strong> <a href="https://www.cio.gov/handbook/it-laws/cfo-act/">Chief Financial Officers Act</a></p><p><strong>Description:</strong> Gives OMB new authority and responsibility for directing federal financial management, modernizing the governments financial management systems, and strengthening financial reporting.</p><p><strong>Date released: </strong>Nov 1990</p><p><strong>Oversight responsibility: </strong>Office of Management and Budget (OMB)</p><p><strong>Notes:&nbsp;</strong></p><h3>Homeland Security Act of 2002</h3><p><strong>Title:</strong> <a href="https://www.dhs.gov/homeland-security-act-2002">Homeland Security Act of 2002</a></p><p><strong>Description:</strong> Established the Department of Homeland Security</p><p><strong>Date released: </strong>Nov 2002</p><p><strong>Oversight responsibility: </strong>Department of Homeland Security (DHS)</p><p><strong>Notes:&nbsp;</strong></p><h3>Health Information Technology for Economic and Clinical Health (HITECH) Act</h3><p><strong>Title:</strong> <a href="https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html">HITECH Act</a></p><p><strong>Description:</strong> Part of the American Recovery and Reinvestment Act of 2009 that incentivized the meaningful use of Electronic Health Records (EHRs) and strengthened the privacy and security provisions of HIPAA.</p><p><strong>Date released: </strong>Feb 2009</p><p><strong>Oversight responsibility:&nbsp;</strong></p><ul><li>Department of Health and Human Services (HHS)</li><li>Federal Trade Commission (FTC)</li></ul><p><strong>Notes:&nbsp;</strong></p><h3>Patient Protection and Affordable Care Act</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/bill/111th-congress/house-bill/3590">Patient Protection and Affordable Care Act</a></p><p><strong>Description:</strong> Ensures that all Americans have access to quality, affordable health care and will create the transformation within the health care system necessary to contain costs.</p><p><strong>Date released: </strong>Mar 2010</p><p><strong>Oversight responsibility: </strong>Department of Health and Human Services (HHS)</p><p><strong>Notes:&nbsp;</strong></p><h3>Government Performance and Results Act (GPRA) Modernization Act of 2010</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/111/plaws/publ352/PLAW-111publ352.pdf">Government Performance and Results Act (GPRA) Modernization Act of 2010</a></p><p><strong>Description:</strong> An amended version of the Government Performance and Results Act of 1993, it requires each executive agency to make its strategic plan available on its public website and to the OMB on the first Monday in February of any year following that in which the term of the President commences and to notify the President and Congress.</p><p><strong>Date released: </strong>Jan 2011</p><p><strong>Oversight responsibility:</strong> Office of Management and Budget (OMB)</p><p><strong>Notes:&nbsp;</strong></p><h3>Genetic Information Nondiscrimination Act (GINA)</h3><p><strong>Title:</strong> <a href="https://www.govinfo.gov/content/pkg/PLAW-110publ233/pdf/PLAW-110publ233.pdf">Genetic Information Nondiscrimination Act (GINA)</a></p><p><strong>Description:</strong> Protects individuals against discrimination based on their genetic information in health coverage and in employment.</p><p><strong>Date released: </strong>May 2008</p><p><strong>Oversight responsibility:</strong> Department of Health and Human Services (HHS)</p><p><strong>Notes:</strong></p><h3>Economy Act</h3><p><strong>Title:</strong> <a href="https://www.acquisition.gov/node/29803/printable/pdf">Economy Act</a></p><p><strong>Description:</strong> Authorizes agencies to enter into agreements to obtain <em>supplies</em> or services from another agency.</p><p><strong>Date released: </strong>May 1933</p><p><strong>Oversight responsibility:</strong> Federal Acquistition Regulations (FAR)</p><p><strong>Notes:</strong></p><h3>IPERIA</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/112/plaws/publ248/PLAW-112publ248.pdf">Improper Payments Elimination and Recovery Improvement Act (IPERIA) of 2012</a></p><p><strong>Description:</strong> Provides guidance on monitoring and reporting improper payments, and requires agencies to continue their review of programs and activities annually to identify those susceptible to significant improper payments and updates the definition of significant improper payments.</p><p><strong>Date released: </strong>Jan 2013</p><p><strong>Oversight responsibility:</strong> Office of Management and Budget (OMB)</p><p><strong>Notes:</strong></p><h3>Antideficiency Act (ADA)</h3><p><strong>Title:</strong> <a href="https://www.gao.gov/legal/appropriations-law/resources">Antideficiency Act (ADA)</a></p><p><strong>Description:</strong> Prohibits federal agencies from obligating or expending federal funds in advance or in excess of an appropriation, and from accepting voluntary services.</p><p><strong>Date released: </strong>Sep 1982</p><p><strong>Oversight responsibility:</strong> Government Accountability Offices (GAO)</p><p><strong>Notes:</strong></p><h3>Budget Control Act of 2011</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/112/plaws/publ25/PLAW-112publ25.pdf">Budget Control Act of 2011</a></p><p><strong>Description:</strong> Amends the Balanced Budget and Emergency Deficit Control Act of 1985 (Gramm-Rudman-Hollings Act) to revise sequestration requirements for enforcement of discretionary spending limits (spending caps).</p><p><strong>Date released: </strong>Aug 2011</p><p><strong>Oversight responsibility:</strong> Office of Management and Budget (OMB)</p><p><strong>Notes:</strong></p><h3>Federal Activities Inventory Reform (FAIR) Act of 1998</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/105/plaws/publ270/PLAW-105publ270.pdf">Federal Activities Inventory Reform (FAIR) Act of 1998</a></p><p><strong>Description:</strong> Requires federal agencies to submit to the Office of Management and Budget inventories of commercial activities performed by federal employees every year by June 30.</p><p><strong>Date released: </strong>Oct 1998</p><p><strong>Oversight responsibility:</strong> Office of Management and Budget (OMB)</p><p><strong>Notes:</strong></p><h3>Telework Enhancement Act of 2010</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/bill/111th-congress/house-bill/1722/text">Telework Enhancement Act of 2010</a></p><p><strong>Description:</strong> Requires the head of each executive agency to: (1) establish a policy under which eligible agency employees may be authorized to telework; (2) determine employee eligibility to participate in telework; and (3) notify all employees of their eligibility to telework.</p><p><strong>Date released: </strong>Dec 2010</p><p><strong>Oversight responsibility:</strong>&nbsp;</p><ul><li>Office of Personnel Management (OPM)</li><li>Federal Emergency Management Agency (FEMA)</li><li>General Services Administration (GSA)</li><li>National Archives and Records Administration (NARA)</li><li>Office of Management and Budget (OMB)</li><li>Department of Homeland Security (DHS)</li><li>National Institute of Standards and Technology (NIST)</li></ul><p><strong>Notes:</strong></p><h3>Plain Writing Act of 2010</h3><p><strong>Title:</strong> <a href="https://www.govinfo.gov/content/pkg/PLAW-111publ274/pdf/PLAW-111publ274.pdf">Plain Writing Act of 2010</a></p><p><strong>Description:</strong> Improves the effectiveness and accountability of Federal agencies to the public by promoting clear Government communication that the public can understand and use.</p><p><strong>Date released: </strong>Oct 2010</p><p><strong>Oversight responsibility:</strong> Office of Management and Budget (OMB)</p><p><strong>Notes:</strong></p><h3>Consolidated Appropriations Act of 2010</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/111/plaws/publ117/PLAW-111publ117.pdf">Consolidated Appropriations Act of 2010</a></p><p><strong>Description:</strong> An act making appropriations for the Departments of Transportation, and Housing and Urban Development, and related agencies for the fiscal year ending September 30, 2010, and for other purposes.</p><p><strong>Date released:</strong> Dec 2009</p><p><strong>Oversight responsibility:</strong> <a href="https://www.congress.gov/bill/111th-congress/house-bill/3288">Multiple agencies</a></p><p><strong>Notes:</strong> Many agencies oversee the guidance for this Act</p><h3>American Recovery and Reinvestment Act of 2009</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/bill/111th-congress/house-bill/1/text">American Recovery and Reinvestment Act of 2009</a></p><p><strong>Description:</strong> Developed in response to the Great Recession, the primary objective of this federal statute was to save existing jobs and create new ones as soon as possible. Other objectives were to provide temporary relief programs for those most affected by the recession and invest in infrastructure, education, health, and renewable energy.</p><p><strong>Date released: </strong>Feb 2009</p><p><strong>Oversight responsibility:</strong> <a href="https://www.congress.gov/bill/111th-congress/house-bill/1">Multiple agencies</a></p><p><strong>Notes:</strong> Many agencies oversee the guidance for this Act</p><h3>Project BioShield Act of 2004</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/bill/108th-congress/senate-bill/15/text">Project BioShield Act of 2004</a></p><p><strong>Description:</strong> Project BioShield was established to help incentivize private industry to develop vitally needed medical countermeasures by providing multi-year funding to support advanced research, clinical development, manufacture and procurement.</p><p><strong>Date released: </strong>Jul 2004</p><p><strong>Oversight responsibility:</strong> Department of Health and Human Services (HHS)</p><p><strong>Notes:</strong>&nbsp;</p><h3>Public Health Service Act</h3><p><strong>Title:</strong> <a href="https://www.ssa.gov/policy/docs/ssb/v7n8/v7n8p15.pdf">Public Health Service Act</a></p><p><strong>Description:</strong> Consolidates and revises the laws relating to the Public Health Service.</p><p><strong>Date released: </strong>Jul 1944</p><p><strong>Oversight responsibility:</strong> Department of Health and Human Services (HHS)</p><p><strong>Notes:</strong>&nbsp;</p><h3>Intelligence Reform and Terrorism Prevention Act of 2004</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/bill/108th-congress/senate-bill/2845/text">Intelligence Reform and Terrorism Prevention Act of 2004</a></p><p><strong>Description:</strong> Reforms the intelligence community and the intelligence and intelligence-related activities of the United States Government, and for other purposes.</p><p><strong>Date released: </strong>Dec 2004</p><p><strong>Oversight responsibility:</strong> Department of Homeland Security (DHS)</p><p><strong>Notes:</strong>&nbsp;</p><h3>Electronic Freedom of Information Act Amendments of 1996</h3><p><strong>Title:</strong> <a href="https://www.congress.gov/104/plaws/publ231/PLAW-104publ231.htm">Electronic Freedom of Information Act Amendments of 1996</a></p><p><strong>Description:</strong> The Freedom of Information Act (FOIA) established the public's right of access to government information, on the basis of openness and accountability. The 1996 Electronic Freedom of Information Act (e-FOIA) Amendments extended these principles to include electronic access to information.</p><p><strong>Date released:</strong> Oct 1996</p><p><strong>Oversight responsibility:</strong> Department of Justice (DoJ)</p><p><strong>Notes:</strong>&nbsp;</p><h3>Clarifying Lawful Overseas Use of Data (CLOUD) Act</h3><p><strong>Title:</strong> <a href="https://www.federalregister.gov/documents/2022/07/06/2022-14320/office-of-the-attorney-general-clarifying-lawful-overseas-use-of-data-act-attorney-general">Clarifying Lawful Overseas Use of Data (CLOUD) Act</a></p><p><strong>Description:</strong> Lifts certain restrictions under U.S. law on companies disclosing electronic data, in response to qualifying, lawful orders in investigations of serious crime, directly to a qualifying foreign government with which the United States has entered into an executive agreement governing access by the foreign government to covered data.</p><p><strong>Date released:</strong> Jul 2022</p><p><strong>Oversight responsibility:</strong> Department of Justice (DoJ)</p><p><strong>Notes:</strong></p><h2>Federal Regulations</h2><p>Regulations are published by executive branch agencies to clarify their interpretation of a law and how a law will be implemented. Regulations also state requirements or prohibitions. This list contains all federal regulations that relate to information security and privacy at CMS.</p><h3>B.O.D. 18-01</h3><p><strong>Title:</strong> <a href="https://www.cisa.gov/news-events/directives/bod-18-01-enhance-email-and-web-security">Binding Operational Directive (B.O.D) 18-01: Enhance Email and Web Security</a></p><p><strong>Description:</strong> Enhances the security of federal agencies' email and web systems to protect against cyber threats. The directive outlines specific actions that federal agencies must take to improve their email and web security posture, including implementing specific security protocols, enhancing monitoring capabilities, and strengthening authentication mechanisms.</p><p><strong>Date released:</strong> Oct 2017</p><p><strong>Implements Law:</strong> FISMA 2014</p><p><strong>Agency: </strong>Department of Homeland Security (DHS) - Cybersecurity &amp; Infrastructure Security Agency (CISA)</p><p><strong>Notes:&nbsp;</strong></p><h3>B.O.D. 18-02</h3><p><strong>Title: </strong><a href="https://www.cisa.gov/news-events/directives/bod-18-02-securing-high-value-assets">Binding Operation Directive (B.O.D.) 18-02 - Security High Value Assets (HVAs)</a></p><p><strong>Description: </strong>Enhances the Department of Homeland Security's coordinated approach to securing the federal governments HVAs from cybersecurity threats</p><p><strong>Date released: </strong>May 2018</p><p><strong>Implements Law: </strong>FISMA 2014</p><p><strong>Agency: </strong>Department of Homeland Security (DHS) - Cybersecurity &amp; Infrastructure Security Agency (CISA)</p><p><strong>Notes:&nbsp;</strong></p><h3>B.O.D. 20-01</h3><p><strong>Title:</strong> <a href="https://www.cisa.gov/news-events/directives/bod-20-01-develop-and-publish-vulnerability-disclosure-policy">Binding Operation Directive (B.O.D) 20-01: Develop and Publish a Vulnerability Disclosure Policy</a></p><p><strong>Description:</strong> Requires each agency to develop and publish a vulnerability disclosure policy (VDP) and maintain supporting handling procedures.</p><p><strong>Date released:</strong> Sep 2020</p><p><strong>Implements Law:</strong> OMB M-20-32</p><p><strong>Agency: </strong>Department of Homeland Security (DHS) - Cybersecurity &amp; Infrastructure Security Agency (CISA)</p><p><strong>Notes:&nbsp;</strong></p><h3>E.D. 19-01</h3><p><strong>Title:</strong> <a href="https://www.cisa.gov/news-events/directives/ed-19-01-mitigate-dns-infrastructure-tampering">Emergency Directive (E.D.) 19-01: Mitigate DNS Infrastructure Tampering</a></p><p><strong>Description:</strong> Requires agencies take near-term actions to mitigate risks from undiscovered tampering, enable agencies to prevent illegitimate DNS activity for their domains, and detect unauthorized certificates.</p><p><strong>Date released:</strong> Jan 2019</p><p><strong>Implements Law:</strong> Homeland Security Act of 2002</p><p><strong>Agency: </strong>Department of Homeland Security (DHS) - Cybersecurity &amp; Infrastructure Security Agency (CISA)</p><p><strong>Notes:&nbsp;</strong></p><h3>The Privacy Rule</h3><p><strong>Title: </strong><a href="https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html">The Privacy Rule</a></p><p><strong>Description: </strong>Assures that individuals' health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well being</p><p><strong>Date released: </strong>Dec 2000</p><p><strong>Implements Law: </strong>HIPAA</p><p><strong>Agency: </strong>Department of Health and Human Services (DHHS or HHS)</p><p><strong>Notes: </strong>Regulation that implements HIPAA requirements</p><h3>The Security Rule</h3><p><strong>Title: </strong><a href="https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html">The Security Rule</a></p><p><strong>Description: </strong>Establishes standards and safeguards for the secure handling of electronic protected health information (ePHI) by healthcare entities, aiming to ensure the confidentiality, integrity, and availability of sensitive health data</p><p><strong>Date released: </strong>Feb 2003</p><p><strong>Implements Law: </strong>HIPAA</p><p><strong>Agency: </strong>Department of Health and Human Services (DHHS or HHS)</p><p><strong>Notes: </strong>Regulation that implements HIPAA requirements</p><h3>FAR</h3><p><strong>Title: </strong><a href="https://www.acquisition.gov/sites/default/files/current/far/pdf/FAR.pdf">Federal Acquisition Regulation (FAR)</a></p><p><strong>Description: </strong>Primary regulation for use by all executive agencies in their acquisition of supplies and services with appropriated funds</p><p><strong>Date released: </strong>April 1984</p><p><strong>Implements Law: </strong>Competition in Contracting Act of 1984 - FAR: Title 48 of the Code of Federal Regulations (CFR).</p><p><strong>Agency: </strong>General Services Administration (GSA), Department of &nbsp;Defense (DOD), &amp; National Aeronautics and Space Administration (NASA)</p><p><strong>Notes:&nbsp;</strong></p><h3>Federal Accounting Standards Advisory Board (FASAB)</h3><p><strong>Title:</strong> <a href="https://fasab.gov/accounting-standards/">Federal Accounting Standards Advisory Board (FASAB)</a></p><p><strong>Description:</strong> Primary regulation for use by all executive agencies in their acquisition of supplies and services with appropriated funds</p><p><strong>Date released: </strong>Oct 1990</p><p><strong>Implements Law: </strong>Competition in Contracting Act of 1984 - FAR: Title 48 of the Code of Federal Regulations (CFR).</p><p><strong>Agency: </strong>Department of Treasury, Office of Management and Budget (OMB), &amp; Government Accountability Office (GAO)</p><p><strong>Notes:&nbsp;</strong></p><h2>Federal Information Processing Standards (FIPS) Publications</h2><p>Federal Information Processing Standards (FIPS) are standards and guidelines for federal computer systems that are developed by <a href="https://security.cms.gov/learn/national-institute-standards-and-technology-nist">National Institute of Standards and Technology (NIST)</a> in accordance with the <a href="https://security.cms.gov/learn/federal-information-security-modernization-act-fisma">Federal Information Security Management Act (FISMA)</a> and approved by the Secretary of Commerce.</p><p>FIPS Standards can be viewed and downloaded from the NIST Computer Security Resource Center (CSRC) website here: <a href="https://csrc.nist.gov/publications/fips">FIPS publications</a></p><p>Answers to Frequently Asked Questions about FIPS can be found on the NIST website here: <a href="https://www.nist.gov/standardsgov/compliance-faqs-federal-information-processing-standards-fips">FIPS FAQs</a></p><p>This list contains all FIPS publications that relate to information security and privacy at CMS.</p><h3>FIPS-202</h3><p><strong>Title: </strong><a href="https://csrc.nist.gov/pubs/fips/202/final">SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions</a></p><p><strong>Status: </strong>Final</p><p><strong>Release Date: </strong>8/4/2015</p><p><strong>Superseded by:</strong></p><h3>FIPS 201-3</h3><p><strong>Title: </strong><a href="https://csrc.nist.gov/pubs/fips/201-3/final">Personal Identity Verification (PIV) of Federal Employees and Contractors</a></p><p><strong>Status: </strong>Final</p><p><strong>Release Date: </strong>1/24/2022</p><p><strong>Superseded by:</strong></p><h3>FIPS 200</h3><p><strong>Title: </strong><a href="https://csrc.nist.gov/pubs/fips/200/final">Minimum Security Requirements for Federal Information and Information Systems</a>&nbsp;</p><p><strong>Status: </strong>Final</p><p><strong>Release Date: </strong>3/1/2006</p><p><strong>Superseded by:</strong></p><h3>FIPS 199</h3><p><strong>Title: </strong><a href="https://csrc.nist.gov/pubs/fips/199/final">Standards for Security Categorization of Federal Information and Information Systems</a>&nbsp;</p><p><strong>Status: </strong>Final</p><p><strong>Release Date: </strong>2/1/2004</p><p><strong>Superseded by:</strong></p><h3>FIPS 198-1</h3><p><strong>Title: </strong><a href="https://csrc.nist.gov/pubs/fips/198-1/final">The Keyed-Hash Message Authentication Code (HMAC)</a></p><p><strong>Status: </strong>Final</p><p><strong>Release Date: </strong>7/16/2008</p><p><strong>Superseded by:</strong></p><h3>FIPS 197</h3><p><strong>Title: </strong><a href="https://csrc.nist.gov/pubs/fips/197/final">Advanced Encryption Standard (AES)</a></p><p><strong>Status: </strong>Final</p><p><strong>Release Date: </strong>5/9/2023</p><p><strong>Superseded by:</strong></p><h3>FIPS 186-5</h3><p><strong>Title: </strong><a href="https://csrc.nist.gov/pubs/fips/186-5/final">Digital Signature Standard (DSS)</a></p><p><strong>Status: </strong>Final</p><p><strong>Release Date: </strong>2/13/2023</p><p><strong>Superseded by:</strong></p><h3>FIPS 180-4</h3><p><strong>Title: </strong><a href="https://csrc.nist.gov/pubs/fips/180-4/upd1/final">Secure Hash Standard (SHS)</a></p><p><strong>Status: </strong>Final</p><p><strong>Release Date: </strong>8/4/2015</p><p><strong>Superseded by:</strong></p><h3>FIPS 140-3</h3><p><strong>Title: </strong><a href="https://csrc.nist.gov/pubs/fips/140-3/final">Security Requirements for Cryptographic Modules</a></p><p><strong>Status: </strong>Final</p><p><strong>Release Date: </strong>3/22/2019</p><p><strong>Superseded by:</strong></p><h2>NIST S.P. Guidelines</h2><p>FIPS Publications may reference specific NIST Special Publications (S.P.) guidelines (SP800) and/or practices (SP1800), in which that guideline or practice becomes a governance policy for CMS FISMA systems.</p><p>All NIST Special Publications (SP 500, SP800 and SP1800) can be viewed and downloaded from the NIST Computer Security Resource Center (CSRC) website here: <a href="https://csrc.nist.gov/publications/sp">NIST S.P. list</a></p><p>NIST S.P. descriptions can be found on the NIST website here: <a href="https://www.nist.gov/nist-research-library/nist-special-publication-subseries-descriptions">NIST S.P. descriptions</a></p><p>The following list consists of NIST S.P.s that are CMS FISMA governance policy by way of FIPS references.</p><h3>500-267A</h3><p><strong>Title</strong>: <a href="https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-267Ar1.pdf">NIST IPv6 Profile</a></p><p><strong>FIPS Reference:</strong> N/A</p><h3>500-267B</h3><p><strong>Title</strong>: <a href="https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-267Br1.pdf">USGv6 Profile</a></p><p><strong>FIPS Reference:</strong> N/A</p><h3>500-281A</h3><p><strong>Title</strong>: <a href="https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=929798">USGv6 Test Program Guide</a></p><p><strong>FIPS Reference:</strong> N/A</p><h3>500-281B</h3><p><strong>Title</strong>: <a href="https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-281Br1.pdf">USGv6 Test Methods: General Description and Validation</a></p><p><strong>FIPS Reference:</strong> N/A</p><h3>800-16</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/16/final">Information Technology Security Training Requirements: a Role- and Performance-Based Model</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 140</li><li>FIPS 180</li><li>FIPS 186</li></ul><h3>800-18 Rev. 1</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/18/r1/final">Guide for Developing Security Plans for Federal Information Systems</a></p><p><strong>FIPS Reference:</strong> FIPS 200</p><h3>800-30</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/30/r1/final">Guide for Conducting Risk Assessments</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 199</li><li>FIPS 200</li></ul><h3>800-34</h3><p><strong>Title</strong>: <a href="https://www.nist.gov/privacy-framework/nist-sp-800-34">Contingency Planning Guide for Federal Information Systems</a></p><p><strong>FIPS Reference:</strong> FIPS 199</p><h3>800-37 Rev. 2</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/37/r2/final">Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy</a></p><p><strong>FIPS Reference:</strong> FIPS 201</p><h3>800-38 (A-G)</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/publications/sp800">Recommendation for Block Cipher Modes: *</a></p><p><strong>FIPS Reference:</strong> FIPS 197</p><h3>800-39</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/39/final">Managing Information Security Risk: Organization, Mission, and Information System View</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 199</li><li>FIPS 200</li></ul><h3>800-40</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/40/r4/final">Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology</a></p><p><strong>FIPS Reference:</strong> N/A</p><h3>800-41</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/41/r1/final">Guidelines on Firewalls and Firewall Policy</a></p><p><strong>FIPS Reference:</strong> N/A</p><h3>800-46</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/46/r2/final">Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-50</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/50/final">Building an Information Technology Security Awareness and Training Program</a></p><p><strong>FIPS Reference:</strong> N/A</p><h3>800-51</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/51/r1/final">Guide to Using Vulnerability Naming Schemes</a></p><p><strong>FIPS Reference:</strong> N/A</p><h3>800-52</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/52/r2/final">Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-53 Rev. 5</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final">Security and Privacy Controls for Information Systems and Organizations</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 200</li><li>FIPS 201</li></ul><h3>800-53A Rev. 5</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/53/a/r5/final">Assessing Security and Privacy Controls in Information Systems and</a><br><a href="https://csrc.nist.gov/pubs/sp/800/53/a/r5/final">Organizations</a></p><p><strong>FIPS Reference:</strong> FIPS 199</p><h3>800-56A&nbsp;</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/56/a/r3/final">Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-56B Rev. 2</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/56/b/r2/final">Recommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-57 Part 1 Rev. 5</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/57/pt1/r5/final">Recommendation for Key Management - Part 1: General</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 180</li><li>FIPS 186</li><li>FIPS 198</li></ul><h3>800-57 Part 3 Rev. 1</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/57/pt3/r1/final">Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-59</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/59/final">Guideline for Identifying an Information System as a National Security System</a></p><p><strong>FIPS Reference:</strong> FIPS 201</p><h3>800-60 Vol. 1 Rev. 1</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/60/v1/r1/final">Guide for Mapping Types of Information and Information Systems to Security Categories</a></p><p><strong>FIPS Reference:</strong> FIPS 200</p><h3>800-61</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/61/r2/final">Computer Security Incident Handling Guide</a></p><p><strong>FIPS Reference:</strong></p><ul><li>FIPS 140</li><li>FIPS 199</li><li>FIPS 200</li></ul><h3>800-63-3&nbsp;</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/63/3/upd2/final">Digital Identity Guidelines</a></p><p><strong>FIPS Reference:</strong> FIPS 201</p><h3>800-63A&nbsp;</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/63/a/upd2/final">Digital Identity Guidelines: Enrollment and Identity Proofing</a></p><p><strong>FIPS Reference:</strong> FIPS 201</p><h3>800-63B&nbsp;</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/63/b/upd2/final">Digital Identity Guidelines: Authentication and Lifecycle Management</a></p><p><strong>FIPS Reference:</strong> FIPS 201</p><h3>800-63C&nbsp;</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/63/c/upd2/final">Digital Identity Guidelines: Federation and Assertions</a></p><p><strong>FIPS Reference:</strong> FIPS 201</p><h3>800-70</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/70/r4/final">National Checklist Program for IT Products: Guidelines for Checklist Users and Developers</a></p><p><strong>FIPS Reference:</strong></p><ul><li>FIPS 140</li><li>FIPS 199</li><li>FIPS 200</li></ul><h3>800-73-4</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/73/4/upd1/final">Interfaces for Personal Identity Verification</a></p><p><strong>FIPS Reference:</strong> FIPS 201</p><h3>800-76-2</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/76/2/final">Biometric Specifications for Personal Identity Verification</a></p><p><strong>FIPS Reference:</strong> FIPS 201</p><h3>800-78-4</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/78/4/final">Cryptographic Algorithms and Key Sizes for Personal Identity Verification</a></p><p><strong>FIPS Reference:</strong> FIPS 201</p><h3>800-79-2</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/79/2/final">Guidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 140</li><li>FIPS 199</li><li>FIPS 200</li><li>FIPS 201</li></ul><h3>800-81</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/81/2/final">Secure Domain Name System (DNS) Deployment Guide</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 140</li><li>FIPS 180</li><li>FIPS 186</li><li>FIPS 198</li></ul><h3>800-85A-4</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/85/a/4/final">PIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)</a></p><p><strong>FIPS Reference:</strong> FIPS 201</p><h3>800-87 Rev. 2</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/87/r2/final">Codes for Identification of Federal and Federally-Assisted Organizations</a></p><p><strong>FIPS Reference:</strong> FIPS 201</p><h3>800-88</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/88/r1/final">Guidelines for Media Sanitization</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 140</li><li>FIPS 199</li><li>FIPS 200</li></ul><h3>800-89</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/89/final">Recommendation for Obtaining Assurances for Digital Signature</a><br><a href="https://csrc.nist.gov/pubs/sp/800/89/final">Applications</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-90A Rev. 1</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/90/a/r1/final">Recommendation for Random Number Generation Using Deterministic Random Bit Generators</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-94</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/94/final">Guide to Intrusion Detection and Prevention Systems (IDPS)</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-96</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/96/final">PIV Card to Reader Interoperability Guidelines</a></p><p><strong>FIPS Reference:</strong> FIPS 201</p><h3>800-97</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/97/final">Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-102</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/102/final">Recommendation for Digital Signature Timeliness</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-107</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/107/r1/final">Recommendation for Applications Using Approved Hash Algorithms</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 180</li><li>FIPS 198</li><li>FIPS 202</li></ul><h3>800-111</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/111/final">Guide to Storage Encryption Technologies for End User Devices</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 140</li><li>FIPS 180</li><li>FIPS 197</li><li>FIPS 199</li></ul><h3>800-115</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/115/final">Technical Guide to Information Security Testing and Assessment</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 140</li><li>FIPS 199</li></ul><h3>800-116 Rev. 1</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/116/r1/final">Guidelines for the Use of PIV Credentials in Facility Access</a></p><p><strong>FIPS Reference:</strong> FIPS 201</p><h3>800-119</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/119/final">Guidelines for the Secure Deployment of IPv6</a></p><p><strong>FIPS Reference:</strong> FIPS 199</p><h3>800-122</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/122/final">Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)</a></p><p><strong>FIPS Reference:</strong> FIPS 201</p><h3>800-124</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/124/r2/final">Guidelines for Managing the Security of Mobile Devices in the Enterprise</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-126</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/126/r3/final">The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3</a></p><p><strong>FIPS Reference:</strong> N/A</p><h3>800-128</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/128/upd1/final">Guide for Security-Focused Configuration Management of Information Systems</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 140</li><li>FIPS 199</li><li>FIPS 200</li></ul><h3>800-131A Rev. 2</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/131/a/r2/final">Transitioning the Use of Cryptographic Algorithms and Key Lengths</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-133 Rev. 2</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/133/r2/final">Recommendation for Cryptographic Key Generation</a></p><p><strong>FIPS Reference:</strong> FIPS 197</p><h3>800-137</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/137/final">Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 199</li><li>FIPS 200</li></ul><h3>800-140</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/140/final">FIPS 140-3 Derived Test Requirements (DTR): CMVP Validation Authority Updates to ISO/IEC 24759</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-140A</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/140/a/final">CMVP Documentation Requirements: CMVP Validation Authority Updates to ISO/IEC 24759</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-140B Rev. 1</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/140/b/r1/final">Cryptographic Module Validation Program (CMVP) Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-140C Rev. 2</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/140/c/r2/final">Cryptographic Module Validation Program (CMVP)-Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-140D Rev. 2</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/140/d/r2/final">Cryptographic Module Validation Program (CMVP)-Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-140E</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/140/e/final">CMVP Approved Authentication Mechanisms: CMVP Validation Authority Requirements for ISO/IEC 19790 Annex E and ISO/IEC 24579 Section 6.17</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-140F</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/140/f/final">CMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-144</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/144/final">Guidelines on Security and Privacy in Public Cloud Computing</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 199</li><li>FIPS 200</li></ul><h3>800-145</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/145/final">The NIST Definition of Cloud Computing</a></p><p><strong>FIPS Reference:</strong> N/A</p><h3>800-152</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/152/final">A Profile for U.S. Federal Cryptographic Key Management Systems (CKMS)</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 140</li><li>FIPS 180</li><li>FIPS 186</li><li>FIPS 197</li><li>FIPS 198</li><li>FIPS 199</li><li>FIPS 200</li></ul><h3>800-153</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/153/final">Guidelines for Securing Wireless Local Area Networks (WLANs)</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 140</li><li>FIPS 199</li><li>FIPS 201</li></ul><h3>800-156</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/156/final">Representation of PIV Chain-of-Trust for Import and Export</a></p><p><strong>FIPS Reference:</strong> FIPS 201</p><h3>800-157</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/157/final">Guidelines for Derived Personal Identity Verification (PIV) Credentials</a></p><p><strong>FIPS Reference:</strong> FIPS 201</p><h3>800-157</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/157/final">Guidelines for Derived Personal Identity Verification (PIV) Credentials</a></p><p><strong>FIPS Reference:</strong> FIPS 201</p><h3>800-163</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/163/r1/final">Vetting the Security of Mobile Applications</a></p><p><strong>FIPS Reference:</strong> N/A</p><h3>800-167</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/167/final">Guide to Application Whitelisting</a></p><p><strong>FIPS Reference:</strong> FIPS 140</p><h3>800-171</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final">Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 199</li><li>FIPS 200</li></ul><h3>800-175A</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/175/a/final">Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 140</li><li>FIPS 199</li><li>FIPS 200</li><li>FIPS 201</li></ul><h3>800-175B</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/175/b/r1/final">Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 140</li><li>FIPS 180</li><li>FIPS 186</li><li>FIPS 197</li><li>FIPS 198</li><li>FIPS 199</li><li>FIPS 202</li></ul><h3>800-177</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/177/r1/final">Trustworthy Email</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 199</li><li>FIPS 201</li></ul><h3>800-181</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/181/r1/final">Workforce Framework for Cybersecurity (NICE Framework)</a></p><p><strong>FIPS Reference:</strong> N/A</p><h3>800-186</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/186/final">Recommendations for Discrete-Logarithm Based Cryptography: Elliptic Curve Domain Parameters</a></p><p><strong>FIPS Reference:</strong> FIPS 186</p><h3>800-207</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/207/final">Zero Trust Architecture</a></p><p><strong>FIPS Reference:</strong> FIPS 199</p><h3>800-217</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/217/ipd">Guidelines for the Use of Personal Identity Verification (PIV) Credentials with Federation</a></p><p><strong>FIPS Reference:</strong> FIPS 201</p><h3>800-219</h3><p><strong>Title</strong>: <a href="https://csrc.nist.gov/pubs/sp/800/219/r1/final">Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)</a></p><p><strong>FIPS Reference:</strong>&nbsp;</p><ul><li>FIPS 140</li><li>FIPS 199</li></ul><h2>Executive Orders (E.O.)</h2><p>An Executive Order (E.O.) is a signed, written, and published directive from the President of the United States that manages operations of the federal government. They are numbered consecutively, so executive orders may be referenced by their assigned number, or their topic. This list contains all E.O.s that relate to information security and privacy.</p><h3>E.O 9397</h3><p><strong>Title:</strong> <a href="https://www.ssa.gov/foia/html/EO9397.htm">Numbering System for Federal Accounts Relating to Individual Persons</a></p><p><strong>Description:</strong> Establishes a centralized numbering system for federal accounts relating to individual persons in the United States.</p><p><strong>Date Released:</strong> November 30, 1943</p><p><strong>Oversight Responsibility:</strong> Social Security Administration (SSA)</p><p><strong>Notes:</strong></p><h3>E.O 11609</h3><p><strong>Title:</strong> <a href="https://www.archives.gov/federal-register/codification/executive-order/11609.html">Delegating certain functions vested in the President to other officers of the Government</a></p><p><strong>Description:</strong> Grants certain, presidential authorities to the GSA without approval, ratification, or other action of the President.</p><p><strong>Date Released:</strong> July 22, 1971</p><p><strong>Oversight Responsibility:</strong> General Services Administration (GSA)</p><p><strong>Notes:</strong></p><h3>E.O 13011</h3><p><strong>Title:</strong> <a href="https://www.govinfo.gov/content/pkg/CFR-1997-title3-vol1/html/CFR-1997-title3-vol1-eo13011.htm">Federal Information Technology</a></p><p><strong>Description:</strong> Aimed to improve the management and utilization of IT resources across federal agencies</p><p><strong>Date Released:</strong> July 16, 1996</p><p><strong>Oversight Responsibility:</strong>&nbsp;</p><ul><li>General Services Administration (GSA)</li><li>OMB</li><li>NIST</li><li>DHS</li></ul><h3>E.O 13381</h3><p><strong>Title:</strong> <a href="https://www.federalregister.gov/documents/2005/06/30/05-13098/strengthening-processes-relating-to-determining-eligibility-for-access-to-classified-national">Strengthening Processes Relating to Determining Eligibility for Access to Classified National Security Information</a></p><p><strong>Description:</strong> Assists in determining eligibility for access to classified national security information, while taking appropriate account of title III of Public Law 108-458</p><p><strong>Date Released:</strong> Jun 2005</p><p><strong>Oversight Responsibility:</strong> OMB</p><p><strong>Notes:</strong></p><h3>E.O 13402</h3><p><strong>Title:</strong> <a href="https://www.federalregister.gov/documents/2006/05/15/06-4552/strengthening-federal-efforts-to-protect-against-identity-theft">Strengthening Federal Efforts To Protect Against Identity Theft</a></p><p><strong>Description:</strong> Strengthens efforts to protect against identity theft</p><p><strong>Date Released:</strong> May 2006</p><p><strong>Oversight Responsibility:</strong> OMB</p><p><strong>Notes:</strong></p><h3>E.O 13439</h3><p><strong>Title:</strong> <a href="https://www.federalregister.gov/documents/2007/07/20/07-3593/establishing-an-interagency-working-group-on-import-safety">Establishing an Interagency Working Group on Import Safety</a></p><p><strong>Description:</strong> Ensures that the executive branch takes all appropriate steps to promote the safety of imported products</p><p><strong>Date Released:</strong> Jul 2007</p><p><strong>Oversight Responsibility:</strong> HHS</p><p><strong>Notes:</strong></p><h3>E.O 13520</h3><p><strong>Title:</strong> <a href="https://obamawhitehouse.archives.gov/the-press-office/executive-order-reducing-improper-payments">Reducing Improper Payments and Eliminating Waste in Federal Programs</a></p><p><strong>Description:</strong> Reduces payment errors and eliminating waste, fraud, and abuse in Federal programs</p><p><strong>Date Released:</strong> Nov 2009</p><p><strong>Oversight Responsibility:</strong> OMB</p><p><strong>Notes:</strong></p><h3>E.O 13526</h3><p><strong>Title:</strong> <a href="https://www.archives.gov/isoo/policy-documents/cnsi-eo.html">Classified National Security Information</a></p><p><strong>Description:</strong> Prescribes a uniform system for classifying, safeguarding, and declassifying national security information, including information relating to defense against transnational terrorism</p><p><strong>Date Released:</strong> Dec 2009</p><p><strong>Oversight Responsibility:</strong> Information Security Oversight Office</p><p><strong>Notes:</strong></p><h3>E.O 13556</h3><p><strong>Title:</strong> <a href="https://www.commerce.gov/sites/default/files/2022-02/Controlled-Unclassified-Information-Policy.pdf">Controlled Unclassified Information</a></p><p><strong>Description:</strong> Establishes an open and uniform program for managing unclassified information requiring safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies</p><p><strong>Date Released:</strong> Aug 2019</p><p><strong>Oversight Responsibility:</strong> National Archives &amp; Records Administration (NARA)</p><p><strong>Notes:</strong></p><h3>E.O 13571</h3><p><strong>Title:</strong> <a href="https://obamawhitehouse.archives.gov/the-press-office/2011/04/27/executive-order-13571-streamlining-service-delivery-and-improving-custom">Streamlining Service Delivery and Improving Customer Service</a></p><p><strong>Description:</strong> Improves the quality of service to the public by the Federal Government</p><p><strong>Date Released:</strong> Apr 2011</p><p><strong>Oversight Responsibility:</strong> OMB</p><p><strong>Notes:</strong></p><h3>E.O 13576</h3><p><strong>Title:</strong> <a href="https://obamawhitehouse.archives.gov/the-press-office/2011/06/13/executive-order-13576-delivering-efficient-effective-and-accountable-gov">Delivering an Efficient, Effective, and Accountable Government</a></p><p><strong>Description:</strong> Aims to cut waste, streamline Government operations, and reinforce the performance and management reform gains the Obama Administration has achieved</p><p><strong>Date Released:</strong> Jun 2011</p><p><strong>Oversight Responsibility:</strong> OMB</p><p><strong>Notes:</strong></p><h3>E.O 13583</h3><p><strong>Title:</strong> <a href="https://obamawhitehouse.archives.gov/the-press-office/2011/08/18/executive-order-13583-establishing-coordinated-government-wide-initiativ">Establishing a Coordinated Government-wide Initiative to Promote Diversity and Inclusion in the Federal Workforce</a></p><p><strong>Description:</strong> Promotes the Federal workplace as a model of equal opportunity, diversity, and inclusion</p><p><strong>Date Released:</strong> Aug 2011</p><p><strong>Oversight Responsibility:</strong>&nbsp;</p><ul><li>OPM</li><li>OMB</li><li>Presidents Management Council (PMC)</li><li>Equal Employment Opportunity Commission (EEOC)</li></ul><p><strong>Notes:</strong></p><h3>E.O 13589</h3><p><strong>Title:</strong> <a href="https://obamawhitehouse.archives.gov/the-press-office/2011/11/09/executive-order-13589-promoting-efficient-spending">Promoting Efficient Spending</a></p><p><strong>Description:</strong> Further promote efficient spending in the Federal Government</p><p><strong>Date Released:</strong> Nov 2011</p><p><strong>Oversight Responsibility:</strong> OMB</p><p><strong>Notes:</strong></p><h3>E.O 13636</h3><p><strong>Title:</strong> <a href="https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity">Improving Critical Infrastructure Cybersecurity</a></p><p><strong>Description:</strong> Designed to increase the level of core capabilities for our critical infrastructure to manage cyber risk. It does this by focusing on three key areas: (1) information sharing, (2) privacy, and (3) the adoption of cybersecurity practices.</p><p><strong>Date Released:</strong> February 12, 2013</p><p><strong>Oversight Responsibility:</strong>&nbsp;</p><ul><li>NIST</li><li>DHS</li></ul><p><strong>Notes:</strong></p><h3>E.O 13642</h3><p><strong>Title:</strong> <a href="https://obamawhitehouse.archives.gov/the-press-office/2011/01/31/executive-order-13564-presidents-council-jobs-and-competitiveness">The President's Council on Jobs and Competitiveness</a></p><p><strong>Description:</strong> Aims to strengthen the Nation's economy and ensure the competitiveness of the United States and to create jobs, opportunity, and prosperity for the American people by ensuring the availability of non partisan advice to the President from participants in and experts on the economy</p><p><strong>Date Released:</strong> Jan 2011</p><p><strong>Oversight Responsibility:</strong> Department of Treasury</p><p><strong>Notes:</strong></p><h3>E.O 13681</h3><p><strong>Title:</strong> <a href="https://obamawhitehouse.archives.gov/the-press-office/2014/10/17/executive-order-improving-security-consumer-financial-transactions">Improving the Security of Consumer Financial Transactions</a></p><p><strong>Description:</strong> Improves the security of consumer financial transactions in both the private and public sectors</p><p><strong>Date Released:</strong> October 17, 2014</p><p><strong>Oversight Responsibility:</strong>&nbsp;</p><ul><li>Department of Treasury</li><li>Department of Justice</li><li>Department of Commerce</li><li>General Services Administration (GSA)</li><li>Social Security Administration (SSA)</li><li>Federal Trade Commission (FTC)</li><li>OMB</li><li>DHS</li></ul><p><strong>Notes:</strong></p><h3>E.O 13719</h3><p><strong>Title:</strong> <a href="https://obamawhitehouse.archives.gov/the-press-office/2016/02/09/executive-order-establishment-federal-privacy-council">Establishment of the Federal Privacy Council</a></p><p><strong>Description:</strong> The Federal Privacy Council is the principal interagency forum to improve the privacy practices of agencies and entities acting on their behalf.</p><p><strong>Date Released:</strong> February 9, 2016</p><p><strong>Oversight Responsibility:</strong> Federal Privacy Council (FPC)</p><p><strong>Notes:</strong></p><h3>E.O 13800</h3><p><strong>Title:</strong> <a href="https://www.cisa.gov/topics/cybersecurity-best-practices/executive-order-strengthening-cybersecurity-federal-networks-and-critical-infrastructure">Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure</a></p><p><strong>Description:</strong> Modernizes federal information technology infrastructure, working with state and local government and private sector partners to more fully secure critical infrastructure, and collaborating with foreign allies</p><p><strong>Date Released:</strong> May 11, 2017</p><p><strong>Oversight Responsibility:</strong> DHS</p><p><strong>Notes:</strong></p><h3>E.O 13833</h3><p><strong>Title:</strong> <a href="https://www.federalregister.gov/documents/2018/05/18/2018-10855/enhancing-the-effectiveness-of-agency-chief-information-officers">Enhancing the Effectiveness of Agency Chief Information Officers</a></p><p><strong>Description:</strong> Strengthens the role and responsibilities of Chief Information Officers (CIOs) within federal agencies to improve the efficiency and effectiveness of IT management</p><p><strong>Date Released:</strong> May 15, 2018</p><p><strong>Oversight Responsibility:</strong> OMB</p><p><strong>Notes:</strong></p><h3>E.O 13834</h3><p><strong>Title:</strong> <a href="https://www.federalregister.gov/documents/2018/05/22/2018-11101/efficient-federal-operations">Efficient Federal Operations</a></p><p><strong>Description:</strong> Improves the efficiency, effectiveness, and accountability of federal agencies in managing their operations and resources</p><p><strong>Date Released:</strong> May 17, 2018</p><p><strong>Oversight Responsibility:</strong> OMB</p><p><strong>Notes:</strong></p><h3>E.O 13859</h3><p><strong>Title:</strong> <a href="https://www.federalregister.gov/documents/2019/02/14/2019-02544/maintaining-american-leadership-in-artificial-intelligence">Maintaining American Leadership in Artificial Intelligence</a></p><p><strong>Description:</strong> Identifies five key lines of effort, including increasing AI research investment, unleashing Federal AI computing and data resources, setting AI technical standards, building Americas AI workforce, and engaging with international allies</p><p><strong>Date Released:</strong> Feb 2019</p><p><strong>Oversight Responsibility:</strong> National AI Initiative Office</p><p><strong>Notes: </strong>To oversee and implement the U.S. national AI strategy, the White House established the National Artificial Intelligence Initiative Office in early January 2021, in accordance with the National AI Initiative Act of 2020 (still a bill as of Feb 2024)</p><h3>E.O 13873</h3><p><strong>Title:</strong> <a href="https://www.federalregister.gov/documents/2019/05/17/2019-10538/securing-the-information-and-communications-technology-and-services-supply-chain">Securing the Information and Communications Technology and Services Supply Chain</a></p><p><strong>Description:</strong> Strengthens efforts to prevent foreign adversaries from exploiting vulnerabilities in the ICT supply chain and protect the vast amount of sensitive information being stored in and communicated through ICT products and services</p><p><strong>Date Released:</strong> May 2019</p><p><strong>Oversight Responsibility:</strong>&nbsp;</p><ul><li>Department of Commerce</li><li>CISA</li><li>ICT SCRM Task Force</li></ul><p><strong>Notes:&nbsp;</strong></p><h3>E.O 13960</h3><p><strong>Title:</strong> <a href="https://www.federalregister.gov/documents/2020/12/08/2020-27065/promoting-the-use-of-trustworthy-artificial-intelligence-in-the-federal-government">Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government</a></p><p><strong>Description:</strong> Establishes principles for the use of AI in the Federal Government, establishes a common policy for implementing the principles, directs agencies to catalogue their AI use cases</p><p><strong>Date Released:</strong> December 3, 2020</p><p><strong>Oversight Responsibility:</strong>&nbsp;</p><ul><li>General Services Administration (GSA)</li><li>NIST</li><li>OMB</li></ul><p><strong>Notes:</strong></p><h3>E.O 14028</h3><p><strong>Title:</strong> <a href="https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity">Improving the Nation's Cybersecurity</a></p><p><strong>Description:</strong> Charges multiple agencies, including NIST, with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain</p><p><strong>Date Released:</strong> May 2021</p><p><strong>Oversight Responsibility:</strong> NIST</p><p><strong>Notes:</strong></p><h3>E.O 14034</h3><p><strong>Title:</strong> <a href="https://www.federalregister.gov/documents/2021/06/11/2021-12506/protecting-americans-sensitive-data-from-foreign-adversaries">Protecting Americans' Sensitive Data From Foreign Adversaries</a></p><p><strong>Description:</strong> Requires government agencies to issue regulations that prohibit, or otherwise restrict, certain categories of data transactions that pose an unacceptable risk to national security.</p><p><strong>Date Released:</strong> June 2021</p><p><strong>Oversight Responsibility:</strong>&nbsp;</p><ul><li>OMB</li><li>Department of Justice</li></ul><p><strong>Notes:</strong></p><h3>E.O 14110</h3><p><strong>Title:</strong> <a href="https://crsreports.congress.gov/product/pdf/R/R47843">Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence</a></p><p><strong>Description:</strong> Establishes a government-wide effort to guide responsible artificial intelligence (AI) development and deployment through federal agency leadership, regulation of industry, and engagement with<br>international partners</p><p><strong>Date Released:</strong> October 30, 2023</p><p><strong>Oversight Responsibility:</strong>&nbsp;</p><ul><li>NIST</li><li>Office of Science and Technology Policy (OSTP)</li></ul><p><strong>Notes:</strong></p><h2>Government Accountability Office (GAO) and GAO Accounting and Information Management Division (AIMD)</h2><p>The U.S. Government Accountability Office (GAO) provides Congress, the heads of executive agencies, and the public with timely, fact-based, non-partisan information that can be used to improve government and save taxpayers billions of dollars. The GAO reports provide findings from their audits.</p><h3>AIMD-10.1.13</h3><p><strong>Title:</strong> <a href="https://www.gao.gov/assets/aimd-10.1.13.pdf">Assessing Risks and Returns: A Guide for Evaluating Federal Agencies IT Investment Decision-making</a></p><p><strong>Date Released:</strong> February 3, 1997</p><p><strong>Authority:</strong>&nbsp;</p><ul><li>Paperwork Reduction Act (PRA)</li><li>Clinger-Cohen Act</li><li>Government Performance and Results Act (GPRA)</li><li>Chief Financial Officers Act</li></ul><p><strong>Notes:</strong></p><h3>GAO 04-394G</h3><p><strong>Title:</strong> <a href="https://www.gao.gov/assets/gao-04-394g.pdf">Information Technology Investment Management: A Framework for Assessing and Improving Process Maturity</a></p><p><strong>Date Released:</strong> March 1, 2004</p><p><strong>Authority:</strong> Clinger-Cohen Act</p><p><strong>Notes:</strong></p><h3>GAO 05-471</h3><p><strong>Title:</strong> <a href="https://www.gao.gov/assets/gao-05-471.pdf">INTERNET PROTOCOL VERSION 6 - Federal Agencies Need to Plan for Transition and Manage</a><br><a href="https://www.gao.gov/assets/gao-05-471.pdf">Security Risks</a></p><p><strong>Date Released:</strong> May 20, 2005</p><p><strong>Authority:</strong> N/A</p><p><strong>Notes:</strong></p><h3>GAO 13-87</h3><p><strong>Title:</strong> <a href="https://www.gao.gov/assets/gao-04-394g.pdf">Information Technology Investment Management: A Framework for Assessing and Improving Process Maturity</a></p><p><strong>Date Released:</strong> March 1, 2004</p><p><strong>Authority:</strong> Clinger-Cohen Act</p><p><strong>Notes:</strong></p><h3>GAO 14-413</h3><p><strong>Title:</strong> <a href="https://www.gao.gov/assets/d14413.pdf">Federal Software Licenses: Better Management Needed to Achieve Significant Savings Government-Wide</a></p><p><strong>Date Released:</strong> May 22, 2014</p><p><strong>Authority:</strong> Clinger-Cohen Act</p><p><strong>Notes:</strong></p><h3>GAO 16-469</h3><p><strong>Title:</strong> <a href="https://www.gao.gov/assets/gao-16-469.pdf">Information Technology Reform: Agencies Need to Increase Their Use of Incremental Development Practices</a></p><p><strong>Date Released:</strong> August 16, 2016</p><p><strong>Authority:</strong> FITARA</p><p><strong>Notes:</strong></p><h3>GAO 20-195G</h3><p><strong>Title:</strong> <a href="https://www.gao.gov/assets/gao-20-195g.pdf">Cost Estimating and Assessment Guide: Best Practices for Developing and Managing Program Costs</a></p><p><strong>Date Released:</strong> March 12, 2020</p><p><strong>Authority:</strong> N/A</p><p><strong>Notes:</strong></p><h2>Federal Continuity Directives</h2><p>Federal Continuity Directives (FCDs) and Presidential Policy Directives (PPDs) and are both types of directives issued by the President of the United States to guide and coordinate specific policies, programs, and activities across the federal government.</p><p>PPDs are presidential statements that set forth national policies and decisions, while FCDs are agency-level directives aimed at ensuring the continuity and resilience of government operations during emergencies and crises.</p><h3>FCD-1</h3><p><strong>Title:</strong> <a href="https://www.gpo.gov/docs/default-source/accessibility-privacy-coop-files/January2017FCD1-2.pdf">Federal Executive Branch National Continuity Program and Requirements</a></p><p><strong>Date Released:</strong> January 17, 2017</p><p><strong>Corresponding Federal Authority:</strong> DHS</p><p><strong>Notes:</strong></p><h3>FCD-2</h3><p><strong>Title:</strong> <a href="https://www.fema.gov/sites/default/files/2020-07/Federal_Continuity_Directive-2_June132017.pdf">Federal Executive Branch Mission Essential Functions and Candidate Primary Mission Essential Functions</a><br><a href="https://www.fema.gov/sites/default/files/2020-07/Federal_Continuity_Directive-2_June132017.pdf">Identification and Submission Process</a></p><p><strong>Date Released:</strong> June 13, 2017</p><p><strong>Corresponding Federal Authority:</strong> DHS</p><p><strong>Notes:</strong></p><h3>PPD-1</h3><p><strong>Title:</strong> <a href="https://irp.fas.org/offdocs/ppd/ppd-1.pdf">Organization of the National Security Council System</a></p><p><strong>Date Released:</strong> February 13, 2009</p><p><strong>Corresponding Federal Authority:</strong> National Security Council (NSC)</p><p><strong>Notes:</strong></p><h3>PPD-2</h3><p><strong>Title:</strong> <a href="https://irp.fas.org/offdocs/ppd/ppd-2.pdf">Implementation of the National Strategy for Countering Biological Threats</a></p><p><strong>Date Released:</strong> November 23, 2009</p><p><strong>Corresponding Federal Authority:</strong> National Security Staff Executive Secretary</p><p><strong>Notes:</strong></p><h3>PPD-40</h3><p><strong>Title:</strong> <a href="https://www.fema.gov/emergency-managers/national-preparedness/continuity/toolkit/chapter-1">National Continuity Policy</a></p><p><strong>Date Released:</strong> July 15, 2016</p><p><strong>Corresponding Federal Authority:</strong> Federal Emergency Management Agency (FEMA)</p><p><strong>Notes:</strong></p><h3>PPD-41</h3><p><strong>Title:</strong> <a href="https://obamawhitehouse.archives.gov/the-press-office/2016/07/26/presidential-policy-directive-united-states-cyber-incident">United States Cyber Incident Coordination</a></p><p><strong>Date Released:</strong> July 26, 2016</p><p><strong>Corresponding Federal Authority:</strong> DHS</p><p><strong>Notes:</strong></p><h2>OMB Circulars</h2><p>OMB Circulars are a series of guidance documents issued by the Office of Management and Budget (OMB) of the United States federal government. They provide instructions, requirements, and policies for federal agencies in specific areas of financial management, budgeting, procurement, grants management, and administrative operations.</p><h3>A-11</h3><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2018/06/a11.pdf">Preparation, Submission, and Execution of the Budget</a></p><p><strong>Date Released:</strong> 8/11/2023</p><p><strong>Implements:</strong> GRPA</p><p><strong>Notes:</strong></p><h3>A-19</h3><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/Circular-019.pdf">Legislative Coordination and Clearance</a></p><p><strong>Date Released:</strong> 9/20/1979</p><p><strong>Implements:</strong> Budget Control Act of 2011</p><p><strong>Notes:</strong></p><h3>A-76</h3><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A76/a76_incl_tech_correction.pdf">Performance of Commercial Activities</a></p><p><strong>Date Released:</strong> 11/14/2002</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>Federal Procurement Policy Act</li><li>FAIR Act</li><li>EO 11609</li></ul><p><strong>Notes:</strong></p><h3>A-94</h3><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2023/11/CircularA-94.pdf">Guidelines and Discount Rates for Benefit-Cost Analysis of Federal Programs</a></p><p><strong>Date Released:</strong> 11/9/2023</p><p><strong>Implements:</strong> Budget and Accounting Act of 1921</p><p><strong>Notes:</strong></p><h3>A-108</h3><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A108/omb_circular_a-108.pdf">Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act</a></p><p><strong>Date Released:</strong> 7/1/1975</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>Privacy Act of 1974</li><li>Paperwork Reduction Act (PRA)</li><li>FISMA 2014</li></ul><p><strong>Notes:</strong></p><h3>A-123</h3><p><strong>Title:</strong> <a href="https://obamawhitehouse.archives.gov/omb/circulars_a123_rev">Managements Responsibility for Internal Control</a></p><p><strong>Date Released:</strong> 12/21/2004</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>Sarbanes-Oxley Act</li><li>Federal Managers' Financial Integrity Act</li></ul><p><strong>Notes:</strong></p><h3>A-130</h3><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf">Managing Information as a Strategic Resource</a></p><p><strong>Date Released:</strong> 7/28/2016</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>Clinger-Cohen Act</li><li>E-Government Act</li><li>FISMA 2014</li><li>FITARA</li><li>PRA</li><li>Privacy Act of 1974</li><li>Digital Accountability and Transparency Act</li><li>Electronic Signatures in Global and National Commerce Act</li><li>Government Paperwork Elimination Act</li><li>GPRA</li><li>Office of Federal Procurement Policy Act</li><li>Budget and Accounting Procedures Act</li><li>Chief Financial Officers Act</li><li>EO 13719</li></ul><p><strong>Notes:</strong></p><h3>A-136</h3><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2024/05/A-136-for-FY-2024.pdf">Financial Reporting Requirements</a></p><p><strong>Date Released:</strong> 5/30/2024</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>Chief Financial Officers Act of 1990</li><li>Government Management Reform Act of 1994</li><li>Accountability of Tax Dollars Act of 2002</li></ul><p><strong>Notes:</strong></p><h2>OMB Memos</h2><p>The Office of Management and Budget (OMB) memoranda provide Federal agencies with instructions and implementation guidance for specific management priorities or legislative requirements. They provide annual updates, such as for FISMA reporting requirements, or have longer term guidance for agency implementation.</p><h3>2024</h3><h4>M-24-08</h4><p><strong>Title: </strong><a href="https://www.whitehouse.gov/wp-content/uploads/2023/12/M-24-08-Strengthening-Digital-Accessibility-and-the-Management-of-Section-508-of-the-Rehabilitation-Act.pdf">Strengthening Digital Accessibility and the Management of Section 508 of the Rehabilitation Act (digital)</a></p><p><strong>Date Released:</strong> 12/21/2023</p><p><strong>Implements:</strong> Section 508 of the Rehabilitation Act</p><h4>M-24-04</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2023/12/M-24-04-FY24-FISMA-Guidance.pdf">Fiscal Year 2024 Guidance on Federal Information Security and Privacy Management Requirements</a></p><p><strong>Date Released:</strong> 12/4/2023</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>FISMA</li><li>E.O. 14028</li></ul><h4>M-24-02</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2023/10/M-24-02-Buy-America-Implementation-Guidance-Update.pdf">Implementation Guidance on Application of Buy America Preference in Federal Financial Assistance Programs for Infrastructure</a></p><p><strong>Date Released:</strong> 10/25/2023</p><p><strong>Implements:</strong> Buy America Act</p><h3>2023</h3><h4>M-23-22</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2023/09/M-23-22-Delivering-a-Digital-First-Public-Experience.pdf">Delivering a Digital-First Public Experience (digital)</a></p><p><strong>Date Released:</strong> 9/22/2023</p><p><strong>Implements:</strong> 21st Century Integrated Digital Experience Act</p><h4>M-23-20</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2023/08/M-23-20.pdf">Multi-Agency Research and Development Priorities for the FY 2025 Budget</a></p><p><strong>Date Released:</strong> 8/17/2023</p><p><strong>Implements:</strong> N/A</p><h4>M-23-18</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-18-Administration-Cybersecurity-Priorities-for-the-FY-2025-Budget-s.pdf">Administration Cybersecurity Priorities for the FY 2025 Budget</a></p><p><strong>Date Released:</strong> 6/27/2023</p><p><strong>Implements:</strong> National Cybersecurity Strategy (NCS)</p><h4>M-23-16</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-16-Update-to-M-22-18-Enhancing-Software-Security.pdf">Update to Memorandum M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices</a></p><p><strong>Date Released:</strong> 6/9/2023</p><p><strong>Implements: </strong>E.O. 14028</p><h4>M-23-13</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2023/02/M-23-13-No-TikTok-on-Government-Devices-Implementation-Guidance_final.pdf">“No TikTok on Government Devices” Implementation Guidance</a></p><p><strong>Date Released:</strong> 2/27/2023</p><p><strong>Implements:</strong> No Tiktok on Government Devices</p><h4>M-23-10</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2023/02/M-23-10-DOTGOV-Act-Guidance.pdf">The Registration and Use of .gov Domains in the Federal Government</a></p><p><strong>Date Released:</strong> 2/8/2023</p><p><strong>Implements:</strong> DOTGOV Online Trust in Government Act of 2020</p><h4>M-23-07</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2022/12/M_23_07-M-Memo-Electronic-Records_final.pdf">Update to Transition to Electronic Records</a></p><p><strong>Date Released:</strong> 12/23/2022</p><p><strong>Implements:</strong> N/A</p><h4>M-23-02</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2022/11/M-23-02-M-Memo-on-Migrating-to-Post-Quantum-Cryptography.pdf">Migrating to Post-Quantum Cryptography</a></p><p><strong>Date Released:</strong> 11/18/2022</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>E.O. 14028</li><li>FISMA 2014</li></ul><h3>2022</h3><h4>M-22-18</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2022/09/M-22-18.pdf">Enhancing the Security of the Software Supply Chain through Secure Software Development Practices</a></p><p><strong>Date Released:</strong> 9/14/2022</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>FISMA 2014</li><li>E.O. 14028</li></ul><h4>M-22-16</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2022/07/M-22-16.pdf">Administration Cybersecurity Priorities for the FY 2024 Budget</a></p><p><strong>Date Released:</strong> 7/22/2022</p><p><strong>Implements:</strong> E.O. 14028</p><h4>M-22-15</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2022/07/M-22-15.pdf">Multi-Agency Research and Development Priorities for the FY 2024 Budget</a></p><p><strong>Date Released:</strong> 7/22/2022</p><p><strong>Implements:</strong> N/A</p><h4>M-22-09</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf">Moving the U.S. Government Toward Zero Trust Cybersecurity Principles</a></p><p><strong>Date Released:</strong> 1/26/2022</p><p><strong>Implements:</strong></p><ul><li>E.O. 14028</li><li>FISMA 2014</li></ul><h4>M-22-04</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2021/12/M-22-04-IG-Cooperation.pdf">Promoting Accountability through Cooperation among Agencies and Inspectors General</a></p><p><strong>Date Released:</strong> 12/3/2021</p><p><strong>Implements:</strong> IG Act</p><h4>M-22-01</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2021/10/M-22-01.pdf">Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Systems through Endpoint Detection and Response</a></p><p><strong>Date Released:</strong> 10/8/2021</p><p><strong>Implements:</strong> E.O. 14028</p><h3>2021</h3><h4>M-21-32</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2021/07/M-21-32-Multi-Agency-Research-and-Development-Prioirties-for-FY-2023-Budget-.pdf">Multi-Agency Research and Development Priorities for the FY 2023 Budget</a></p><p><strong>Date Released:</strong> 8/27/2021</p><p><strong>Implements:</strong> N/A</p><h4>M-21-31</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf">Improving the Federal Governments Investigative and Remediation Capabilities Related to Cybersecurity Incident</a></p><p><strong>Date Released:</strong> 8/27/2021</p><p><strong>Implements:</strong> E.O. 14028</p><h4>M-21-30</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-30.pdf">Protecting Critical Software Through Enhanced Security Measures</a></p><p><strong>Date Released:</strong> 8/10/2021</p><p><strong>Implements:</strong> E.O. 14028</p><h4>M-21-07</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-07.pdf">Completing the Transition to Internet Protocol Version 6 (IPv6)</a></p><p><strong>Date Released:</strong> 11/19/2020</p><p><strong>Implements:</strong> FAR</p><h4>M-21-06</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-06.pdf">Guidance for Regulation of Artificial Intelligence Applications</a></p><p><strong>Date Released:</strong> 11/17/2020</p><p><strong>Implements:</strong> E.O. 13859</p><h4>M-21-05</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-05.pdf">Extension of Data Center Optimization Initiative (DCOI)</a></p><p><strong>Date Released:</strong> 11/13/2020</p><p><strong>Implements:</strong> FITARA</p><h4>M-21-04</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-04.pdf">Modernizing Access to and Consent for Disclosure of Records Subject to the Privacy Act</a></p><p><strong>Date Released:</strong> 11/12/2020</p><p><strong>Implements:</strong> The Privacy Act of 1974</p><h3>2020</h3><h4>M-20-32</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2020/09/M-20-32.pdf">Improving Vulnerability Identification, Management, and Remediation</a></p><p><strong>Date Released:</strong> 9/2/2020</p><p><strong>Implements:</strong> FISMA</p><h4>M-20-29</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2020/08/M-20-29.pdf">R &amp; D Guidance</a></p><p><strong>Date Released:</strong> 8/14/2020</p><p><strong>Implements:</strong> N/A</p><h4>M-20-19</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2020/03/M-20-19.pdf">Harnessing Technology to Support Mission Continuity</a></p><p><strong>Date Released:</strong> 3/22/2020</p><p><strong>Implements:</strong> N/A</p><h4>M-20-04</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2019/11/M-20-04.pdf">Fiscal Year 2019-2020 Guidance on Federal Information Security and Privacy Management Requirements</a></p><p><strong>Date Released:</strong> 11/19/2019</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>FISMA 2014</li><li>E.O. 14028</li></ul><h3>2019</h3><h4>M-19-26</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2019/09/M-19-26.pdf">Update to the Trusted Internet Connections (TIC) Initiative</a></p><p><strong>Date Released:</strong> 9/12/2019</p><p><strong>Implements:</strong> N/A</p><h4>M-19-21</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2019/08/M-19-21-new-2.pdf">Transition of Electronic Records</a></p><p><strong>Date Released:</strong> 6/28/2019</p><p><strong>Implements:</strong> NARA</p><h4>M-19-19</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2019/06/M-19-19-Data-Centers.pdf">Update to Data Center Optimization Initiative</a></p><p><strong>Date Released:</strong> 6/25/2019</p><p><strong>Implements:</strong> FITARA</p><h4>M-19-18</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2019/06/M-19-18.pdf">Federal Data Strategy A Framework for Consistency</a></p><p><strong>Date Released:</strong> 6/4/2019</p><p><strong>Implements:</strong> N/A</p><h4>M-19-17</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2019/05/M-19-17.pdf">Enabling Mission Delivery through Improved Identity, Credential, and Access Management</a></p><p><strong>Date Released:</strong> 5/21/2019</p><p><strong>Implements:</strong> HSPD-12</p><h4>M-19-10</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2019/02/M-19-10.pdf">Guidance for Achieving Interoperability with the National Freedom of Information Act (FOIA) Portal on FOIA.gov</a></p><p><strong>Date Released:</strong> 2/12/2019</p><p><strong>Implements:</strong> FOIA</p><h4>M-19-03</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2018/12/M-19-03.pdf">Strengthening the Cybersecurity of Federal Agencies by enhancing the High Value Asset Program</a></p><p><strong>Date Released:</strong> 12/10/2018</p><p><strong>Implements:</strong> High Value Asset (HVA) program</p><h4>M-19-02</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2018/10/M-19-02.pdf">Fiscal Year 2018-2019 Guidance on Federal Information Security and Privacy Management Requirements</a></p><p><strong>Date Released:</strong> 10/25/2018</p><p><strong>Implements:</strong></p><ul><li>FISMA 2014</li><li>E.O. 14028</li></ul><h4>M-19-01</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2018/10/M-19-01.pdf">Request for Agency Feedback on the Federal Data Strategy</a></p><p><strong>Date Released:</strong> 10/16/2018</p><p><strong>Implements:</strong> Federal Data Strategy</p><h3>2018</h3><h4>M-18-26</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2018/09/M-18-26.pdf">Incentivizing Workforce Participation and Expanding Recruitment Sources for the 2020 Decennial Census</a></p><p><strong>Date Released:</strong> 9/28/2018</p><p><strong>Implements:</strong> N/A</p><h4>M-18-22</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2018/07/M-18-22.pdf">FY 2020 Administration Research and Development Budget Priorities</a></p><p><strong>Date Released:</strong> 7/31/2018</p><p><strong>Implements:</strong> N/A</p><h4>M-18-20</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2018/06/M-18-20.pdf">Appendix C to OMB Circular No. A-123, Requirements for Payment Integrity Improvement</a></p><p><strong>Date Released:</strong> 6/26/2018</p><p><strong>Implements:</strong> OMB A-123</p><h3>2017</h3><h4>M-17-32</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-32.pdf">Travel on Government-Owned Rented, Leased or Chartered Aircraft</a></p><p><strong>Date Released:</strong> 9/29/2017</p><p><strong>Implements:</strong> OMB A-126</p><h4>M-17-25</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-25.pdf">Reporting Guidance for Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure</a></p><p><strong>Date Released:</strong> 5/19/2017</p><p><strong>Implements:</strong> FISMA 2014</p><h4>M-17-23</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-23.pdf">Guidance on Regulatory Reform Accountability under Executive Order 13777, titled “Enforcing the Regulatory Reform Agenda”</a></p><p><strong>Date Released:</strong> 4/28/2017</p><p><strong>Implements:</strong> EO 13777</p><h4>M-17-22</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-22.pdf">Comprehensive Plan for Reforming the Federal Government and Reducing the Federal Civilian Workforce</a></p><p><strong>Date Released:</strong> 4/12/2017</p><p><strong>Implements:</strong> GPRA Modernization Act of 2010</p><h4>M-17-21</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-21-OMB.pdf">Implementing Executive Order 13771, Titled “Reducing Regulation and Controlling Regulatory Costs”</a></p><p><strong>Date Released:</strong> 4/5/2017</p><p><strong>Implements:</strong> EO 13771</p><h4>M-17-19</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-19-OMB.pdf">Legislative Coordination and Clearance</a></p><p><strong>Date Released:</strong> 2/28/2017</p><p><strong>Implements:</strong> OMB A-19</p><h4>M-17-15</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-15.pdf">Rescission of Memoranda Relating to Identity Management</a></p><p><strong>Date Released:</strong> 1/19/2017</p><p><strong>Implements:</strong> HSPD-12</p><h4>M-17-12</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-12_0.pdf">Preparing for and Responding to a Breach of Personally Identifiable Information</a></p><p><strong>Date Released:</strong> 1/3/2017</p><p><strong>Implements:</strong> FISMA 2014</p><h4>M-17-09</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-09.pdf">Management of Federal High Value Assets</a></p><p><strong>Date Released:</strong> 12/9/2016</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>FISMA 2014</li><li>B.O.D. 18-02</li><li>HHS HVA Program</li></ul><h4>M-17-04</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-04.pdf">Additional Guidance for Data Act Implementation: Further Requirements For Reporting And Assuring Data Reliability</a></p><p><strong>Date Released:</strong> 11/4/2016</p><p><strong>Implements:</strong> DATA Act</p><h4>M-17-03</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-03.pdf">Institutionalizing Hiring Excellence To Achieve Mission Outcomes</a></p><p><strong>Date Released:</strong> 11/1/2016</p><p><strong>Implements:</strong> Presidents Management Agenda (PMA) Cross Agency Priority (CAP)</p><h4>M-17-02</h4><p><strong>Title: </strong><a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-02.pdf">Precision Medicine Initiative Privacy and Security</a></p><p><strong>Date Released:</strong> 10/21/2016</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>FISMA 2014</li><li>Paperwork Reduction Act</li><li>HIPAA</li><li>E-Government Act of 2002</li><li>Genetic Information Nondiscrimination Act</li><li>Privacy Act of 1974</li></ul><h3>2016</h3><h4>M-16-24</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_24_0.pdf">Role and Designation of Senior Agency Officials for Privacy</a></p><p><strong>Date Released:</strong> 9/15/2016</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>EO 13719</li><li>OMB A-130</li></ul><h4>M-16-23</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_23.pdf">Prioritizing Federal Investments in Promise Zones</a></p><p><strong>Date Released:</strong> 9/2/2016</p><p><strong>Implements:</strong> N/A</p><h4>M-16-21</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_21.pdf">Federal Source Code Policy: Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software</a></p><p><strong>Date Released:</strong> 8/8/2016</p><p><strong>Implements:</strong> Clinger Cohen Act</p><h4>M-16-17</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-17.pdf">OMB Circular No. A-123, Managements Responsibility for Enterprise Risk Management and Internal Control</a></p><p><strong>Date Released:</strong> 7/15/2016</p><p><strong>Implements:</strong> OMB A-123</p><h4>M-16-15</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-15.pdf">Federal Cybersecurity Workforce Strategy</a></p><p><strong>Date Released:</strong> 7/12/2016</p><p><strong>Implements:</strong> N/A</p><h4>M-16-14</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-14.pdf">Category Management Policy 16-2: Providing Comprehensive Identity Protection Services, Identity Monitoring, and Data Breach Response</a></p><p><strong>Date Released:</strong> 7/1/2016</p><p><strong>Implements:</strong> N/A</p><h4>M-16-12</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-12_1.pdf">Category Management Policy 16-1: Improving the Acquisition and Management of Common Information Technology: Software Licensing</a></p><p><strong>Date Released:</strong> 6/2/2016</p><p><strong>Implements:</strong> GAO 14-413</p><h4>M-16-11</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-11.pdf">Improving Administrative Functions Through Shared Services</a></p><p><strong>Date Released:</strong> 5/4/2016</p><p><strong>Implements:</strong> Federal Cloud Computing Strategy - Cloud Smart</p><h4>M-16-08</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-08.pdf">Establishment of the Core Federal Services Council</a></p><p><strong>Date Released:</strong> 3/30/2016</p><p><strong>Implements:</strong> Presidents Management Agenda (PMA) Cross Agency Priority (CAP)</p><h4>M-16-04</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-04.pdf">Cybersecurity Strategy and Implementation Plan (CSIP) for the Federal Civilian Government</a></p><p><strong>Date Released:</strong> 10/30/2015</p><p><strong>Implements:</strong> FISMA 2014</p><h4>M-16-02</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-02.pdf">Category Management Policy 15-1: Improving the Acquisition and Management of Common Information Technology: Laptops and Desktops</a></p><p><strong>Date Released:</strong> 10/16/2015</p><p><strong>Implements:</strong> FITARA</p><h3>2015</h3><h4>M-15-18</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-18.pdf">Fiscal Year 2017 Budget Guidance for Countering Biological Threats Resource Priorities</a></p><p><strong>Date Released:</strong> 7/9/2015</p><p><strong>Implements:</strong> PPD-2</p><h4>M-15-16</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-16.pdf">Multi-Agency Science and Technology Priorities for the FY 2017 Budget</a></p><p><strong>Date Released:</strong> 7/9/2015</p><p><strong>Implements:</strong> N/A</p><h4>M-15-15</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-15.pdf">Improving Statistical Activities through Interagency Collaboration</a></p><p><strong>Date Released:</strong> 7/8/2015</p><p><strong>Implements:</strong> Economy Act</p><h4>M-15-14</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-14.pdf">Management and Oversight of Federal Information Technology</a></p><p><strong>Date Released:</strong> 6/10/2015</p><p><strong>Implements:</strong> FITARA</p><h4>M-15-13</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-13.pdf">Policy to Require Secure Connections across Federal Websites and Web Services</a></p><p><strong>Date Released:</strong> 6/8/2015</p><p><strong>Implements:</strong> FISMA 2014</p><h4>M-15-11</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-11.pdf">Fiscal Year 2017 Budget Guidance</a></p><p><strong>Date Released:</strong> 5/1/2015</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>DATA Act</li><li>FITARA</li></ul><h4>M-15-09</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-09.pdf">Guidance on Implementing the Federal Customer Service Awards Program</a></p><p><strong>Date Released:</strong> 3/19/2015</p><p><strong>Implements:</strong> EO 13571</p><h4>M-15-07</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-07.pdf">Establishment of a Diversity and Inclusion in Government Council</a></p><p><strong>Date Released:</strong> 3/6/2015</p><p><strong>Implements:</strong> EO 13583</p><h4>M-15-02</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-02.pdf">Appendix C to Circular No. A-123, Requirements for Effective Estimation and Remediation of Improper Payments</a></p><p><strong>Date Released:</strong> 10/20/2014</p><p><strong>Implements:</strong> OMB A-123</p><h3>2014</h3><h4>M-14-17</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-17.pdf">Metrics for Uniform Guidance (2 C.F.R. 200</a></p><p><strong>Date Released:</strong> 9/30/2014</p><p><strong>Implements:</strong> EO 13520</p><h4>M-14-16</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-16.pdf">Guidance on Managing Email</a></p><p><strong>Date Released:</strong> 9/15/2014</p><p><strong>Implements:</strong> Managing Government Records Directive of 2012</p><h4>M-14-15</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-15.pdf">Ensuring That Employment and Training Programs Are Job-Driven</a></p><p><strong>Date Released:</strong> 7/22/2014</p><p><strong>Implements:</strong> N/A</p><h4>M-14-14</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-14.pdf">Fiscal Year 2016 Budget Guidance for Countering Biological Threats Resource Priorities</a></p><p><strong>Date Released:</strong> 7/18/2014</p><p><strong>Implements:</strong> PPD-2</p><h4>M-14-13</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/M-14-13.pdf">Fiscal Year 2016 Budget Guidance for Combating Antibiotic Resistant Bacteria Resource Priorities</a></p><p><strong>Date Released:</strong> 7/18/2014</p><p><strong>Implements:</strong> PPD-1</p><h4>M-14-12</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-12.pdf">Management Agenda Priorities for the FY 2016 Budget</a></p><p><strong>Date Released:</strong> 7/18/2014</p><p><strong>Implements:</strong> N/A</p><h4>M-14-11</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-11.pdf">Science and Technology Priorities for FY 2016 Budget</a></p><p><strong>Date Released:</strong> 7/18/2014</p><p><strong>Implements:</strong> N/A</p><h4>M-14-06</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-06.pdf">Guidance for Providing and Using Administrative Data for Statistical Purposes</a></p><p><strong>Date Released:</strong> 3/14/2014</p><p><strong>Implements:</strong> N/A</p><h4>M-14-04</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-04.pdf">Fiscal Year 2013 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management</a></p><p><strong>Date Released:</strong> 11/18/2013</p><p><strong>Implements:</strong> FISMA 2014</p><h4>M-14-03</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-03.pdf">Enhancing the Security of Federal Information and Information Systems</a></p><p><strong>Date Released:</strong> 11/1/2013</p><p><strong>Implements:</strong> GPRA Modernization Act 0f 2010</p><h3>2013</h3><h4>M-13-20</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-20.pdf">Protecting Privacy while Reducing Improper Payments with the Do Not Pay Initiative</a></p><p><strong>Date Released:</strong> 8/16/2013</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>IPERIA 2012</li><li>Do Not Pay (DNP) Initiative</li></ul><h4>M-13-17</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-17.pdf">Next Steps in the Evidence and Innovation Agenda</a></p><p><strong>Date Released:</strong> 7/26/2013</p><p><strong>Implements:</strong> N/A</p><h4>M-13-16</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-16.pdf">Science and Technology Priorities for the FY 2015 Budget</a></p><p><strong>Date Released:</strong> 7/26/2013</p><p><strong>Implements:</strong> N/A</p><h4>M-13-13</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-13.pdf">Open Data Policy Managing Information as an Asset</a></p><p><strong>Date Released:</strong> 5/9/2013</p><p><strong>Implements:</strong> EO 13642</p><h4>M-13-10</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-10.pdf">Antideficiency Act Implications of Certain Online Terms of Service Agreements</a></p><p><strong>Date Released:</strong> 4/4/2013</p><p><strong>Implements:</strong> Antideficiency Act</p><h4>M-13-09</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-09.pdf">Fiscal Year 2013 PortfolioStat Guidance: Strengthening Federal IT Portfolio Management</a></p><p><strong>Date Released:</strong> 3/27/2013</p><p><strong>Implements:</strong> N/A</p><h4>M-13-06</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-06.pdf">Issuance of the Sequestration Order Pursuant To Section 251A of the Balanced Budget and Emergency Deficit Control Act of 1985, as Amended</a></p><p><strong>Date Released:</strong> 3/1/2013</p><p><strong>Implements:</strong> Budget Control Act of 2011</p><h4>M-13-02</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-02_0.pdf">Improving Acquisition through Strategic Sourcing</a></p><p><strong>Date Released:</strong> 12/5/2012</p><p><strong>Implements:</strong> N/A</p><h3>2012</h3><h4>M-12-20</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-20.pdf">FY 2012 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management</a></p><p><strong>Date Released:</strong> 9/27/2012</p><p><strong>Implements:</strong> FISMA 2014</p><h4>M-12-18</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-18.pdf">Managing Government Records Directive</a></p><p><strong>Date Released:</strong> 8/24/2012</p><p><strong>Implements:</strong> Presidential Memorandum - Managing Government Records</p><h4>M-12-15</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-15.pdf">Science and Technology Priorities for the FY 2014 Budget</a></p><p><strong>Date Released:</strong> 6/6/2012</p><p><strong>Implements:</strong> N/A</p><h4>M-12-14</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-14_1.pdf">Use of Evidence and Evaluation in the 2014 Budget</a></p><p><strong>Date Released:</strong> 5/18/2012</p><p><strong>Implements:</strong> N/A</p><h4>M-12-12</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-12_0.pdf">Promoting Efficient Spending to Support Agency Operations</a></p><p><strong>Date Released:</strong> 5/11/2012</p><p><strong>Implements:</strong> EO 13589</p><h4>M-12-11</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-11_1.pdf">Reducing Improper Payments through the “Do Not Pay List”</a></p><p><strong>Date Released:</strong> 4/12/2012</p><p><strong>Implements:</strong> EO 13520</p><h4>M-12-09</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-09_0.pdf">Federal Activities Inventory Reform (FAIR) Act Submission for Fiscal Year 2012</a></p><p><strong>Date Released:</strong> 3/26/2012</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>FAIR Act</li><li>OMB A-76</li></ul><h4>M-12-01</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-01.pdf">Creation of the Council on Financial Assistance Reform</a></p><p><strong>Date Released:</strong> 10/27/2011</p><p><strong>Implements:</strong> EO 13576</p><h3>2011</h3><h4>M-11-33</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-33.pdf">FY 2011 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management</a></p><p><strong>Date Released:</strong> 9/14/2011</p><p><strong>Implements:</strong> FISMA 2014</p><h4>M-11-27</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-27.pdf">Implementing the Telework Enhancement Act of 2010: Security Guidelines</a></p><p><strong>Date Released:</strong> 7/15/2011</p><p><strong>Implements:</strong> Telework Enhancement Act of 2010</p><h4>M-11-26</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-26.pdf">New Fast-Track Process for Collecting Service Delivery Feedback Under the Paperwork Reduction Act</a></p><p><strong>Date Released:</strong> 6/15/2011</p><p><strong>Implements:</strong> Paperwork Reduction Act</p><h4>M-11-21</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-21.pdf">Implementing the Presidential Memorandum “Administrative Flexibility, Lower Costs, and Better Results for State, Local, and Tribal Governments”</a></p><p><strong>Date Released:</strong> 4/29/2011</p><p><strong>Implements:</strong> Presidential Memorandum - Administrative Flexibility</p><h4>M-11-16</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-16.pdf">2011 Issuance of Revised Parts I and II to Appendix C of OMB Circular A-123</a></p><p><strong>Date Released:</strong> 4/14/2011</p><p><strong>Implements:</strong> OMB A-123</p><h4>M-11-15</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-15.pdf">2011 Final Guidance on Implementing the Plain Writing Act of 2010</a></p><p><strong>Date Released:</strong> 4/13/2011</p><p><strong>Implements:</strong> Plain Writing Act of 2010</p><h4>M-11-11</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-11.pdf">Continued Implementation of Homeland Security Presidential Directive (HSPD) 12Policy for a Common Identification Standard for Federal Employees and Contractors</a></p><p><strong>Date Released:</strong> 2/3/2011</p><p><strong>Implements:</strong> HSPD-12</p><h4>M-11-08</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-08.pdf">Initial Assessments of Safeguarding and Counterintelligence Postures for Classified National Security Information in Automated Systems</a></p><p><strong>Date Released:</strong> 1/3/2011</p><p><strong>Implements:</strong> EO 13526</p><h4>M-11-04</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-04.pdf">Increasing Efforts to Recapture Improper Payments by Intensifying and Expanding Payment Recapture Audits</a></p><p><strong>Date Released:</strong> 11/16/2010</p><p><strong>Implements:</strong> IPERIA 2012</p><h4>M-11-02</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-02.pdf">Sharing Data While Protecting Privacy</a></p><p><strong>Date Released:</strong> 11/3/2010</p><p><strong>Implements:</strong> Privacy Act of 1974</p><h4>M-11-01</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-01.pdf">Pilot Projects for the Partnership Fund for Program Integrity Innovation</a></p><p><strong>Date Released:</strong> 10/19/2010</p><p><strong>Implements:</strong> Consolidated Appropriations Act of 2010</p><h3>2010</h3><h4>M-10-34</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-34.pdf">Updated Guidance on the American Recovery and Reinvestment Act</a></p><p><strong>Date Released:</strong> 9/24/2010</p><p><strong>Implements:</strong> American Recovery and Reinvestment Act of 2009</p><h4>M-10-30</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-30.pdf">Science and Technology Priorities for the FY 2012 Budget</a></p><p><strong>Date Released:</strong> 7/1/2010</p><p><strong>Implements:</strong> N/A</p><h4>M-10-26</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m-10-26.pdf">Immediate Review of Financial Systems IT Projects</a></p><p><strong>Date Released:</strong> 6/28/2010</p><p><strong>Implements:</strong> OMB A-123</p><h4>M-10-23</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-23.pdf">Guidance for Agency Use of Third-Party Websites and Applications</a></p><p><strong>Date Released:</strong> 6/25/2010</p><p><strong>Implements:</strong> Paperwork Reduction Act</p><h4>M-10-22</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-22.pdf">Guidance for Online Use of Web Measurement and Customization Technologies</a></p><p><strong>Date Released:</strong> 6/25/2010</p><p><strong>Implements:</strong> OMB M-10-06</p><h4>M-10-21</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-21.pdf">Developing Effective Place-Based Policies for the FY 2012 Budget</a></p><p><strong>Date Released:</strong> 6/21/2010</p><p><strong>Implements:</strong> N/A</p><h4>M-10-16</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-16.pdf">Grants.gov Return to Normal Operations</a></p><p><strong>Date Released:</strong> 4/23/2010</p><p><strong>Implements:</strong> American Recovery and Reinvestment Act of 2009</p><h4>M-10-14</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-14.pdf">Updated Guidance on the American Recovery and Reinvestment Act</a></p><p><strong>Date Released:</strong> 3/22/2010</p><p><strong>Implements:</strong> American Recovery and Reinvestment Act of 2009</p><h4>M-10-13</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-13.pdf">Issuance of Part III to OMB Circular A-123, Appendix C</a></p><p><strong>Date Released:</strong> 3/22/2010</p><p><strong>Implements:</strong> OMB A-123</p><h4>M-10-10</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-10.pdf">Federal Agency Coordination on Health Information Technology (HIT)</a></p><p><strong>Date Released:</strong> 2/19/2010</p><p><strong>Implements:</strong> HITECH</p><h4>M-10-03</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-03.pdf">Payments to State Grantees for their Administrative Costs for Recovery Act Funding Alternative Allocation Methodologies</a></p><p><strong>Date Released:</strong> 10/13/2009</p><p><strong>Implements:</strong> American Recovery and Reinvestment Act of 2009</p><h4>M-10-01</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-01.pdf">Increased Emphasis on Program Evaluations</a></p><p><strong>Date Released:</strong> 10/7/2009</p><p><strong>Implements:</strong> N/A</p><h3>2009</h3><h4>M-09-33</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-33.pdf">Technical Amendments to OMB Bulletin No. 07-04, Audit Requirements for Federal Financial Statements</a><a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-01.pdf">Increased Emphasis on Program Evaluations</a></p><p><strong>Date Released:</strong> 9/23/2009</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>OMB A-123</li><li>OMB A-136</li></ul><h4>M-09-32</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-32.pdf">Update on the Trusted Internet Connections Initiative</a></p><p><strong>Date Released:</strong> 9/16/2009</p><p><strong>Implements:</strong> Trusted Internet Connections Initiative</p><h4>M-09-27</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-27.pdf">Science and Technology Priorities for the FY 2011 Budget</a></p><p><strong>Date Released:</strong> 8/4/2009</p><p><strong>Implements:</strong> N/A</p><h4>M-09-18</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-18.pdf">Payments to State Grantees for Administrative Costs of Recovery Act Activities</a></p><p><strong>Date Released:</strong> 5/11/2009</p><p><strong>Implements:</strong> American Recovery and Reinvestment Act of 2009</p><h4>M-09-17</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-17.pdf">Improving Grants.gov</a></p><p><strong>Date Released:</strong> 4/8/2009</p><p><strong>Implements:</strong> American Recovery and Reinvestment Act of 2009</p><h4>M-09-15</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-15.pdf">Updated Implementing Guidance for the American Recovery and Reinvestment Act of 2009</a></p><p><strong>Date Released:</strong> 4/3/2009</p><p><strong>Implements:</strong> American Recovery and Reinvestment Act of 2009</p><h4>M-09-14</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-14.pdf">Recovery Act Implementation Improving Grants.gov and Other Critical Systems</a></p><p><strong>Date Released:</strong> 3/9/2009</p><p><strong>Implements:</strong> American Recovery and Reinvestment Act of 2009</p><h4>M-09-12</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-14.pdf">Recovery Act Implementation Improving Grants.gov and Other Critical Systems</a></p><p><strong>Date Released:</strong> 3/9/2009</p><p><strong>Implements:</strong> American Recovery and Reinvestment Act of 2009</p><h4>M-09-10</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-10.pdf">Initial Implementing Guidance for the American Recovery and Reinvestment Act of 2009</a></p><p><strong>Date Released:</strong> 2/18/2009</p><p><strong>Implements:</strong> American Recovery and Reinvestment Act of 2009</p><h3>2008</h3><h4>M-08-27</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-27.pdf">Guidance for Trusted Internet Connection (TIC) Compliance</a></p><p><strong>Date Released:</strong> 9/30/2008</p><p><strong>Implements:</strong> Trusted Internet Connections Initiative</p><h4>M-08-25</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-25.pdf">Guidance for Completing FY 2008 Financial and Performance Reports</a></p><p><strong>Date Released:</strong> 8/252008</p><p><strong>Implements:</strong> N/A</p><h4>M-08-24</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-24.pdf">Technical Amendments to OMB Bulletin No. 07-04, Audit Requirements for Federal Financial Statements</a></p><p><strong>Date Released:</strong> 8/25/2008</p><p><strong>Implements:</strong> OMB Bulletin No. 07-04</p><h4>M-08-16</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-16.pdf">Guidance for Trusted Internet Connection Statement of Capability Form (SOC)</a></p><p><strong>Date Released:</strong> 4/4/2008</p><p><strong>Implements:</strong> Trusted Internet Connections Initiative</p><h4>M-08-15</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-15.pdf">Tools Available for Implementing Electronic Records Management</a></p><p><strong>Date Released:</strong> 3/31/2008</p><p><strong>Implements:</strong></p><ul><li>OMB A-130</li><li>Paperwork Reduction Act</li></ul><h4>M-08-14</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-14.pdf">2008 Inventories of Commercial and Inherently Governmental Activities</a></p><p><strong>Date Released:</strong> 3/26/2008</p><p><strong>Implements:</strong></p><ul><li>FAIR Act</li><li>OMB A-76</li></ul><h4>M-08-13</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-13.pdf">Update to Civilian Position Full Fringe Benefit Cost Factor, Federal Pay Raise Assumptions, and Inflation Factors used in OMB Circular No. A-76, “Performance of Commercial Activities”</a></p><p><strong>Date Released:</strong> 3/11/2008</p><p><strong>Implements: </strong>OMB A-76</p><h4>M-08-11</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-11.pdf">Competitive Sourcing Requirements in Division D of Public Law 110-161</a></p><p><strong>Date Released:</strong> 2/20/2008</p><p><strong>Implements:</strong> Consolidated Appropriations Act of 2010</p><h4>M-08-09</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-09.pdf">New FISMA Privacy Reporting Requirements for FY 2008</a></p><p><strong>Date Released:</strong> 1/18/2008</p><p><strong>Implements:</strong> FISMA 2014</p><h4>M-08-05</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-05.pdf">Implementation of Trusted Internet Connections (TIC)</a></p><p><strong>Date Released:</strong> 11/20/2007</p><p><strong>Implements:</strong> Trusted Internet Connections Initiative</p><h3>2007</h3><h4>M-07-25</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-25.pdf">BioShield Procurement Approval Anthrax Vaccine Adsorbed</a></p><p><strong>Date Released:</strong> 9/20/2007</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>Project BioShield Act of 2004</li><li>Public Health Service Act</li></ul><h4>M-07-24</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-24.pdf">Updated Principles for Risk Analysis</a></p><p><strong>Date Released:</strong> 9/19/2007</p><p><strong>Implements:</strong> OMB Memorandum - Principles for Risk Analysis</p><h4>M-07-23</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-23.pdf">Requiring Agency Use of the International Trade Data System</a></p><p><strong>Date Released:</strong> 9/10/2007</p><p><strong>Implements:</strong> EO 13439</p><h4>M-07-21</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-21.pdf">Verifying the Employment Eligibility of Federal Employees</a></p><p><strong>Date Released:</strong> 8/10/2007</p><p><strong>Implements:</strong> HSPD-12</p><h4>M-07-20</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-20.pdf">FY 2007 E-Government Act Reporting Instructions</a></p><p><strong>Date Released:</strong> 8/14/2007</p><p><strong>Implements:</strong> E-Government Act of 2002</p><h4>M-07-18</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-18.pdf">Ensuring New Acquisitions Include Common Security Configurations</a></p><p><strong>Date Released:</strong> 6/1/2007</p><p><strong>Implements:</strong> FISMA 2014</p><h4>M-07-16</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-16.pdf">Safeguarding Against and Responding to the Breach of Personally Identifiable Information</a></p><p><strong>Date Released:</strong> 5/22/2007</p><p><strong>Implements:</strong> FISMA 2014</p><h4>N/A</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/business_migrations.pdf">Competition Framework for Human Resources Management Line of Business Migrations</a></p><p><strong>Date Released:</strong> 5/18/2007</p><p><strong>Implements:</strong> N/A</p><h4>M-07-14</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-14.pdf">2007 Inventories of Commercial and Inherently Governmental Activities</a></p><p><strong>Date Released:</strong> 5/3/2007</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>FAIR Act</li><li>OMB A-76</li></ul><h4>M-07-02</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-02.pdf">Update to Civilian Position Full Fringe Benefit Cost Factor, Federal Pay Raise Assumptions, Inflation Factors, and Tax Rates used in OMB Circular No. A-76, “Performance of Commercial Activities”</a></p><p><strong>Date Released:</strong> 10/31/2006</p><p><strong>Implements:</strong> OMB A-76</p><h3>2006</h3><h4>N/A</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/task_force_theft_memo.pdf">Recommendations for Identity Theft Related Data Breach Notification</a></p><p><strong>Date Released:</strong> 9/20/2006</p><p><strong>Implements:</strong> EO 13402</p><h4>M-06-25</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-25.pdf">FY 2006 E-Government Act Reporting Instructions</a></p><p><strong>Date Released:</strong> 8/25/2006</p><p><strong>Implements:</strong> E-Government Act of 2002</p><h4>M-06-21</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-21.pdf">Reciprocal Recognition of Existing Personnel Security Clearances</a></p><p><strong>Date Released:</strong> 7/17/2006</p><p><strong>Implements:</strong> EO 12958</p><h4>M-06-19</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-19.pdf">Reporting Incidents Involving Personally Identifiable Information Incorporating the Cost for Security in Agency Information Technology Investments</a></p><p><strong>Date Released:</strong> 7/12/2006</p><p><strong>Implements:</strong> FISMA 2014</p><h4>M-06-18</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-18.pdf">Acquisition of Products and Services for Implementation of HSPD-12</a></p><p><strong>Date Released:</strong> 6/30/2006</p><p><strong>Implements:</strong> HSPD-12</p><h4>M-06-15</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m-06-15.pdf">Safeguarding Personally Identifiable Information</a></p><p><strong>Date Released:</strong> 5/22/2006</p><p><strong>Implements:</strong> Privacy Act of 1974</p><h4>M-06-12</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-12.pdf">Follow-up Memorandum on “Implementation of the Presidents Executive Order “Improving Agency Disclosure of Information”</a></p><p><strong>Date Released:</strong> 4/13/2006</p><p><strong>Implements:</strong> FOIA</p><h4>M-06-06</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-06.pdf">Sample Privacy Documents for Agency Implementation of Homeland Security Presidential Directive (HSPD) 12</a></p><p><strong>Date Released:</strong> 2/17/2006</p><p><strong>Implements:</strong> HSPD-12</p><h4>M-06-04</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-04.pdf">Implementation of the Presidents Executive Order “Improving Agency Disclosure of Information”</a></p><p><strong>Date Released:</strong> 12/30/2005</p><p><strong>Implements:</strong> FOIA</p><h4>N/A</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/reciprocal121205.pdf">Reciprocal Recognition of Existing Personnel Security Clearances</a></p><p><strong>Date Released:</strong> 12/12/2005</p><p><strong>Implements:</strong> Intelligence Reform and Terrorism Prevention Act of 2004</p><h4>M-06-02</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-02.pdf">Improving Public Access to and Dissemination of Government Information and Using the Federal Enterprise Architecture Data Reference Model</a></p><p><strong>Date Released:</strong> 12/16/2005</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>Paperwork Reduction Act</li><li>E-Government Act of 2002</li></ul><h3>2005</h3><h4>M-05-25</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-25.pdf">SmartBUY Agreement with Oracle</a></p><p><strong>Date Released:</strong> 8/25/2005</p><p><strong>Implements:</strong> N/A</p><h4>M-05-24</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-24.pdf">Implementation of Homeland Security Presidential Directive (HSPD) 12 Policy for a Common Identification Standard for Federal Employees and Contractors</a></p><p><strong>Date Released:</strong> 8/25/2005</p><p><strong>Implements:</strong> HSPD-12</p><h4>M-05-23</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-23.pdf">Improving Information Technology (IT) Project Planning and Execution</a></p><p><strong>Date Released:</strong> 8/4/2005</p><p><strong>Implements:</strong> N/A</p><h4>M-05-22</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-22.pdf">Transition Planning for Internet Protocol Version 6 (IPv6)</a></p><p><strong>Date Released:</strong> 8/2/2005</p><p><strong>Implements:</strong> GAO 05-471</p><h4>M-05-17</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-17.pdf">Allocation of Responsibilities For Security Clearances Under the Executive Order, Strengthening Processes Relating to Determining Eligibility for Access to Classified National Security Information</a></p><p><strong>Date Released:</strong> 6/30/2005</p><p><strong>Implements:</strong> EO 13381</p><h4>M-05-16</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-16.pdf">Regulation on Maintaining Telecommunication Services During a Crisis or Emergency in Federally-owned Buildings</a></p><p><strong>Date Released:</strong> 6/30/2005</p><p><strong>Implements:</strong> Section 414 of the Transportation, Treasury, Independent Agencies, and General Government Appropriations Act</p><h4>M-05-08</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-08.pdf">Designation of Senior Agency Officials for Privacy</a></p><p><strong>Date Released:</strong> 2/11/2005</p><p><strong>Implements:</strong> Privacy Act of 1974</p><h4>M-05-05</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-05.pdf">Electronic Signatures: How to Mitigate the Risk of Commercial Managed Services</a></p><p><strong>Date Released:</strong> 12/20/2004</p><p><strong>Implements:</strong> N/A</p><h4>M-05-04</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-04.pdf">Policies for Federal Agency Public Websites</a></p><p><strong>Date Released:</strong> 12/17/2004</p><p><strong>Implements:</strong> E-Government Act of 2002</p><h3>2004</h3><h4>N/A</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-25_template.xls">Section E — FY04 FISMA Reporting Template</a></p><p><strong>Date Released:</strong> N/A</p><p><strong>Implements:</strong> FISMA 2014</p><h4>M-04-24</h4><p><strong>Title:</strong> <a href="https://obamawhitehouse.archives.gov/omb/memoranda_fy04_m04-24/">Expanded Electronic Government (E-Gov) Presidents Management Agenda (PMA) Scorecard Cost, Schedule and Performance Standard for Success</a></p><p><strong>Date Released:</strong> 8/23/2004</p><p><strong>Implements:</strong> Presidents Management Agenda - Expanded Electronic Government (E-Gov) Initiative</p><h4>M-04-19</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-19.pdf">Information Technology (IT) Project Manager (PM) Qualification Guidance</a></p><p><strong>Date Released:</strong> 7/21/2004</p><p><strong>Implements:</strong> N/A</p><h4>M-04-18</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m-04-18.pdf">Medicare Modernization Act and Federal Programs</a></p><p><strong>Date Released:</strong> 7/19/2004</p><p><strong>Implements:</strong> Medicare Prescription Drug, Improvement, and Modernization Act (MMA)</p><h4>M-04-16</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/2004-M-04-16-Software-Acquisition-.pdf">Software Acquisition</a></p><p><strong>Date Released:</strong> 7/1/2004</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>OMB A-11</li><li>OMB A-130</li></ul><h4>M-04-15</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m-04-15.pdf">Development of Homeland Security Presidential Directive(HSPD) 7 Critical Infrastructure Protection Plans to Protect Federal Critical Infrastructures and Key Resources</a></p><p><strong>Date Released:</strong> 6/17/2004</p><p><strong>Implements:</strong> HSPD-12</p><h4>M-04-08</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-08.pdf">Maximizing Use of SmartBuy and Avoiding Duplication of Agency Activities with the Presidents 24 E-Gov Initiatives</a></p><p><strong>Date Released:</strong> 2/25/2004</p><p><strong>Implements:</strong> Presidents Management Agenda - Expanded Electronic Government (E-Gov) Initiative</p><h4>M-04-04</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-04.pdf">E-Authentication Guidance</a></p><p><strong>Date Released:</strong> 12/16/2003</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>E-Government Act of 2002</li><li>Paperwork Elimination Act of 1998</li></ul><h3>2003</h3><h4>M-03-22</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/203-M-03-22-OMB-Guidance-for-Implementing-the-Privacy-Provisions-of-the-E-Government-Act-of-2002-1.pdf">OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002</a></p><p><strong>Date Released:</strong> 12/16/2003</p><p><strong>Implements:</strong> E-Government Act of 2002</p><h4>M-03-18</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2003/m03-18.pdf">Implementation Guidance for the E-Government Act of 2002</a></p><p><strong>Date Released:</strong> 8/1/2003</p><p><strong>Implements:</strong> E-Government Act of 2002</p><h4>M-03-04</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/2003-M-03-04-Determination-Orders-Organizing-the-Department-of-Homeland-Security-1.pdf">Determination Orders Organizing the Department of Homeland Security</a></p><p><strong>Date Released:</strong> 1/7/2003</p><p><strong>Implements:</strong> Public Law 107-296 - Establishing the Department of Homeland Security</p><h3>2002</h3><h4>M-02-14</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2002/m02-14.pdf">Additional Information Requirements for Overseas Combating Terrorism and Homeland Security for the FY 2004 Budget</a></p><p><strong>Date Released:</strong> 8/8/2002</p><p><strong>Implements:</strong> N/A</p><h4>M-02-11</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2002/m02-11.pdf">Department of Homeland Security Transition Issues</a></p><p><strong>Date Released:</strong> 7/16/2002</p><p><strong>Implements:</strong> Public Law 107-296 - Establishing the Department of Homeland Security</p><h4>M-02-01</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/2002-M-02-01-Guidance-for-Preparing-and-Submitting-Security-Plans-of-Action-and-Milestones-1.pdf">Guidance for Preparing and Submitting Security Plans of Action and Milestones</a></p><p><strong>Date Released:</strong> 10/17/2001</p><p><strong>Implements:</strong> Government Information Security Reform Act</p><h3>2001</h3><h4>M-01-28</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/2001-M-01-28-Citizen-Centered-E-Government-Developing-the-Action-Plan.pdf">Citizen-Centered E-Government: Developing the Action Plan</a></p><p><strong>Date Released:</strong> 7/18/2001</p><p><strong>Implements:</strong> President Management Agenda - e-Government</p><h4>M-01-05</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/2001-M-01-05-Guidance-on-Inter-Agency-Sharing-of-Personal-Data-Protecting-Personal-Privacy.pdf">Guidance on Inter-Agency Sharing of Personal Data Protecting Personal Privacy</a></p><p><strong>Date Released:</strong> 12/20/2000</p><p><strong>Implements:</strong> Computer Matching and Privacy Protection Act</p><h3>2000</h3><h4>M-00-15</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-15-OMB-Guidance-on-Implementing-the-Electronic-Signatures-in-Global-and-National-Commerce-Act.pdf">OMB Guidance on Implementing the Electronic Signatures in Global and National Commerce Act</a></p><p><strong>Date Released:</strong> 9/25/2000</p><p><strong>Implements:</strong> E-Sign Act</p><h4>M-00-13</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-13-Privacy-Policies-and-Data-Collection-on-Federal-Web-Sites.pdf">Privacy Policies and Data Collection on Federal Web Sites</a></p><p><strong>Date Released:</strong> 6/22/2000</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>Childrens Online Privacy Protection Act</li><li>Privacy Act</li><li>OMB A-130</li></ul><h4>M-00-10</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-10-OMB-Procedures-and-Guidance-on-Implementing-the-Government-Paperwork-Elimination-Act.pdf">OMB Procedures and Guidance on Implementing the Government Paperwork Elimination Act</a></p><p><strong>Date Released:</strong> 4/25/2000</p><p><strong>Implements:</strong> Paperwork Reduction Act</p><h4>M-00-03</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-03-Reporting-Y2K-Compliance-of-Non-mission-Critical-Systems.pdf">Reporting Y2K Compliance of Non-mission Critical Systems</a></p><p><strong>Date Released:</strong> 12/10/1999</p><p><strong>Implements:</strong> N/A</p><h3>1999</h3><h4>M-99-18</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/1999-M-99-18-Privacy-Policies-on-Federal-Web-Sites.pdf">Privacy Policies on Federal Web Sites</a></p><p><strong>Date Released:</strong> 6/2/1999</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>Privacy Act</li><li>OMB A-130</li></ul><h4>M-99-01</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/1999-M-99-01-New-Statutory-Language-on-Paperwork-Reduction-FY-1999-ICB.pdf">New Statutory Language on Paperwork Reduction FY 1999 ICB</a></p><p><strong>Date Released:</strong> 11/16/1998</p><p><strong>Implements:</strong> Paperwork Reduction Act</p><h4>1998</h4><h4>M-98-14</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/1995-1998-M-98-14-Comprehensive-Plans-and-Associated-Funding-Requirements-for-Achieving-Year-2000-Computer-Compliance.pdf">Comprehensive Plans and Associated Funding Requirements for Achieving Year 2000 Computer Compliance</a></p><p><strong>Date Released:</strong> 8/13/1998</p><p><strong>Implements:</strong> OMB A-11</p><h4>M-98-09</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/1995-1998-M-98-09-Updated-Guidance-on-Developing-a-Handbook-for-Individuals-Seeking-Access-of-Public-Information.pdf">Updated Guidance on Developing a Handbook for Individuals Seeking Access of Public Information</a></p><p><strong>Date Released:</strong> 4/23/1998</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>Electronic Freedom of Information Act Amendments of 1996</li><li>FOIA</li><li>OMB A-130</li></ul><h4>M-98-04</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/1998-M-98-04-Annual-Performance-Plans-Required-by-the-Government-Performance-and-Results-Act-GPRA.pdf">Annual Performance Plans Required by the Government Performance and Results Act (GPRA)</a></p><p><strong>Date Released:</strong> 1/29/1998</p><p><strong>Implements:</strong> GPRA Modernization Act of 2010</p><h3>1997</h3><h4>M-97-15</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/1995-1998/m97-15.pdf">Local Telecommunications Services Policy</a></p><p><strong>Date Released:</strong> 6/12/1997</p><p><strong>Implements:</strong> Clinger-Cohen Act</p><h4>M-97-09</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-09-Interagency-Support-for-Information-Technology.pdf">Interagency Support for Information Technology</a></p><p><strong>Date Released:</strong> 3/10/1997</p><p><strong>Implements:</strong> Clinger-Cohen Act</p><h4>M-97-07</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-07-Multiagency-Contracts-Under-the-Information-Technology-Management-Reform-Act-of-1996.pdf">Multiagency Contracts Under the Information Technology Management Reform Act of 1996</a></p><p><strong>Date Released:</strong> 2/26/1997</p><p><strong>Implements:</strong> Clinger-Cohen Act</p><h4>M-97-02</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-02-Funding-Information-Systems-Investments.pdf">Funding Information Systems Investments</a></p><p><strong>Date Released:</strong> 10/25/1996</p><p><strong>Implements:</strong>&nbsp;</p><ul><li>Clinger-Cohen Act</li><li>GPRA Modernization Act of 2010</li></ul><h3>1996</h3><h4>M-96-20</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/2017/11/1996-M-96-20-Implementation-of-the-Information-Technology-Management-Reform-Act-of-1996.pdf">Implementation of the Information Technology Management Reform Act of 1996</a></p><p><strong>Date Released:</strong> 4/4/1996</p><p><strong>Implements:</strong> Clinger-Cohen Act</p><h3>1995</h3><h4>M-95-17</h4><p><strong>Title:</strong> <a href="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/1995-1998/m95-17.pdf">Contingency Planning for Agency Operations in Fiscal Year 1996</a></p><p><strong>Date Released:</strong> 8/17/1995</p><p><strong>Implements:</strong> N/A</p><h2>HHS Policies, Standards, Memorandum, and Guides</h2><h3>HHS Policies</h3><p>The HHS Cybersecurity Program develops policies, standards, memoranda, guides, and standard operating procedures. They are collectively referred to as policy documents. HHS policy documents help to apply Federal legislation, OMB regulations, NIST standards, and U.S. Computer Emergency Readiness Team (US-CERT) guidelines in the context of the HHS environment, thus standardizing the implementation of information security and privacy practices across the Department.</p><p>NOTE: The HHS Polices can be found at <em>http://intranet.hhs.gov/working-at-hhs/cybersecurity/ocio-policies</em> and are only accessible through the HHS intranet/CMS network and cannot be accessed with a public internet connection.</p><h4>Cybersecurity Awareness and Training</h4><p><strong>Doc Number:</strong> HHS-OCIO-OIS-2024-03-002</p><p><strong>Description:</strong> Identifies the baseline requirements for providing HHS personnel with the requirements for Awareness Training and of their responsibility to help protect the confidentiality, integrity, and availability of HHS information systems and data</p><p><strong>Effective Date:</strong> 3/2024</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li><li><a href="https://security.cms.gov/learn/role-based-training-rbt">CyberGeek - Role Based Training (RBT)</a></li><li><a href="https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-2-awareness-and-training">CyberGeek - Risk Management Handbook (RMH) Chapter 2: Awareness &amp; Training (AT)</a></li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>5 CFR 930.301</li><li>FIPS 200</li><li>FISMA 2014</li><li>HHS Policy for Information Security and Privacy Protection (IS2P)</li><li>NIST S.P. 800-16</li><li>NIST S.P. 800-37</li><li>NIST S.P. 800-50</li><li>NIST SP 800-181 rev 1</li><li>OMB A-130</li><li>Privacy Act of 1974</li></ul><h4>Records Management</h4><p><strong>Doc Number:</strong> HHS-OCIO-CDO-2024-02-001</p><p><strong>Description:</strong> Establishes the principles, responsibilities, and requirements for managing HHS records</p><p><strong>Effective Date:</strong> 2/1/2024</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li><li>CMS Records and Information Management Program</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>36 CFR Chapter XII Subchapter B</li><li>32 CFR Part 2002</li><li>18 U.S. Code § 641</li><li>18 U.S. Code § 2071</li><li>44 U.S. Code §§ 2901-2910</li><li>44 U.S. Code §§ 3101-3107</li><li>44 U.S. Code §§ 3106</li><li>44 U.S. Code §§ 3301-3324</li><li>44 U.S. Code § 3301</li><li>Privacy Act of 1974</li><li>Federal Rules of Civil Procedures</li><li>NARA Bulletin 2010-05</li><li>NARA Bulletin 2013-02</li><li>NARA Bulletin 2014-02</li><li>NARA Bulletin 2015-02</li><li>NARA Bulletin 2023-02</li><li>NARA Criteria for Successfully Managing Permanent Electronic Records</li><li>NARA Guidance on Records Management Language for Contracts</li><li>NARA Universal Electronic Records Management Requirements</li><li>OMB Circular A-130</li><li>OMB M-19-21</li><li>OMB M-23-07</li><li>HHS Policy for Litigation Holds</li><li>HHS Policy for Rules of Behavior for Use of Information and IT Resources</li><li>HHS Policy for Mobile Devices and Removable Media</li></ul><h4>Privacy Impact Assessments</h4><p><strong>Doc Number:</strong> HHS-OCIO-OIS-2023-09-005</p><p><strong>Description:</strong> Set forth the minimum HHS Privacy Threshold Analysis (PTA), PIA, and Internal PIA requirements, as well as accompanying approval and publication processes</p><p><strong>Effective Date:</strong> 9/2023</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li><li><a href="https://security.cms.gov/learn/privacy-impact-assessment-pia">CyberGeek - Privacy Impact Assessment (PIA)</a></li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>E-Government Act of 2002</li><li>FISMA 2014</li><li>HHS Policy for Information Security and Privacy Protection (IS2P)</li><li>NIST S.P. 800-53 Rev. 5</li><li>NIST S.P. 800-122</li><li>NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management v1.0</li><li>OMB Circular A-108</li><li>OMB Circular A-130</li><li>OMB M-03-22</li><li>OMB M-17-06</li><li>OMB M-19-03</li><li>Privacy Act of 1974</li><li>Paperwork Reduction Act (PRA)</li></ul><h4>Litigation Holds</h4><p><strong>Doc Number:</strong> HHS-OCIO-CDO-2023-08-004</p><p><strong>Description:</strong> Establish that HHS takes all reasonable steps to preserve potentially relevant information in the possession, custody, or control of HHS when civil litigation has commenced or when there is reasonable anticipation of litigation</p><p><strong>Effective Date:</strong> 8/10/2023</p><p><strong>Corresponding CMS Publication:</strong> CMS Litigation Holds and Essential Records Program</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>36 CFR Chapter XII Subchapter B §§ 1220.30-1220.34</li><li>36 CFR Chapter XII Subchapter B §§ 1230.1-1230.18</li><li>36 CFR Chapter XII Subchapter B §§ 1236.2-1236.36</li><li>18 USC § 641</li><li>18 USC § 2071</li><li>44 USC §§ 2071-2120</li><li>44 USC §§ 2901-2912</li><li>44 USC §§ 3101-3107</li><li>44 USC §§ 3301-3314</li><li>44 USC §§ 3501-3583</li><li>Privacy Act of 1974</li><li>Duty to Disclose, Rule 26</li><li>Producing Documents, Rule 34</li><li>Failure to Make Disclosures or to Cooperate in Discovery, Rule 37</li><li>Delivering Government Solutions in 21st Century</li><li>NARA 2010-05</li><li>NARA 2014-02</li><li>NARA 2015-02</li><li>NARA Criteria for Successfully Managing Permanent Electronic Records</li><li>NARA Guidance on Records Management Language for Contracts</li><li>OMB Circular A-130</li><li>OMA/NARA M-23-07</li><li>Public Law 113-187</li><li>Universal Electronic Records Management Requirements</li><li>NARA General Records Schedules</li><li>General Record Schedule 6.1</li><li>HHS Implementing Email Records Management</li><li>HHS Rules of Behavior for Use of Information and IT Resources</li><li>HHS Mobile Devices and Removable Media</li></ul><h4>Data Loss Prevention</h4><p><strong>Doc Number:</strong> HHS-OCIO-OIS-2022-05-003</p><p><strong>Description:</strong> Establish comprehensive DLP requirements for HHS systems and information that are compliant with FISMA 2014, NIST S.P. 800-53, EO 14028</p><p><strong>Effective Date:</strong> 6/16/2023</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>EO 14028</li><li>EO 13556</li><li>FISMA 2014</li><li>HSS IS2P</li><li>NARA CUI Program</li><li>NIST S.P. 800-37</li><li>NIST S.P. 800-122</li><li>NIST S.P. 800-137</li><li>NIST S.P. 800-53</li><li>OMB Circular A-130</li><li>OMB M-22-09</li><li>Privacy Act of 1974</li></ul><h4>Rules of Behavior for Use of Information and IT Resources</h4><p><strong>Doc Number:</strong> HHS-OCIO-OIS-2023-02-002</p><p><strong>Description:</strong> Defines the acceptable use of HHS information and IT resources and establishes the baseline requirements for developing Rules of Behavior that all users, including privileged users, are required to sign prior to accessing HHS information systems and resources</p><p><strong>Effective Date:</strong> 2/9/2023</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li><li><a href="https://security.cms.gov/policy-guidance/hhs-policy-rules-behavior-use-information-it-resources">CyberGeek - HHS Policy for Rules of Behavior for Use of Information and IT Resources</a></li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FISMA 2014</li><li>HHS IS2P</li><li>NIST S.P. 800-18</li><li>NIST S.P. 800-37</li><li>NIST S.P. 800-53</li><li>OMB Circular A-130</li><li>Public Law § 115-232 889</li><li>5 USC § 552a</li></ul><h4>Common Data Use Agreement (DUA) Structure and Repository</h4><p><strong>Doc Number:</strong> HHS-OCIO-CDO-2023-01-001</p><p><strong>Description:</strong> Defines a DUA as a document that establishes the terms and conditions under which the Data Provider will provide, and the Data Recipient will receive and use, the data covered under the Agreement, which is nonpublic, restricted HHS data shared for a limited government purpose</p><p><strong>Effective Date:</strong> 1/23/2023</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li><li><a href="https://security.cms.gov/learn/cms-data-use-agreement-dua">CyberGeek - CMS Data Use Agreement (DUA)</a></li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>44 USC § 3520</li><li>44 USC § 3576</li><li>OMB M-14-06</li><li>OMB M-01-05</li><li>HHS Enterprise Data Management</li></ul><h4>Encryption of Computing Devices and Information</h4><p><strong>Doc Number:</strong> HHS-OCIO-OIS-2022-12-001</p><p><strong>Description:</strong> Establish comprehensive encryption requirements for HHS systems and information that are compliant with FISMA 2014, NIST S.P. 800-53, EO 14028, OMB M-22-09</p><p><strong>Effective Date:</strong> 12/9/2022</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>EO 14028</li><li>FISMA 2014</li><li>NIST S.P. 800-53</li><li>OMB A-130</li><li>OMB M-15-13</li><li>OMB M-22-09</li></ul><h4>Securing AI Technology</h4><p><strong>Doc Number:</strong> HHS-OCIO-OIS-2021-12-007</p><p><strong>Description:</strong> Ensure secure implementation of AI technology within HHS, secure HHS networks and information, protect privacy, and address risks</p><p><strong>Effective Date:</strong> 12/14/2021</p><p><strong>Corresponding CMS Publication:</strong></p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>EO 13859</li><li>EO 13960</li><li>FISMA 2014</li><li>NIST S.P. 800-53</li><li>NIST Privacy Framework</li><li>NIST S.P. 800-167</li><li>NIST S.P. 800-94</li><li>NIST S.P. 800-37</li><li>DHS AI Using Standards to Mitigate Risks</li><li>HHS IS2P</li></ul><h4>Information Security and Privacy Protection (IS2P)</h4><p><strong>Doc Number:</strong> HHS-OCIO-OIS-2021-11-0006</p><p><strong>Description:</strong> Establish comprehensive security and privacy requirements for HHS systems and information that are compliant with FISMA 2014 and NIST S.P. 800-53</p><p><strong>Effective Date:</strong> 11/18/2021</p><p><strong>Corresponding CMS Publication:</strong> IS2P2</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>E-Government Act of 2002</li><li>FISMA 2014</li><li>EO 13556</li><li>FERPA</li><li>Privacy Act of 1974</li><li>FITARA</li><li>Buy American Act</li><li>FASCSA 2018</li><li>Public Law 115-232 § 889</li><li>HIPAA</li><li>HSPD-12</li><li>NARA</li><li>B.O.D 18-02</li><li>FIPS 140-2, 199, 200, 201-1</li><li>NIST S.P. 800-111</li><li>NIST S.P. 800-122</li><li>NIST S.P. 800-144</li><li>NIST S.P. 800-152</li><li>NIST S.P. 800-171</li><li>NIST S.P. 800-175A</li><li>NIST S.P. 800-175B</li><li>NIST S.P. 800-37</li><li>NIST S.P. 800-46</li><li>NIST S.P. 800-53</li><li>NIST S.P. 800-79-2</li><li>NIST S.P. 800-88</li><li>OMB Circular A-130</li><li>OMB Circular A-108</li><li>OMB M-02-01</li><li>OMB M-03-22</li><li>OMB M-10-22</li><li>OMB M-10-23</li><li>OMB M-16-17</li><li>OMB M-14-03</li><li>OMB M-16-17</li><li>OMB M-14-03</li><li>OMB M-17-12</li><li>5 CFR § 930.301</li><li>Public Law 113-291 Title VIII Subtitle D</li><li>Section 508 of the Rehabilitation Act of 1973</li></ul><h4>Information Technology Portfolio Management (PfM)</h4><p><strong>Doc Number:</strong> HHS-OCIO-OES-2021-09-005</p><p><strong>Description:</strong> Describes the Captital Planning and Investment Control (CPIC) principles and requirements, and establishes standard methodologies for conducting OAs, evaluating Investment Risks, certifying adequate Incremental Development, and successfully implementing TBM</p><p><strong>Effective Date:</strong> 9/23/2021</p><p><strong>Corresponding CMS Publication:</strong> <a href="https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition">CyberGeek - Risk Management Handbook Chapter 15: System &amp; Services Acquisition</a></p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>Government Performance and Results Act of 1993</li><li>Federal Acquisition Streamlining Act of 1994</li><li>Paperwork Reduction Act of 1995</li><li>Federal Financial Management Improvement Act of 1996</li><li>E-Government Act of 2002</li><li>FITARA 2014</li><li>Clinger-Cohen Act of 1996</li><li>Policies &amp; Priorities, Technology Business Management. CIO. GOV</li><li>Records Management Act of 1950</li><li>Section 508 of the Rehabilitation Act</li><li>EO 13636</li><li>EO 14028</li><li>FISMA 2014</li><li>GAO-04-394G</li><li>AIMD-10.1.13</li><li>GAO-13-87</li><li>GAO Report 16-469</li><li>OMB A-11</li><li>OMB A-94</li><li>OMB A-76</li><li>OMB A-123</li><li>OMB A-130</li><li>OMB Federal Cloud Computing Strategy - Cloud Smart</li><li>OMB M-97-02</li><li>OMB M-05-23</li><li>OMB M-15-14</li><li>OMB M-19-03</li><li>Federal Continuity Directive 1</li><li>Federal Continuity Directive 2</li><li>FIPS 140-2</li><li>NIST S.P. 800-30</li><li>NIST S.P. 800-37</li><li>NIST S.P. 800-39</li><li>NIST S.P. 800-53</li><li>NIST S.P. 800-56A</li><li>Section 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)</li><li>HHS Section 508 Electronic and IT</li><li>HHS Acquisition Regulation</li><li>HHS OCIO Roles and Responsibilities</li><li>HHS OCIO Enterprise Performance Life Cycle Framework Overview Document</li><li>HHS IT Strategic Plan</li><li>HHS IT Policy for Enterprise Architecture</li><li>HHS Office of Acquisition Management and Policy (OAMP) Acquisition Policy Memorandum</li><li>HHS IT Acquisition Reviews (ITAR)</li><li>HHS IT Enterprise Performance Life Cycle</li><li>HHS IS2P</li><li>HHS Records Management</li><li>HHS Enterprise Risk Management Framework</li><li>HHS Cloud Computing and FedRamp Guidance</li><li>HHS IT Procurements - Security and Privacy Language</li><li>HHS Cyber Supply Chain Risk Management</li><li>HHS High Value Asset (HVA) Program</li><li>OCIO FITARA Approval Guidance</li></ul><h4>Transition to IPv6</h4><p><strong>Doc Number:</strong> HHS-OCIO-OES-2021-08-004</p><p><strong>Description:</strong> Provides guidance to which HHS Operating Divisions (OpDivs) and Staff Divsions (StaffDivs) must follow to meet the requirements and milestones laid out in the OMB Memorandum 21-07, Completing the Transition to IPv6 (M-21-07)</p><p><strong>Effective Date:</strong> 8/1/2021</p><p><strong>Corresponding CMS Publication:</strong> N/A</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>EO 14028</li><li>Federal Acquisition Regulation (FAR)</li><li>NIST S.P. 500-267A</li><li>NIST S.P. 500-267B</li><li>NIST S.P. 500-281A</li><li>NIST S.P. 500-281B</li><li>NIST S.P. 800-53</li><li>OMB A-130</li><li>OMB M-21-07</li><li>OMB M-05-22</li><li>HHS IT Acquisition Reviews (ITAR)</li><li>HHS IT Asset Management (ITAM)</li><li>HHS IT Procurements - Security and Privacy Language</li><li>HHS IT System Inventory Management</li></ul><h4>Implementation of DHS Directive on Vulnerability Disclosure</h4><p><strong>Doc Number:</strong> HHS-OCIO-OIS-2021-05-003</p><p><strong>Description:</strong> Establishes the HHS compliance requirements under the DHS B.O.D 20-01</p><p><strong>Effective Date:</strong> 5/4/2021</p><p><strong>Corresponding CMS Publication:</strong> N/A</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>Carnegie Mellon SEI, The CERT Guide to Coordinated Vulnerable Disclosure</li><li>B.O.D. 20-01</li><li>DOJ A Framework for a Vulnerability Disclosure Program for Online Systems</li><li>FISMA 2014</li><li>HHS IS2P</li><li>ISO/IEC 29147:2018</li><li>NIST Framework for Improving Critical Infrastructure Cybersecurity</li><li>NIST S.P. 800-53</li><li>OMB A-130</li><li>OMB M-20-32</li><li>EO 13800</li><li>Title 44, U.S. Code, Section 3553(b)(2) Authority and Functions of the Director and the Secretary</li></ul><h4>Implementation of Trusted Internet Connections (TIC)</h4><p><strong>Doc Number:</strong> HHS-OCIO-OIS-2021-03-002</p><p><strong>Description:</strong> Provides the requirements to which HHS Operating Divisions (OpDivs) must adhere when implementing TICs</p><p><strong>Effective Date:</strong> 3/17/2021</p><p><strong>Corresponding CMS Publication:</strong> N/A</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>6 USC 1523(b)(1)(D)</li><li>OMB M-19-26</li><li>Committee on National Security Systems (CNSS), Internet Engineering Task Force (IETF) RFC 4949</li><li>DHS CISA TIC Reference Architecture Document</li><li>DHS CISA TIC Volume 1-5</li><li>DHS CISA TIC Interim Telework Guidance</li><li>General Services Administration (GSA) Enterprise Infrastructure Solutions (EIS) Management and Operations Handbook</li><li>GSA, Transition Handbook, Network, WITS 3, and GSA Regional Local Services to EIS Contracts</li><li>National Cybersecurity Protection System (NCPS) Cloud Interface Reference Architecture</li><li>NIST S.P. 800-37</li><li>NIST S.P. 800-41</li><li>NIST S.P. 800-53</li><li>NIST S.P. 800-145</li><li>NIST S.P. 800-152</li><li>NIST S.P. 800-207</li><li>HHS IS2P</li><li>HHS Internet and Email Security</li><li>HHS POA&amp;M Standard</li></ul><h4>Information Technology Procurements - Security And Privacy Language</h4><p><strong>Doc Number:</strong> HHS-OCIO-OIS-2021-03-001</p><p><strong>Description:</strong> Mandates the standard security and privacy language for information and information technology (IT) procurements throughout HHS</p><p><strong>Effective Date:</strong> 3/3/2021</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li><li><a href="https://security.cms.gov/learn/security-and-privacy-requirements-it-procurements">CyberGeek - Security and Privacy Requirements for IT Procurements</a></li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>Buy American Act</li><li>FAR</li><li>FASCSA 2018</li><li>FISMA 2014</li><li>OMB A-130</li><li>Public Law 115-232 § 889</li><li>Public Law 115-390</li><li>U.S.C of CFR</li></ul><h4>IT System Inventory Management</h4><p><strong>Doc Number:</strong> HHS-OCIO-OES-2020-12-011</p><p><strong>Description:</strong> Direct HHS entities (i.e., Operating Divisions [OpDiv] and Staff Divisions [StaffDiv]) to establish and maintain an enterprise-wide inventory of HHS IT systems by providing guidance and baseline standards for maintaining a comprehensive inventory of all IT systems and related information</p><p><strong>Effective Date:</strong> 12/2020</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>Clinger-Cohen Act of 1996</li><li>E-Government Act of 2002</li><li>FISMA 2014</li><li>FITARA 2014</li><li>FITARA Enhancement Act of 2017</li><li>MEGABYTE Act of 2016</li><li>OMB A-11</li><li>OMB A-130</li><li>OMB M-15-14</li><li>OMB M-19-03</li><li>OMB M-17-09</li><li>OMB M-19-01</li><li>OMB M-19-21</li><li>NIST S.P. 800-37</li><li>NIST S.P. 800-137</li><li>HHS CPIC</li><li>HHS HVA</li><li>HHS ITAM</li><li>HHS Records Management</li><li>HHS IS2P</li></ul><h4>Information Technology Asset Management (ITAM)</h4><p><strong>Doc Number:</strong> HHS-OCIO-OCPO-2020-08-008</p><p><strong>Description:</strong> Establishes the HHS program for the management of IT and Telecommunication assets in compliance with the Cap Goal 7: Category Management - Leveraging Common Contracts and Best Practices to Drive Saving and Efficiencies, within the Presidents Management Agenda (PMA); to buy common goods and services as an enterprise to eliminate redundancies, increase efficiency, and to deliver more value and savings from the governments acquisition programs</p><p><strong>Effective Date:</strong> 8/19/2020</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>Clinger-Cohen Act of 1996</li><li>E-Government Act</li><li>MEGABYTE Act of 2016</li><li>Section 508 of the Rehabilitation Act</li><li>FAR</li><li>Federal Accounting Standards Advisory Board (FASAB), Statement of Federal Financial Accounting Standards (SFFAS) No. 10, Accounting for Internal Use Software</li><li>FASAB, Federal Finacial Accounting Technical Release 16, Implementation Guidance for Internal Use Software</li><li>GAO 14-413</li><li>OMB A-130</li><li>OMB M-16-12</li><li>OMB M-15-14</li><li>OMB M-19-13</li><li>HHS FITARA Implementation-Revised HHS IT Governance Framework</li><li>HHS FITAR Implementation Plan</li><li>GAO audit recommendations of HHSs Telecommunications inventory management and IT Strategic Planning</li></ul><h4>Vulnerability Management</h4><p><strong>Doc Number:</strong> HHS-OCIO-OIS-2020-08-009</p><p><strong>Description:</strong> Establishes the baseline requirements for maintaining and effective vulnerability management program to implement and support activities pertaining to vulnerability scanning and remediation and to continually manage risks impacting HHS IT resources</p><p><strong>Effective Date:</strong> 8/19/2020</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FISMA 2014</li><li>OMB A-130</li><li>Section International Organization for Standardization (ISO) 27002</li><li>NIST S.P. 800-40</li><li>NIST S.P. 800-51</li><li>NIST S.P. 800-53</li><li>NIST S.P. 800-126</li><li>NIST S.P. 800-128</li><li>HHS IS2P</li></ul><h4>Cyber Supply Chain Risk Management (C-SCRM)</h4><p><strong>Doc Number:</strong> HHS-OCIO-OIS-2020-08-010</p><p><strong>Description:</strong> Establishes the baseline requirements for securing the information and communications technology (ICT) products and services supply chain in order to protect HHS information systems and information from the risks involving ICT procurement supply chain</p><p><strong>Effective Date:</strong> 8/18/2020</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FISMA 2014</li><li>SECURE Technology Act</li><li>Buy American Act</li><li>Public Law 115-232 § 889</li><li>FASCSA 2018</li><li>Comprehensive National Cybersecurity Initiative (CNCI)</li><li>CISA National Risk Management Center</li><li>OMB A-130</li><li>FAR</li><li>NIST S.P. 800-161</li><li>NIST S.P. 800-37</li><li>HHS ISP2</li></ul><h4>Section 508 Compliance and Accessibility of Information and Communications Technology (ICT)</h4><p><strong>Doc Number:</strong> HHS-OCIO-OES-2020-07-007</p><p><strong>Description:</strong> Implement uniformity and conformity of accessibility compliance across all of HHS</p><p><strong>Effective Date:</strong> 7/2020</p><p><strong>Corresponding CMS Publication:</strong> IS2P2</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>Communications Act of 1934</li><li>FAR</li><li>FITARA</li><li>HHS Acquisition Regulation (HHSAR)</li><li>36 CFR § 1193-1194</li><li>OMB M-17-06</li><li>OMB M-13-13</li><li>OMB M-16-20</li><li>OMB Memorandum, Improving the Accessibility of Government Information</li><li>OMB Strategic Plan for Improving Management of Section 508 of the Rehabilitation Act</li><li>Rehabilitation Act of 1973</li><li>Workforce Innovation and Opportunities Act</li></ul><h4>Information Technology Acquisition Reviews (ITAR)</h4><p><strong>Doc Number:</strong> HHS-OCIO-OES-2020-06-006</p><p><strong>Description:</strong> Establishes the HHS ITAR Program, which ensures HHS conducts its due diligence to manage and maintain oversight and governance over the procurement of IT therefore contributing to effective planning, budgeting, and execution of IT resources</p><p><strong>Effective Date:</strong> 6/2020</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>Clinger-Cohen Act</li><li>National Defense Authorization Act for Fiscal Year 2015</li><li>EO 13833</li><li>FAR</li><li>HHS Acquisition Regulation (HHSAR)</li><li>OMB A-11</li><li>OMB A-130</li><li>OMB M-15-14</li><li>OMB M-16-12</li><li>HHS FITARA Implementation-Revised HHS IT Governance Framework</li><li>HHS FITARA HHS Implementation Plan</li><li>HHS Memorandum for Record, HHS Chief Information Officer Delegation of Authorities to Operating Divsiion Chief Information Officers</li><li>HHS CPIC</li><li>HHS EPLC</li><li>HHS Procedures, Guidance and Instructions (PGI)</li><li>Information Technology Decision Criteria and Clause Matrix</li><li>HHS IT Procurements - Security and Privacy language</li><li>HHS Standard for Encryption of computing Devices and Information</li><li>HHS Minumun Security Configuration Standards Guidance</li><li>HHS Software Development Secure Coding Practices</li><li>HHS Directive for Acquisition Strategy</li></ul><h4>Preparing for and Responding to a Breach</h4><p><strong>Doc Number:</strong> HHS-OCIO-PIM-2020-05-003</p><p><strong>Description:</strong> Addresses OMB M-17-22, Preparing for and Responding to a Breach of PII, and sets forth the approach of HHS in preparing for and responding to breaches of PII in any medium or form</p><p><strong>Effective Date:</strong> 5/2020</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li><li><a href="https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir">CyberGeek - Risk Management Handbook Chapter 8: Incident Response (IR)</a></li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FISMA 2014</li><li>OMB M-17-12</li><li>OMB M-19-03</li><li>OMB M-20-04</li><li>OMB M-16-14</li><li>OMB A-130</li><li>PPD-41</li><li>NIST S.P. 800-34</li><li>NIST S.P. 800-61</li><li>NIST S.P. 800-122</li><li>US-CERT Federal Incident Notification Guidelines</li><li>National Cybersecurity and Communications Integration Center (NCCIC) Cyber Incident Scoring System</li><li>Identity Protection Services (IPS) Multiple Award Blanket Purchase Agreement (BPA)</li></ul><h4>Securing Wireless Local Area Networks</h4><p><strong>Doc Number:</strong> HHS-OCIO-OIS-2020-01-001</p><p><strong>Description:</strong> Updates the requirements and specification for securing all HHS WLANs in compliance with the NIST S.P. 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs) and the Institute of Electrical and Electronic Engineers (IEEE) 802.11 WLANs standards</p><p><strong>Effective Date:</strong> 1/13/2020</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>NIST S.P. 800-153</li><li>NIST S.P. 800-97</li><li>HHS IS2P</li><li>HHS Memorandum, Addendum to the HHS IS2P</li></ul><h4>Enterprise Data Management</h4><p><strong>Doc Number:</strong> HHS-OCIO-OIS-2020-02-002</p><p><strong>Description:</strong> Establishes the requirements for the efficient and secure management and protection of enterprise data</p><p><strong>Effective Date:</strong> 11/13/2019</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FISMA 2014</li><li>FITARA</li><li>FIPS 199</li><li>OMB A-130</li><li>OMB M-13-13</li><li>OMB M-17-12</li><li>NIST S.P. 800-37</li><li>HHS IS2P</li></ul><h4>Domain Name System (DNS) and DNS Security Extensions (DNSSEC) Services</h4><p><strong>Doc Number:</strong> HHS-OCIO-OIS-2019-11-011</p><p><strong>Description:</strong> Establishes the minumum requirements for implementing the DNS and DNSEC services across the HHS and the OpDiv networks</p><p><strong>Effective Date:</strong> 10/2019</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>OMB A-130</li><li>DHS DNS Security Reference Architecture</li><li>NIST S.P. 800-81</li><li>NIST S.P. 800-53</li><li>DHS B.O.D. 19-01</li></ul><h4>Internet and Email Security</h4><p><strong>Doc Number:</strong> HHS-OCIO-OIS-2019-10-009</p><p><strong>Description:</strong> Establishes the minimum requirements for securing the internet and email services throughout HHS, including OpDivs</p><p><strong>Effective Date:</strong> 10/2019</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li><li><a href="https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-16-system-communications-protection">CyberGeek - RMH Chapter 16: System &amp; Communications Protection</a></li><li><a href="https://security.cms.gov/learn/email-encryption-requirements-cms">CyberGeek - Email Encryption Requirements at CMS</a></li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>EO 13800</li><li>OMB M-15-13</li><li>DHS B.O.D 19-01</li><li>DHS B.O.D 18-01</li><li>NIST S.P. 800-177</li><li>NIST S.P. 800-119</li><li>Federal Trade Commission (FTC) Bureau of Consumer Protections, Businesses Can Help Stop Phishing and Protect their Brands Using Email Authentication</li><li>HHS Rules of Behavior (ROB)</li></ul><h4>High Value Asset (HVA) Program</h4><p><strong>Doc Number:</strong> HHS-OCIO-OES-2018-09-006</p><p><strong>Description:</strong> Provides HHS OpDivs and StaffDivs with the policy for governance of HHS HVAs along with the requirements for the identification, categorization, prioritization, reporting, assessment, and the remediation of finding of HVAs</p><p><strong>Effective Date:</strong> 8/2019</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>OMB M-16-04</li><li>OMB M-19-02</li><li>OMB M-19-03</li><li>OMB M-13-13</li><li>OMB A-123</li><li>OMB A-130</li><li>DHS B.O.D. 18-02</li><li>Cybersecurity Strategy and Implementation Plan for the Federal Civilian Government (CSIP)</li><li>Cybersecurity National Action Plan (CNAP)</li><li>HHS IS2P</li><li>HHS Continuity of Operation Program</li><li>HHS IT Procurements - Security and Privacy Language</li><li>Senior Accountable Official for Risk Management (SAORM) Designee for Department of Homeland Security B.O.D. 18-02 Securing HVAs</li></ul><h4>Mobile Devices and Removable Media</h4><p><strong>Doc Number:</strong> HHS-OCIO-OIS-2019-09-0005</p><p><strong>Description:</strong> Protects HHS information and information systems from risks related to the use of mobile devices for government businesses and the risks of using mobile devices to access HHS information systems remotely from outside of HHS facilities</p><p><strong>Effective Date:</strong> 8/2019</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li><li><a href="https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-5-configuration-management-cm">CyberGeek - Risk Management Handbook Chapter 5: Configuration Management (CM)</a></li><li><a href="https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-10-media-protection-mp">CyberGeek - Risk Management Handbook Chapter 10: Media Protection (MP)</a></li><li><a href="https://security.cms.gov/policy-guidance/cms-access-control-handbook">CyberGeek - CMS Access Control Handbook</a></li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FISMA 2014</li><li>Federal Records Act of 1950</li><li>NIST S.P. 800-53</li><li>NIST S.P. 800-124</li><li>EO 13556</li><li>OMB A-130</li><li>HHS IS2P</li><li>HHS Rules of Behavior for Use of HHS Information and IT Resources Policy</li></ul><h4>Software Development Secure Coding Practices</h4><p><strong>Doc Number:</strong> HHS-OCIO-OES-2019-08-005</p><p><strong>Description:</strong> Establishes the minimum baseline secure coding practices that must be implemented to ensure secure code is “built in” in the early phases of the software development lifecycle in order to protect and secure all HHS information, IT systems, and networks</p><p><strong>Effective Date:</strong> 8/2019</p><p><strong>Corresponding CMS Publication:</strong></p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>HIPAA</li><li>FISMA 2014</li><li>OMB A-130</li><li>HHS IS2P</li></ul><h4>Mobile Applications Privacy Policy</h4><p><strong>Doc Number:</strong> HHS-OCIO-PIM-2018-09-001</p><p><strong>Description:</strong> Sets forth HHS policy for protecting privacy in HHS Mobile Applications</p><p><strong>Effective Date:</strong> 8/2018</p><p><strong>Corresponding CMS Publication:</strong></p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FISMA 2014</li><li>COPPA 1998</li><li>Privacy Act of 1974</li><li>OMB M-17-06</li><li>OMB A-130</li><li>OMB A-108</li><li>Digital Government: Building a 21st Century Platform to Better Serve the American People</li><li>NIST 800-53</li><li>NIST S.P. 800-163</li><li>NIST S.P. 800-37</li><li>NIST S.P. 800-61</li><li>NIST S.P. 800-122</li><li>HHS Policy and Plan for Preparing for and Responding to Breaches of PII</li><li>HHS Privacy Impact Assessment Guidance</li><li>HHS IS2P</li><li>HHS Privacy Impact Assessments (PIA)</li></ul><h4>Information Technology (IT) Policy for Enterprise Performance Life Cycle (EPLC)</h4><p><strong>Doc Number:</strong> HHS-OCIO-2008-004.002</p><p><strong>Description:</strong> All HHS IT projects shall be managed using the HHS EPLC Framework, including life cycle phases, reviews, deliverables, activities, responsibilities, and tailoring, regardless of the specific development methodology used</p><p><strong>Effective Date:</strong> 11/2016</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li><li><a href="https://www.cms.gov/data-research/cms-information-technology/tlc">CMS.gov - Target Life Cycle (TLC)</a></li><li><a href="https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition">CyberGeek - Risk Management Handbook Chapter 15: System &amp; Services Acquisition</a></li><li><a href="https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-16-system-communications-protection">CyberGeek - RMH Chapter 16: System &amp; Communications Protection</a></li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>HHS Acquisition Regulation (HHSAR)</li><li>Federal Acquisition Certification-Program and Project Manager Program (FAC-P/PM)</li><li>HHS IT Capital Planning and Investment Control</li><li>HHS IRM Policy for Conducting IT Alternatives Analysis</li><li>HHS IT Performance Management (PfM)</li><li>HHS Enterprise Architecture (EA)</li><li>HHS IT System Inventory Management</li><li>HHS Records Mangement</li><li>HHS Implementing Email Records Management</li><li>HHS Section 508 and Accessibility of Technology and Communications Technology (ICT)</li><li>HHS Security Policies, Standards, Charters and Training Resources</li><li>HHS Incident Reporting, Policy and Incident Management Reference</li><li>HHS PIA</li><li>FITARA</li><li>GAO Cost Estimating and Assessment Guide</li><li>OMB M-05-23</li><li>OMB A-11</li><li>OMB A-127</li><li>OMB A-130</li></ul><h4>Environmental Practices of Electronics</h4><p><strong>Doc Number:</strong> N/A</p><p><strong>Description:</strong> Provides the framework for the implementation of sound environmental practices in the acquisition, operations and maintenance, and end-of-life management of HHS-purchased electronic products</p><p><strong>Effective Date:</strong> 6/5/2011</p><p><strong>Corresponding CMS Publication:</strong> CMS Property Management</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>EO 13423</li><li>EO 13514</li></ul><h4>Electronic Stewardship</h4><p><strong>Doc Number:</strong> HHS-OCIO-2011-0002.001</p><p><strong>Description:</strong> Provides the framework for the implementation of sound environmental practices in the acquisition, operations and maintenance, and end-of-life management of HHS-purchased electronic products</p><p><strong>Effective Date:</strong> 6/2011</p><p><strong>Corresponding CMS Publication:</strong> CMS Property Management</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>EO 13423</li><li>EO 13514</li></ul><h4>Policy for FOIA Investigatory &amp; Audit Matters</h4><p><strong>Doc Number:</strong> N/A</p><p><strong>Description:</strong> Provides HHS staff with a policy for legal holds and to inform HHS staff about FOIA, investigatory, and audit matters that require holds on HHS records and other related documentary materials</p><p><strong>Effective Date:</strong> 1/26/2011</p><p><strong>Corresponding CMS Publication:</strong> CMS Freedom of Information Group</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FOIA</li><li>44 U.S.C Chapter 31</li><li>44 U.S.C Chapter 33</li><li>5 U.S.C Chapter 552</li><li>36 CFR Chapter XII, subchapter B</li><li>Federal Rules of Civil Procedure (FRCP)</li></ul><h4>Policy for Networks Program Designated Agency Representatives</h4><p><strong>Doc Number:</strong> HHS-OCIO-2010-0005</p><p><strong>Description:</strong> Identifies and provides supplemental information in the establishment of titles, roles and responsibilities of Designated Agency Representatives (DARs) for the move from the FTS-2001 contract to the Networx contract and its transition program</p><p><strong>Effective Date:</strong> 6/10/2010</p><p><strong>Corresponding CMS Publication:</strong> Coming Soon</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FAR</li><li>General Services Administration (GSA) guidelines regarding Networx contracts, policies, and procedures</li><li>GSA DAR Guidelines for Network Services Contracts of the Office of ITS FAA</li></ul><h4>Policy for Enterprise Architecture</h4><p><strong>Doc Number:</strong> HHS-OCIO-2008-0003.001</p><p><strong>Description:</strong> Outlines the roles and responsibilities for ensuring compliance with legislative and executive level guidance on Enterprise Architecture (EA)</p><p><strong>Effective Date:</strong> 8/7/2008</p><p><strong>Corresponding CMS Publication:</strong> Coming Soon</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>GRPA 1993</li><li>FASA V 1994</li><li>PRA 1995</li><li>Clinger-Cohen Act of 1996</li><li>Government Paperwork Elimination Act of 1998</li><li>GISRA 2000</li><li>FISMA 2002</li><li>E-Government Act of 2002</li><li>EO 13011</li><li>OMB A-11</li><li>OMB A-109</li><li>OMB A-123</li><li>OMB A-127</li><li>OMB A-130</li><li>OMB M-00-07</li><li>OMB M-97-02</li></ul><h4>Policy for eGov Forms</h4><p><strong>Doc Number:</strong> HHS-OCIO-2006-0003</p><p><strong>Description:</strong> Ensures that HHS maintains accurate form content for those HHS forms that are in the E-Gov Forms Catalogue, managed by the Small Business Administration (SBA) and the General Services Administration (GSA) under the Business Gateway (BG) initiative</p><p><strong>Effective Date:</strong> 6/7/2006</p><p><strong>Corresponding CMS Publication:</strong> Coming Soon</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>Federal Property and Administrative Services Act of 1949</li><li>E-Government Act of 2002</li><li>Section 508 Rehabilitation Act</li><li>Paperwork Reduction Act of 1980</li><li>Information Quality Act</li><li>5 U.S.C. 552a(e)(1)</li><li>44 U.S.C. 3508</li><li>Small Business Paperwork Relief Act of 2002</li><li>36 CFR Parts 1220-1238</li><li>5 CFR part 1320</li><li>OMB A-130</li></ul><h4>Policy for HHSMail Change Management</h4><p><strong>Doc Number:</strong> HHS-OCIO 2006-0002.001</p><p><strong>Description:</strong> Establishes the policy for change management within the HHS HHSMail project</p><p><strong>Effective Date:</strong> 3/2/2006</p><p><strong>Corresponding CMS Publication:</strong> Coming Soon</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>Clinger-Cohen Act</li><li>OMB A-130</li><li>OMB A-11</li><li>OMB A-123</li></ul><h3>HHS Standards</h3><h4>HHS Standard for Plan of Action and Milestones (POAM) Management and Reporting</h4><p><strong>Doc Number:</strong> HHS-OCIO-2019-0002.001S</p><p><strong>Description:</strong> Provides OpDivs with the baseline standards and guidelines for properly documenting and managing POA&amp;Ms and support the OpDivs in their development and management of POA&amp;Ms within their respective organizations</p><p><strong>Effective Date:</strong> 6/3/2019</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li><li><a href="https://security.cms.gov/policy-guidance/cms-plan-action-and-milestones-poam-handbook">CyberGeek - CMS Plan of Action and Milestones (POA&amp;M) Handbook</a></li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FISMA 2014</li><li>EO 13800</li><li>NIST S.P. 800-53</li><li>OMB A-130</li><li>OMB M-14-04</li><li>HHS IS2P</li></ul><h4>HHS Standard for System Inventory Management</h4><p><strong>Doc Number:</strong> HHS-OCIO-2018-0001.002S</p><p><strong>Description:</strong> Provides guidance and the baseline standards for maintaining a comprehensive inventory of all systems throughout HHS and enable management to have continuous accounting of all information systems and information assets</p><p><strong>Effective Date:</strong> 12/27/2018</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FISMA 2014</li><li>OMB A-130</li><li>NIST S.P. 800-37</li><li>NIST S.P. 800-137</li><li>HHS IS2P</li><li>HHS Memorandum, FY15 Cybersecurity IT Priorities</li></ul><h4>Minimum Security Configuration Standards Guidance</h4><p><strong>Doc Number:</strong> HHS-OCIO-2017-0001.001S</p><p><strong>Description:</strong> Provides personnel involved in configuring or connecting servers, workstations, or network devices to the HHS infrastructure with minimum security configuration standards for each respective device</p><p><strong>Effective Date:</strong> 10/5/2017</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>Cyber Security Research and Development Act of 2002</li><li>FISMA 2014</li><li>OMB A-130</li><li>CNSS Instruction No. 4009</li><li>HHS IS2P</li><li>NIST S.P. 800-37</li><li>NIST S.P. 800-52</li><li>NIST S.P. 800-53</li><li>NIST S.P. 800-60</li><li>NIST S.P. 800-70</li><li>NIST S.P. 800-115</li><li>NIST S.P. 800-128</li><li>NIST S.P. 800-152</li><li>NIST S.P. 800-175A</li><li>NIST S.P. 800-179</li></ul><h4>HHS Minimum Security Configuration Standards for Palo Alto Networks</h4><p><strong>Doc Number:</strong> HHS-OCIO-2017-0001-002S</p><p><strong>Description:</strong> Provides OpDivs with specific technical configuration guidance for implementing the Palo Alto Networks Uniform Resource Locator (URL) filtering and Transport Layer Security (TLS) decryption solution</p><p><strong>Effective Date:</strong> 5/31/2017</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li><li><a href="https://security.cms.gov/policy-guidance/cms-privacy-impact-assessment-pia-handbook">CyberGeek - CMS Privacy Impact Assessment (PIA) Handbook</a></li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FISMA 2014</li><li>OMB A-130</li><li>NIST S.P. 800-66</li><li>HHS IS2P</li></ul><h3>HHS Memoranda</h3><h4>HHS Approved Physical Access and Logical Access Authentication Mechanisms</h4><p><strong>Effective Date:</strong> 3/15/2024</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li><li><a href="https://security.cms.gov/policy-guidance/cms-access-control-handbook">CyberGeek - CMS Access Control Handbook</a></li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>HSPD-12</li><li>OMB M-19-17</li><li>OMB M-22-09</li><li>NIST S.P. 800-63-3</li><li>NIST S.P. 800-63A</li><li>NIST S.P. 800-63B</li><li>NIST S.P. 800-63C</li><li>NIST S.P. 800-157</li><li>NIST S.P. 800-217</li><li>OMB A-123</li></ul><h4>Reminder of Existing HHS IT User Policies Relevant for Third-Party Generative AI Tools</h4><p><strong>Effective Date:</strong> 12/20/2023</p><p><strong>Corresponding CMS Publication:</strong> Coming Soon</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>40 U.S.C § 11319(b)(1)(A)</li><li>40 U.S.C § 11319</li><li>40 U.S.C § 11315(c)(2)</li><li>HHS Securing AI Technology</li><li>HHS Rules of Behavior for Use of Information and IT Resources</li></ul><h4>Memorandum M-23-13 “No TikTok on Government Devices” Implementation</h4><p><strong>Effective Date:</strong> 3/31/2023</p><p><strong>Corresponding CMS Publication:</strong> Coming Soon</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>No TikTok on Government Devices Act</li><li>OMB M-23-13</li></ul><h4>IS2P / NIST S.P. 800-53 Revision 5 - Compliance Timeline</h4><p><strong>Effective Date:</strong> 12/20/2022</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>NIST S.P. 800-53</li><li>HHS IS2P &nbsp;</li><li>HHS Control Catalog</li></ul><h4>Updated Department Standard Warning Banner for HHS Systems</h4><p><strong>Effective Date:</strong> 9/12/2022</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>NIST S.P. 800-53</li></ul><h4>Rescission of Outdated and Superseded Policy</h4><p><strong>Effective Date:</strong> 12/9/2021</p><p><strong>Corresponding CMS Publication:</strong> Coming Soon</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>HHS IS2P</li><li>HHS Control Catalog</li><li>HHS Minimum Security Configuration Standards Guidance</li><li>HHS Minimum Security Configuration Standards for Palo Alto Networks</li></ul><h4>HHS Social Security Number (SSN) Reduction and Elimination</h4><p><strong>Effective Date:</strong> 6/10/2021</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>Privacy Act of 1974</li><li>E-Government Act of 2002</li><li>FISMA 2014</li><li>Paperwork Reduction Act of 1995</li><li>OMB M-17-12</li><li>OMB M-07-16</li><li>OMB M-03-22</li><li>OMB A-130</li><li>EO 9397</li><li>NIST S.P. 800-53</li><li>HHS Preparing for and Responding to a Breach of PII</li><li>HHS PIA</li><li>HHS Sensitive PII Definition and Guidance</li><li>HHS IS2P</li></ul><h4>Complete Transition to IPv 6 Memorandum</h4><p><strong>Effective Date:</strong> 4/29/2021</p><p><strong>Corresponding CMS Publication:</strong> Coming Soon</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>OMB M-21-07</li></ul><h4>Roles &amp; Repsonsibilities of OpDiv SOPs</h4><p><strong>Effective Date:</strong> 3/3/2021</p><p><strong>Corresponding CMS Publication:</strong> IS2P2</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FISMA 2014</li><li>E-Government Act of 2002</li><li>Privacy Act of 1974</li><li>Paperwork Reduction Act</li><li>FAR</li><li>Implementing Recommendations of the 9/11 Commission Act of 2007</li><li>EO 13636</li><li>EO 9397</li><li>NIST S.P. 800-53</li><li>OMB A-130</li><li>OMB M-20-04</li><li>OMB M-16-24</li><li>OMB M-17-12</li><li>OMB M-10-23</li><li>OMB M-10-22</li><li>OMB M-07-16</li><li>OMB M-03-22</li><li>HHS IS2P</li><li>HHS IT Acquisition Reviews (ITAR)</li><li>HHS Preparing for and Responding to a Breach of PII</li><li>HHS High Value Asset (HVA) Program</li><li>HHS IT Procurements Security and Privacy Language</li><li>HHS Acquisition Regulation (HHSAR)</li><li>HHS Mobile Applications Privacy Policy</li><li>HHS POA&amp;M Standard</li><li>HHS PIA</li><li>HHS Sensitive PII Definition and Guidance</li></ul><h4>Use of Government Furnished Equipment (GFE) During Foreign Travel</h4><p><strong>Effective Date:</strong> 2/10/21</p><p><strong>Corresponding CMS Publication:</strong> CMS Counterintelligence and Insider Threat - Foreign Travel</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FIPS 140-2</li></ul><h4>Rescission of Security and Privacy Outdated and Superseded Policies</h4><p><strong>Effective Date:</strong> 11/25/2019</p><p><strong>Corresponding CMS Publication:</strong> Coming Soon</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>HHS IT Security and Privacy Incident Reporting and Response</li><li>HHS IS2P</li><li>HHS Minimum Security Configurations Standards Guidance</li><li>HHS Preparing for and Responding to a Breach of PII</li><li>HHS PIA</li></ul><h4>Sensitive PII Definition and Guidance</h4><p><strong>Effective Date:</strong> 12/4/2018</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>Paperwork Reduction Act</li><li>OMB A-130</li><li>HHS Preparing for and Responding to a Breach of PII</li><li>HHS PIA</li><li>OMB M-10-23</li><li>OMB M-17-12</li><li>NIST S.P. 800-122</li><li>NIST S.P. 800-88</li></ul><h4>Addendum to the HHS IS2P</h4><p><strong>Effective Date:</strong> 5/24/2018</p><p><strong>Corresponding CMS Publication:</strong> Coming Soon</p><p><strong>Corresponding Federal Publication:</strong> Coming Soon</p><h4>Requirement for Role-Based Training of Personnel with Significant Security Responsibilities</h4><p><strong>Effective Date:</strong> 6/28/2017</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li><li><a href="https://security.cms.gov/learn/role-based-training-rbt">CyberGeek - Role Based Training (RBT)</a></li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FISMA 2014</li><li>FCWAA 2015</li><li>5 CFR 930.301</li><li>NIST S.P. 800-181</li><li>NIST S.P. 800-16</li><li>HHS IS2P</li></ul><h4>HHS Cloud Computing and Federal Risk and Authorization Management Program Guidance</h4><p><strong>Effective Date:</strong> 7/15/2016</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li><li><a href="https://security.cms.gov/learn/fedramp">CyberGeek - Federal Risk and Authorization Management Program (FedRAMP)</a></li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FedRAMP</li><li>NIST S.P. 800-144</li><li>NIST S.P. 800-137</li><li>HHS Cloud Computing Strategy</li></ul><h4>End-of-Life Operating Systems, Software and Applications Policy</h4><p><strong>Effective Date:</strong> 5/19/2016</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>NIST S.P. 800-53</li></ul><h4>FY15 Cybersecurity IT Priorities</h4><p><strong>Effective Date:</strong> 6/1/2015</p><p><strong>Corresponding CMS Publication:</strong> Coming Soon</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FISMA 2014</li><li>FITARA</li><li>EO 13636</li><li>HHS Acquisition Regulation (HHSAR)</li></ul><h4>HHS Usage of Unauthorized External Information Systems to Conduct Department Business Memorandum</h4><p><strong>Effective Date:</strong> 1/8/2014</p><p><strong>Corresponding CMS Publication:</strong> IS2P2</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>HHS IS2P</li></ul><h4>HHS Security Data Warehouse Escalation Memorandum</h4><p><strong>Effective Date:</strong> 7/15/2013</p><p><strong>Corresponding CMS Publication:</strong> Coming Soon</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FISMA 2014</li></ul><h4>Policy for Monitoring Employee Use of HHS IT Resources (2013)</h4><p><strong>Effective Date:</strong> 6/26/2013</p><p><strong>Corresponding CMS Publication:</strong> IS2P2</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>IG Act 1978</li><li>Privacy Act of 1974</li><li>HIPAA</li><li>Whistleblower Protection Act</li><li>FOIA</li></ul><h4>Determining Non-Sensitive Data on Mobile Computers/Devices</h4><p><strong>Effective Date:</strong> 1/11/2013</p><p><strong>Corresponding CMS Publication:</strong> IS2P2</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>OMB M-06-16</li></ul><h4>Implementation of OMB M-10-22 and M-10-23</h4><p><strong>Effective Date:</strong> 12/21/2010</p><p><strong>Corresponding CMS Publication:</strong> Coming Soon</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>OMB M-10-22</li><li>OMB M-10-23</li><li>OMB M-07-16</li><li>HHS IS2P</li></ul><h4>Resolving Security Audit Finding Disputes</h4><p><strong>Effective Date:</strong> 5/13/2010</p><p><strong>Corresponding CMS Publication:</strong> Coming Soon</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>OMB M-08-21</li></ul><h4>Updated Departmental Standard for the Definition of Sensitive Information</h4><p><strong>Effective Date:</strong> 5/18/2009</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong> Coming Soon</p><h4>Applicability of FISMA to HHS Grantees</h4><p><strong>Effective Date:</strong> 10/29/2007</p><p><strong>Corresponding CMS Publication:</strong> IS2P2</p><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>FISMA 2002</li><li>OMB M-07-19</li></ul><h3>HHS Guides, Forms, and Templates</h3><h4>Information Security &amp; Privacy Certification Checklist</h4><p><strong>Effective Date:</strong> 7/1/2021</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li><li><a href="https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition">CyberGeek - Risk Management Handbook Chapter 15: System &amp; Services Acquisition</a></li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>Privacy Act of 1974</li><li>NIST S.P. 800-60</li><li>NIST S.P. 800-88</li><li>FIPS 199</li></ul><h4>Policy Exception-Risk Based Decision Request</h4><p><strong>Effective Date:</strong> 7/10/2019</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>44 U.S. C, Sec. 3502</li><li>OMB A-127</li><li>OMB A-130</li><li>OMB M-19-03</li><li>OMB M-17-12</li></ul><h4>HHS Guidance for Selection of e-Authentication Assurance Levels</h4><p><strong>Effective Date:</strong> 3/2019</p><p><strong>Corresponding CMS Publication:</strong>&nbsp;</p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>EO 13681</li><li>NIST S.P. 800-63</li><li>NIST S.P. 800-63-3</li><li>NIST S.P. 800-63A</li><li>NIST S.P. 800-63B</li><li>NIST S.P. 800-63C</li><li>OMB M-04-04</li><li>HHS IS2P</li></ul><h4>HHS Guidance for e-Authentication RA Template</h4><p><strong>Effective Date:</strong> 3/2019</p><p><strong>Corresponding CMS Publication:</strong></p><ul><li>IS2P2</li><li>ARS</li></ul><p><strong>Corresponding Federal Publication:</strong>&nbsp;</p><ul><li>NIST S.P. 800-63</li><li>NIST S.P. 800-63-3</li><li>NIST S.P. 800-63A</li><li>NIST S.P. 800-63B</li><li>NIST S.P. 800-63C</li><li>HHS IS2P</li></ul><h4>Charter Establishing the EPLC Change Control Board</h4><p><strong>Effective Date:</strong> N/A</p><p><strong>Corresponding CMS Publication:</strong> <a href="https://www.cms.gov/data-research/cms-information-technology/tlc">CMS.gov - Target Life Cycle</a></p><p><strong>Corresponding Federal Publication:</strong> N/A</p><h4>Non-Disclosure Agreement</h4><p><strong>Effective Date:</strong> N/A</p><p><strong>Corresponding CMS Publication:</strong> Coming Soon</p><p><strong>Corresponding Federal Publication:</strong> N/A</p></div></section></div></div></div></div></main><footer class="usa-footer usa-footer--slim"><div class="grid-container"><div class="grid-row flex-align-end"><div class="grid-col"><div class="usa-footer__return-to-top"><a class="font-sans-xs" href="#">Return to top</a></div></div><div class="grid-col padding-bottom-2 padding-top-4 display-flex flex-justify-end"><a class="usa-button" href="/feedback">Give feedback</a></div></div></div><div class="usa-footer__primary-section"><div class="usa-footer__primary-container grid-row"><div class="tablet:grid-col-3"><a class="usa-footer__primary-link" href="/"><img alt="CyberGeek logo" loading="lazy" width="142" height="26" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg"/></a><p class="usa-footer__logo-heading display-none tablet-lg:display-block">The official website of the CMS Information Security and Privacy Group (ISPG)</p></div><div class="tablet:grid-col-12 tablet-lg:grid-col-9"><nav class="usa-footer__nav" aria-label="Footer navigation,"><ul class="grid-row grid-gap"><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="/learn/about-ispg-cybergeek">What is CyberGeek?</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/privacy">Privacy policy</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/about-cms/information-systems/privacy/vulnerability-disclosure-policy">CMS Vulnerability Disclosure Policy</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/About-CMS/Agency-Information/Aboutwebsite/Policiesforaccessibility">Accessibility</a></li></ul></nav></div></div></div><div class="usa-footer__secondary-section"><div class="grid-container"><div class="usa-footer__logo grid-row grid-gap-2"><div class="mobile-lg:grid-col-3"><a href="https://www.cms.gov/"><img alt="CMS homepage" loading="lazy" width="124" height="29" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/cmsLogo.10a64ce4.svg"/></a></div><div class="mobile-lg:grid-col-7"><p class="font-sans-3xs line-height-sans-3">A federal government website managed and paid for by the U.S. Centers for Medicare &amp; Medicaid Services.</p><address class="font-sans-3xs line-height-sans-3">7500 Security Boulevard, Baltimore, MD 21244</address></div></div></div></div></footer><script>(self.__next_s=self.__next_s||[]).push(["/assets/javascript/uswds.min.js",{}])</script><script src="/_next/static/chunks/webpack-182b67d00f496f9d.js" async=""></script><script>(self.__next_f=self.__next_f||[]).push([0]);self.__next_f.push([2,null])</script><script>self.__next_f.push([1,"1:HL[\"/_next/static/css/ef46db3751d8e999.css\",\"style\"]\n2:HL[\"/_next/static/css/0759e90f4fecfde7.css\",\"style\"]\n"])</script><script>self.__next_f.push([1,"3:I[5751,[],\"\"]\n6:I[9275,[],\"\"]\n8:I[1343,[],\"\"]\nb:I[6130,[],\"\"]\n7:[\"slug\",\"cms-guide-federal-laws-regulations-and-policies\",\"d\"]\nc:[]\n0:[\"$\",\"$L3\",null,{\"buildId\":\"m9SaS4P6zugJbBHpXSk5Y\",\"assetPrefix\":\"\",\"urlParts\":[\"\",\"policy-guidance\",\"cms-guide-federal-laws-regulations-and-policies\"],\"initialTree\":[\"\",{\"children\":[\"policy-guidance\",{\"children\":[[\"slug\",\"cms-guide-federal-laws-regulations-and-policies\",\"d\"],{\"children\":[\"__PAGE__\",{}]}]}]},\"$undefined\",\"$undefined\",true],\"initialSeedData\":[\"\",{\"children\":[\"policy-guidance\",{\"children\":[[\"slug\",\"cms-guide-federal-laws-regulations-and-policies\",\"d\"],{\"children\":[\"__PAGE__\",{},[[\"$L4\",\"$L5\",null],null],null]},[null,[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"policy-guidance\",\"children\",\"$7\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\"}]],null]},[null,[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"policy-guidance\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\"}]],null]},[[[[\"$\",\"link\",\"0\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/ef46db3751d8e999.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}],[\"$\",\"link\",\"1\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/0759e90f4fecfde7.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}]],\"$L9\"],null],null],\"couldBeIntercepted\":false,\"initialHead\":[null,\"$La\"],\"globalErrorComponent\":\"$b\",\"missingSlots\":\"$Wc\"}]\n"])</script><script>self.__next_f.push([1,"d:I[4080,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"\"]\ne:I[8173,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"Image\"]\nf:I[7529,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n11:I[231,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"\"]\n12:I[7303,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n13:I[8521,[\"489\",\"static/chunks/app/template-d264bab5e3061841.js\"],\"default\"]\n14:I[5922,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"default\"]\n15:I[7182,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n16:I[4180,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"TealiumTagManager\"]\n10:Tdced,"])</script><script>self.__next_f.push([1,"{\"id\":\"mega-menu\",\"linkset\":{\"elements\":[{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}}],\"size\":87},\"elements\":[{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}}],\"size\":87,\"tree\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]}]}"])</script><script>self.__next_f.push([1,"9:[\"$\",\"html\",null,{\"lang\":\"en\",\"children\":[[\"$\",\"head\",null,{\"children\":[\"$\",\"$Ld\",null,{\"src\":\"/assets/javascript/uswds-init.min.js\",\"strategy\":\"beforeInteractive\"}]}],[\"$\",\"body\",null,{\"children\":[[[\"$\",\"a\",null,{\"className\":\"usa-skipnav\",\"href\":\"#main\",\"children\":\"Skip to main content\"}],[\"$\",\"section\",null,{\"className\":\"usa-banner\",\"aria-label\":\"Official website of the United States government\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-accordion\",\"children\":[[\"$\",\"header\",null,{\"className\":\"usa-banner__header\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-banner__inner\",\"children\":[[\"$\",\"div\",null,{\"className\":\"grid-col-auto\",\"children\":[\"$\",\"$Le\",null,{\"aria-hidden\":\"true\",\"className\":\"usa-banner__header-flag\",\"src\":\"/assets/img/us_flag_small.png\",\"alt\":\"\",\"width\":\"16\",\"height\":\"11\"}]}],[\"$\",\"div\",null,{\"className\":\"grid-col-fill tablet:grid-col-auto\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"p\",null,{\"className\":\"usa-banner__header-text\",\"children\":\"An official website of the United States government\"}],[\"$\",\"p\",null,{\"className\":\"usa-banner__header-action\",\"children\":\"Here's how you know\"}]]}],[\"$\",\"button\",null,{\"type\":\"button\",\"className\":\"usa-accordion__button usa-banner__button\",\"aria-expanded\":\"false\",\"aria-controls\":\"gov-banner-default-default\",\"children\":[\"$\",\"span\",null,{\"className\":\"usa-banner__button-text\",\"children\":\"Here's how you know\"}]}]]}]}],[\"$\",\"div\",null,{\"className\":\"usa-banner__content usa-accordion__content\",\"id\":\"gov-banner-default-default\",\"hidden\":true,\"children\":[\"$\",\"div\",null,{\"className\":\"grid-row grid-gap-lg\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-banner__guidance tablet:grid-col-6\",\"children\":[[\"$\",\"$Le\",null,{\"className\":\"usa-banner__icon usa-media-block__img\",\"src\":{\"src\":\"/_next/static/media/icon-dot-gov.3e9cb1b5.svg\",\"height\":64,\"width\":64,\"blurWidth\":0,\"blurHeight\":0},\"role\":\"img\",\"alt\":\"\",\"aria-hidden\":\"true\",\"width\":\"40\",\"height\":\"40\"}],[\"$\",\"div\",null,{\"className\":\"usa-media-block__body\",\"children\":[\"$\",\"p\",null,{\"children\":[[\"$\",\"strong\",null,{\"children\":\"Official websites use .gov\"}],[\"$\",\"br\",null,{}],\"A \",[\"$\",\"strong\",null,{\"children\":\".gov\"}],\" website belongs to an official government organization in the United States.\"]}]}]]}],[\"$\",\"div\",null,{\"className\":\"usa-banner__guidance tablet:grid-col-6\",\"children\":[[\"$\",\"$Le\",null,{\"className\":\"usa-banner__icon usa-media-block__img\",\"src\":{\"src\":\"/_next/static/media/icon-https.e7f1a222.svg\",\"height\":64,\"width\":64,\"blurWidth\":0,\"blurHeight\":0},\"role\":\"img\",\"alt\":\"\",\"aria-hidden\":\"true\",\"width\":\"40\",\"height\":\"40\"}],[\"$\",\"div\",null,{\"className\":\"usa-media-block__body\",\"children\":[\"$\",\"p\",null,{\"children\":[[\"$\",\"strong\",null,{\"children\":\"Secure .gov websites use HTTPS\"}],[\"$\",\"br\",null,{}],\"A \",[\"$\",\"strong\",null,{\"children\":\"lock\"}],\" (\",[\"$\",\"span\",null,{\"className\":\"icon-lock\",\"children\":[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":\"52\",\"height\":\"64\",\"viewBox\":\"0 0 52 64\",\"className\":\"usa-banner__lock-image\",\"role\":\"img\",\"aria-labelledby\":\"banner-lock-description-default\",\"focusable\":\"false\",\"children\":[[\"$\",\"title\",null,{\"id\":\"banner-lock-title-default\",\"children\":\"Lock\"}],[\"$\",\"desc\",null,{\"id\":\"banner-lock-description-default\",\"children\":\"Locked padlock icon\"}],[\"$\",\"path\",null,{\"fill\":\"#000000\",\"fillRule\":\"evenodd\",\"d\":\"M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z\"}]]}]}],\") or \",[\"$\",\"strong\",null,{\"children\":\"https://\"}],\" means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.\"]}]}]]}]]}]}]]}]}]],[\"$\",\"$Lf\",null,{\"value\":\"$10\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-overlay\"}],[\"$\",\"header\",null,{\"className\":\"usa-header usa-header--extended\",\"children\":[[\"$\",\"div\",null,{\"className\":\"bg-primary-dark\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-navbar\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-logo padding-y-4 padding-right-3\",\"id\":\"CyberGeek-logo\",\"children\":[\"$\",\"$L11\",null,{\"href\":\"/\",\"title\":\"CMS CyberGeek Home\",\"children\":[\"$\",\"$Le\",null,{\"src\":{\"src\":\"/_next/static/media/CyberGeek-logo.8e9bbd2b.svg\",\"height\":50,\"width\":425,\"blurWidth\":0,\"blurHeight\":0},\"alt\":\"CyberGeek logo\",\"width\":\"298\",\"height\":\"35\",\"priority\":true}]}]}],[\"$\",\"button\",null,{\"aria-label\":\"Open menu\",\"type\":\"button\",\"className\":\"usa-menu-btn\",\"data-cy\":\"menu-button\",\"children\":\"Menu\"}]]}]}],[\"$\",\"$L12\",null,{}]]}]]}],[\"$\",\"main\",null,{\"id\":\"main\",\"children\":[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L13\",null,{\"children\":[\"$\",\"$L8\",null,{}]}],\"templateStyles\":[],\"templateScripts\":[],\"notFound\":[\"$\",\"section\",null,{\"className\":\"hero hero--theme-content-not-found undefined\",\"children\":[[\"$\",\"$Le\",null,{\"alt\":\"404 page not found\",\"className\":\"hero__graphic\",\"priority\":true,\"src\":{\"src\":\"/_next/static/media/content-not-found-graphic.8f104f47.svg\",\"height\":551,\"width\":948,\"blurWidth\":0,\"blurHeight\":0}}],[\"$\",\"div\",null,{\"className\":\"maxw-widescreen margin-x-auto padding-x-2 desktop:padding-x-0 padding-top-4 padding-bottom-6 desktop:padding-y-7\",\"children\":[\"$\",\"div\",null,{\"className\":\"tablet:grid-container position-relative \",\"children\":[\"$\",\"div\",null,{\"className\":\"hero__row grid-row grid-gap\",\"children\":[[\"$\",\"div\",null,{\"className\":\"tablet:grid-col-5 widescreen:position-relative\",\"children\":[false,false]}],[\"$\",\"div\",null,{\"className\":\"hero__column tablet:grid-col-7 flow padding-bottom-2\",\"children\":[\"$undefined\",\"$undefined\",false,[\"$\",\"h1\",null,{\"className\":\"hero__heading margin-0 line-height-sans-3 desktop:line-height-sans-2\",\"children\":\"We can't find that page.\"}],\"$undefined\",\"$undefined\",false,[\"$\",\"div\",null,{\"children\":[[\"$\",\"div\",null,{\"className\":\"hero__description\",\"children\":[[\"The page you're looking for may have been moved or retired. You can\",\" \",[\"$\",\"$L11\",null,{\"href\":\"/\",\"children\":\"visit our home page\"}],\" or use the search box to find helpful resources.\"]]}],[\"$\",\"div\",null,{\"className\":\"margin-top-6 search-container\",\"children\":[\"$\",\"$L14\",null,{\"theme\":\"content-not-found\"}]}]]}],false]}],false,false]}]}]}]]}],\"notFoundStyles\":[]}]}],[\"$\",\"$L15\",null,{}],[\"$\",\"$L16\",null,{}],[\"$\",\"$Ld\",null,{\"src\":\"/assets/javascript/uswds.min.js\",\"strategy\":\"beforeInteractive\"}]]}]]}]\n"])</script><script>self.__next_f.push([1,"17:I[3055,[\"866\",\"static/chunks/e37a0b60-b74be3d42787b18d.js\",\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"904\",\"static/chunks/904-dbddf7494c3e6975.js\",\"549\",\"static/chunks/549-c87c1c3bbacc319f.js\",\"907\",\"static/chunks/app/policy-guidance/%5Bslug%5D/page-d95d3b4ebc8065f9.js\"],\"default\"]\n18:T3796b,"])</script><script>self.__next_f.push([1,"\u003cp\u003eThere are federal laws, regulations, and policies outside of CMS that shape how security and privacy is managed inside CMS. This page contains a comprehensive list of these external requirements, and shows how they relate to the security and privacy policies and guidance at CMS.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDISCLAIMER:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cem\u003eThe laws, regulations, standards, and guidelines provided herein are considered a work in progress and are subject to continuous updates. While we strive to ensure the accuracy and relevance of the information presented, it is important to note that legislative changes, regulatory updates, or evolving standards may impact the content provided. Users are encouraged to regularly check for the latest revisions and consult official sources to ensure compliance with the most current legal and regulatory requirements. The information offered is intended for general informational purposes only and should not be construed as legal advice. Any reliance on the content provided is at the user's own risk. We reserve the right to modify, amend, or update the information without prior notice.\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eQUESTIONS OR COMMENTS?\u003c/strong\u003e Check out CMS Slack channel:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://cmsgov.slack.com/archives/C06KFL4RSSC\"\u003e# cms_fed_laws_policies\u003c/a\u003e\u003c/p\u003e\u003ch2\u003eFederal Laws\u003c/h2\u003e\u003cp\u003eLaws are passed by both branches of Congress and signed by the President. Laws establish requirements or prohibitions. This list contains all federal laws that relate to information security and privacy at CMS.\u003c/p\u003e\u003ch3\u003eFISMA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.cisa.gov/topics/cyber-threats-and-advisories/federal-information-security-modernization-act\"\u003eFederal Information Security Modernization Act of 2014 (FISMA 2014\u003c/a\u003e)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eFederal legislation that defines a framework of guidelines and security standards to protect government information and operations\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eFISMA 2014 amends the FISMA of 2002\u003c/p\u003e\u003ch3\u003eThe Privacy Act of 1974\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.justice.gov/opcl/overview-privacy-act-1974-2020-edition/introduction\"\u003eThe Privacy Act of 1974\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eEstablishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Sep 1975\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eHIPAA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html\"\u003eHealth Insurance Portability and Accountability Act (HIPAA) of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eFederal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patients consent or knowledge\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eHHS issued the Privacy Rule and the Security Rule to implement the requirement of HIPAA\u003c/p\u003e\u003ch3\u003eE-Government Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.justice.gov/opcl/e-government-act-2002\"\u003eE-Government Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eImproves the management of Federal e-government services and processes involving the collection, maintenance, or dissemination of public or personal information\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eSection 208 requires Privacy Impact Assessments (PIAs)\u003c/p\u003e\u003ch3\u003eFedRAMP\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.fedramp.gov/program-basics/\"\u003eFederal Risk and Authorization Management Program (FedRAMP)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eA government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003e2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eJoint Authorization Board (JAB)\u003c/li\u003e\u003cli\u003eDepartment of Defense (DoD)\u003c/li\u003e\u003cli\u003eDepartment of Homeland Security (DHS)\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eComputer Matching and Privacy Protection Act of 1988\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.congress.gov/bill/100th-congress/senate-bill/496\"\u003eComputer Matching and Privacy Protection Act of 1988\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eRequires agencies engaged in computer matching activities to provide notice to individuals if their information is being disclosed to other federal and state agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eSep 1988\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eGovernment Accountability Office (GAO)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSection 508\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.section508.gov/manage/laws-and-policies/\"\u003eSection 508 of the Rehabilitation Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eA federal law that requires agencies to provide individuals with disabilities equal access to electronic information and data comparable to those who do not have disabilities, unless an undue burden would be imposed on the agency\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003e1988\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eU.S. Access Board\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eAmended in 2000\u003c/p\u003e\u003ch3\u003eHSPD-12\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.dhs.gov/homeland-security-presidential-directive-12\"\u003eHomeland Security Presidential Directive 12 (HSPD-12)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eA Government-wide standard for a secure and reliable form of identification issued by the Federal government to its employees and employees of Federal contractors for access to Federally-controlled facilities and Government information systems\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFASCSA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.congress.gov/bill/115th-congress/senate-bill/3085/text\"\u003eFederal Acquisition Supply Chain Security Act (FASCSA) of 2018\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eTo establish a Federal Acquisition Security Council and to provide executive agencies with authorities relating to mitigating supply chain risks in the procurement of information technology, and for other purposes\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eGovernment Accountability Office (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFITARA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.cio.gov/handbook/it-laws/fitara-2014/\"\u003eFederal Information Technology Acquisition Reform Act (FITARA) of 2014\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eStrengthens the role of agency Chief Information Officers (CIOs) and provided greater accountability for the delivery of IT capabilities across the Federal Government\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eOMB M-15-14 implements\u003c/p\u003e\u003ch3\u003eMMA of 2003\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.ssa.gov/privacy/pia/Medicare%20Modernization%20Act%20(MMA)%20FY07.htm\"\u003eMedicare Prescription Drug, Improvement, and Modernization Act (MMA) of 2003\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eAmended section 1144 of the Social Security Act to require the Commissioner of Social Security to conduct additional outreach efforts to identify individuals entitled to benefits, or enrolled under the Medicare program under Title XVIII, who may be eligible for transitional assistance under the Medicare Prescription Drug Discount Card Program and premium and cost-sharing subsidies under the Prescription Drug Card Part D Program\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Health and Human Services (HHS) - Centers for MEDICARE \u0026amp; MEDICAID Services (CMS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eBuy America Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.gao.gov/products/105519\"\u003eBuy America Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eRequires Federal agencies to procure domestic materials and products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApr 1978\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eGovernment Accountability Office (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eNo TikTok on Government Devices Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.congress.gov/bill/117th-congress/senate-bill/1143\"\u003eNo TikTok on Government Devices Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eRequires the social media video application TikTok to be removed from the information technology of federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFOIA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.foia.gov/\"\u003eFreedom of Information Act (FOIA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eProvides that any person has the right to request access to federal agency records or information except to the extent the records are protected from disclosure by any of nine exemptions contained in the law or by one of three special law enforcement record exclusions\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1967\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Justice (DOJ)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eIG Act of 1978\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.ignet.gov/content/inspector-general-act-1978\"\u003eInspectors General Act (IG Act) of 1978\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eCreates Inspector General positions and offices in more than a dozen specific departments and agencies. The Act gave these inspectors general the authority to review the internal documents of their departments or offices. They were given responsibility to investigate fraud, to give policy advice (5 U.S.C. § 404; IG Act, sec. 4), to handle certain complaints by employees, and to report to the heads of their agencies and to Congress on their activities every six months\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1978\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eDOTGOV Act of 2020\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.federalregister.gov/documents/2022/07/26/2022-15670/federal-management-regulation-fmr-internet-gov-domain\"\u003eDOTGOV Online Trust in Government Act of 2020\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eTransfers the DotGov internet domain program, as operated by the General Services Administration under title 41, Code of Federal Regulations, to DHS CISA. The Act also orders that on the date CISA begins operational administration of the DotGov internet domain program, the GSA Administrator shall rescind the requirements in part 102173 of title 41, Code of Federal Regulations applicable to any Federal, State, local, or territorial government entity, or other publicly controlled entity, including any Tribal government recognized by the Federal Government or a State government that is registering or operating a DotGov internet domain. Finally, the DOTGOV orders that in place of the requirements in part 102173 of title 41, Code of Federal Regulations, CISA, in consultation with the Director of Management and Budget (OMB), shall establish and publish a new set of requirements for the registration and operation of DotGov domains.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003ePart of the Consolidated Appropriations Act, 2021\u003c/p\u003e\u003ch3\u003eGovernment Performance and Results Act (GPRA) of 1993\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.federalreserve.gov/publications/gpra.htm\"\u003eGovernment Performance and Results Act (GPRA) of 1993\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to prepare a strategic plan covering a multiyear period and requires each agency to submit an annual performance plan and an annual performance report.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 1993\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Acquisition Streamlining Act (FASA) of 1994\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/103rd-congress/senate-bill/1587\"\u003eFederal Acquisition Streamlining Act (FASA) of 1994\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Streamlines the federal governments acquisition system and dramatically changes the way the government performs its contracting functions. Generally, the statute seeks to: (1) increase the governments reliance on commercial goods and services; (2) streamline the procurement process for high volume, low value acquisitions; (3) improve access by small businesses to government contracting opportunities; (4) improve the bid protest process; and (5) extend the Truth in Negotiations Act to civilian agencies and raise the threshold for submitting certified cost or pricing data under that Act.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1994\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePaperwork Reduction Act (PRA) of 1995\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/104th-congress/senate-bill/244\"\u003ePaperwork Reduction Act (PRA) of 1995\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires that agencies obtain Office of Management and Budget (OMB) approval before requesting most types of information from the public. “Information collections” include forms, interviews, and record keeping, to name a few categories.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 1995\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Financial Management Improvement Act of 1996\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/104th-congress/house-bill/4319\"\u003eFederal Financial Management Improvement Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Advances Federal financial management by ensuring that Federal financial management systems provide accurate, reliable, and timely financial management information to the governments managers.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eSep 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eClinger-Cohen Act of 1996\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/clinger-cohen-act/\"\u003eClinger-Cohen Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The IT Management Reform Act (ITMRA) and the Federal Acquisition Reform Act (FARA) together make up the Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Records Act (FRA) (Records Management Act of 1950)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://presidentialtransition.org/wp-content/uploads/sites/6/2020/11/Federal-Records-Act-Overview.pdf\"\u003eRecords Management Act of 1950 / Federal Records Act (FRA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Designed to ensure that institutional records of vital historical, fiscal and legal value are identified and preserved by the government, providing the public with a historical record of federal; decision-making.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1950\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eNational Archives and Records Administration (NARA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSection 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.acquisition.gov/Section-889-Policies\"\u003eSection 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prohibits the Federal Government from procuring or obtaining, or extending or renewing a contract to procure or obtain “any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system,” on or after August 13, 2019, unless an exception applies or a waiver is granted.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Defense (DoD)\u003c/li\u003e\u003cli\u003eNational Aeronautics and Space Administration (NASA)\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFITARA Enhancement Act of 2017\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/115th-congress/house-bill/3243\"\u003eFITARA Enhancement Act of 2017\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e An act to amend title 40, United States Code, to eliminate the sunset of certain provisions relating to information technology, to amend the National Defense Authorization Act for Fiscal Year 2015 to extend the sunset relating to the Federal Data Center Consolidation Initiative, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eMaking Electronic Government Accountable by Yielding Tangible Efficiencies (MEGABYTE) Act of 2016\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/114th-congress/house-bill/4904/text\"\u003eMaking Electronic Government Accountable by Yielding Tangible Efficiencies (MEGABYTE) Act of 2016\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the Director of the Office of Management and Budget to issue a directive on the management of software licenses by the US federal government.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eStrengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure (SECURE) Technology Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/115th-congress/house-bill/7327/text\"\u003eStrengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure (SECURE) Technology Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the Secretary of Homeland Security to establish a security vulnerability disclosure policy, to establish a bug bounty program for the Department of Homeland Security, to amend title 41, United States Code, to provide for Federal acquisition supply chain security, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eCommunications Act of 1934\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1288\"\u003eCommunications Act of 1934\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Combined and organized federal regulation of telephone, telegraph, and radio communications. The Act created the Federal Communications Commission (FCC) to oversee and regulate these industries. The Act is updated periodically to add provisions governing new communications technologies, such as broadcast, cable and satellite television.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJun 1934\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eFederal Communications Commission (FCC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eWorkforce Innovation and Opportunities Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.dol.gov/agencies/eta/wioa\"\u003eWorkforce Innovation and Opportunities Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Designed to strengthen and improve our nation's public workforce system and help get Americans, including youth and those with significant barriers to employment, into high-quality jobs and careers and help employers hire and retain skilled workers.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Labor (DOL)\u003c/li\u003e\u003cli\u003eDepartment of Education (ED)\u003c/li\u003e\u003cli\u003eDepartment of Health and Human Services (HHS)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eChildrens Online Privacy Protection Act (COPPA) of 1998\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa\"\u003eChildrens Online Privacy Protection Act (COPPA) of 1998\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApr 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eFederal Trade Commission (FTC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGovernment Paperwork Elimination Act of 1998\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/gpea/\"\u003eGovernment Paperwork Elimination Act of 1998\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e It requires Federal agencies, by October 21, 2003, to provide individuals or entities that deal with agencies the option to submit information or transact with the agency electronically, and to maintain records electronically, when practicable.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Property and Administrative Services Act of 1949\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/USCODE-2011-title40/html/USCODE-2011-title40-subtitleI-chap1.htm\"\u003eFederal Property and Administrative Services Act of 1949\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the General Services Administration (GSA). The act also provides for various Federal Standards to be published by the GSA.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1949\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eGeneral Services Administration (GSA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eInformation Quality Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/information-quality-act/\"\u003eInformation Quality Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the OMB to promulgate guidance to agencies ensuring the quality, objectivity, utility, and integrity of information (including statistical information) disseminated by Federal agencies.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSmall Business Paperwork Relief Act of 2002\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.sba.gov/document/policy-guidance--small-business-paperwork-relief-act-2002\"\u003eSmall Business Paperwork Relief Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Institutes a process to reduce paperwork, and introduces measures to make it easier for small businesses to comply with the law.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJun 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eCyber Security Research and Development Act of 2002\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/107th-congress/house-bill/3394\"\u003eCyber Security Research and Development Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Authorizes appropriations to the National Science Foundation (NSF) and to the Secretary of Commerce for the National Institute of Standards and Technology (NIST) to establish new programs, and to increase funding for certain current programs, for computer and network security (CNS) research and development and CNS research fellowships.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eNational Science Foundation (NSF)\u003c/li\u003e\u003cli\u003eNational Institute of Standards and Technology (NIST)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eImplementing Recommendations of the 9/11 Commission Act of 2007\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/110th-congress/house-bill/1\"\u003eImplementing Recommendations of the 9/11 Commission Act of 2007\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides for implementation of recommendations of the National Commission on Terrorist Attacks Upon the United States (9/11 Commission).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Cybersecurity Workforce Assessment Act (FCWAA) of 2015\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/113/plaws/publ246/PLAW-113publ246.pdf\"\u003eFederal Cybersecurity Workforce Assessment Act (FCWAA) of 2015\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the Secretary of Homeland Security to assess the cybersecurity workforce of the Department of Homeland Security and develop a comprehensive workforce strategy, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eWhistleblower Protection Act of 1989\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/101st-congress/senate-bill/20\"\u003eWhistleblower Protection Act of 1989\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prohibits retaliation against most executive branch employees when they blow the whistle on \u0026nbsp;ignificant agency wrongdoing or when they engage in protected conduct.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApr 1989\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Special Counsel\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eComputer Security Act of 1987\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/100th-congress/house-bill/145/all-info\"\u003eComputer Security Act of 1987\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides for a computer standards program within the National Bureau of Standards, to provide for Government-wide computer security, and to provide for the training in security matters of persons who are involved in the management, operation, and use of Federal computer systems, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJan 1988\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eNational Institute of Standards and Technology (NIST)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eOffice of Federal Procurement Policy Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/omb/management/office-federal-procurement-policy/\"\u003eOffice of Federal Procurement Policy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The Office of Federal Procurement Policy (OFPP) was established by Congress in 1974 to provide overall direction for government-wide procurement policies, regulations and procedures and to promote economy, efficiency, and effectiveness in acquisition processes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Aug 1974\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Activities Inventory Reform (FAIR) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/105/plaws/publ270/PLAW-105publ270.pdf\"\u003eFederal Activities Inventory Reform (FAIR) Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to submit to the Office of Management and Budget inventories of commercial activities performed by federal employees every year by June 30.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Oct 1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eBudget and Accounting Act of 1921\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/D03855.pdf\"\u003eBudget and Accounting Act of 1921\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides a national budget system and an independent audit of Government accounts, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jun 1921\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Managers' Financial Integrity Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/omb/financial_fmfia1982\"\u003eFederal Managers Financial Integrity Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the statutory basis for managements responsibility for and assessment of accounting and administrative internal controls. Such controls include program, operational, and administrative areas, as well as accounting and financial management.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Sep 1982\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSarbanes-Oxley Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://sarbanes-oxley-act.com/\"\u003eSarbanes-Oxley Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Contains provisions affecting corporate governance, risk management, auditing, and financial reporting of public companies, including provisions intended to deter and punish corporate accounting fraud and corruption.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jul 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003ePublic Company Accounting Oversight Board (PCAOB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eDigital Accountability and Transparency Act (DATA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/113/plaws/publ101/PLAW-113publ101.pdf\"\u003eDigital Accountability and Transparency Act (DATA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to prepare and submit standardized, accurate information about their spending.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e May 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eDepartment of Treasury\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eElectronic Signatures in Global and National Commerce (E-Sign) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/PLAW-106publ229/pdf/PLAW-106publ229.pdf\"\u003eElectronic Signatures in Global and National Commerce (E-Sign) Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Facilitates the use of electronic records and signatures in interstate or foreign commerce.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jun 2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Commerce\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eSpecifies that, in the United States, the use of an electronic signature (e-signature) is as legally valid as a traditional signature written in ink on paper.\u003c/p\u003e\u003ch3\u003eChief Financial Officers Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/cfo-act/\"\u003eChief Financial Officers Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Gives OMB new authority and responsibility for directing federal financial management, modernizing the governments financial management systems, and strengthening financial reporting.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 1990\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eHomeland Security Act of 2002\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.dhs.gov/homeland-security-act-2002\"\u003eHomeland Security Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Established the Department of Homeland Security\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eHealth Information Technology for Economic and Clinical Health (HITECH) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html\"\u003eHITECH Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Part of the American Recovery and Reinvestment Act of 2009 that incentivized the meaningful use of Electronic Health Records (EHRs) and strengthened the privacy and security provisions of HIPAA.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Health and Human Services (HHS)\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePatient Protection and Affordable Care Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/3590\"\u003ePatient Protection and Affordable Care Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensures that all Americans have access to quality, affordable health care and will create the transformation within the health care system necessary to contain costs.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMar 2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGovernment Performance and Results Act (GPRA) Modernization Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/111/plaws/publ352/PLAW-111publ352.pdf\"\u003eGovernment Performance and Results Act (GPRA) Modernization Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e An amended version of the Government Performance and Results Act of 1993, it requires each executive agency to make its strategic plan available on its public website and to the OMB on the first Monday in February of any year following that in which the term of the President commences and to notify the President and Congress.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJan 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGenetic Information Nondiscrimination Act (GINA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/PLAW-110publ233/pdf/PLAW-110publ233.pdf\"\u003eGenetic Information Nondiscrimination Act (GINA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Protects individuals against discrimination based on their genetic information in health coverage and in employment.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eEconomy Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.acquisition.gov/node/29803/printable/pdf\"\u003eEconomy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Authorizes agencies to enter into agreements to obtain \u003cem\u003esupplies\u003c/em\u003e or services from another agency.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 1933\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Federal Acquistition Regulations (FAR)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eIPERIA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/112/plaws/publ248/PLAW-112publ248.pdf\"\u003eImproper Payments Elimination and Recovery Improvement Act (IPERIA) of 2012\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides guidance on monitoring and reporting improper payments, and requires agencies to continue their review of programs and activities annually to identify those susceptible to significant improper payments and updates the definition of significant improper payments.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJan 2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eAntideficiency Act (ADA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/legal/appropriations-law/resources\"\u003eAntideficiency Act (ADA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prohibits federal agencies from obligating or expending federal funds in advance or in excess of an appropriation, and from accepting voluntary services.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eSep 1982\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Government Accountability Offices (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eBudget Control Act of 2011\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/112/plaws/publ25/PLAW-112publ25.pdf\"\u003eBudget Control Act of 2011\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Amends the Balanced Budget and Emergency Deficit Control Act of 1985 (Gramm-Rudman-Hollings Act) to revise sequestration requirements for enforcement of discretionary spending limits (spending caps).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Activities Inventory Reform (FAIR) Act of 1998\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/105/plaws/publ270/PLAW-105publ270.pdf\"\u003eFederal Activities Inventory Reform (FAIR) Act of 1998\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to submit to the Office of Management and Budget inventories of commercial activities performed by federal employees every year by June 30.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eTelework Enhancement Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/1722/text\"\u003eTelework Enhancement Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the head of each executive agency to: (1) establish a policy under which eligible agency employees may be authorized to telework; (2) determine employee eligibility to participate in telework; and (3) notify all employees of their eligibility to telework.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Personnel Management (OPM)\u003c/li\u003e\u003cli\u003eFederal Emergency Management Agency (FEMA)\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eNational Archives and Records Administration (NARA)\u003c/li\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eDepartment of Homeland Security (DHS)\u003c/li\u003e\u003cli\u003eNational Institute of Standards and Technology (NIST)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePlain Writing Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/PLAW-111publ274/pdf/PLAW-111publ274.pdf\"\u003ePlain Writing Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the effectiveness and accountability of Federal agencies to the public by promoting clear Government communication that the public can understand and use.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eConsolidated Appropriations Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/111/plaws/publ117/PLAW-111publ117.pdf\"\u003eConsolidated Appropriations Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e An act making appropriations for the Departments of Transportation, and Housing and Urban Development, and related agencies for the fiscal year ending September 30, 2010, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Dec 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/3288\"\u003eMultiple agencies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e Many agencies oversee the guidance for this Act\u003c/p\u003e\u003ch3\u003eAmerican Recovery and Reinvestment Act of 2009\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/1/text\"\u003eAmerican Recovery and Reinvestment Act of 2009\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Developed in response to the Great Recession, the primary objective of this federal statute was to save existing jobs and create new ones as soon as possible. Other objectives were to provide temporary relief programs for those most affected by the recession and invest in infrastructure, education, health, and renewable energy.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/1\"\u003eMultiple agencies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e Many agencies oversee the guidance for this Act\u003c/p\u003e\u003ch3\u003eProject BioShield Act of 2004\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/108th-congress/senate-bill/15/text\"\u003eProject BioShield Act of 2004\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Project BioShield was established to help incentivize private industry to develop vitally needed medical countermeasures by providing multi-year funding to support advanced research, clinical development, manufacture and procurement.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003ePublic Health Service Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.ssa.gov/policy/docs/ssb/v7n8/v7n8p15.pdf\"\u003ePublic Health Service Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Consolidates and revises the laws relating to the Public Health Service.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1944\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003eIntelligence Reform and Terrorism Prevention Act of 2004\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/108th-congress/senate-bill/2845/text\"\u003eIntelligence Reform and Terrorism Prevention Act of 2004\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Reforms the intelligence community and the intelligence and intelligence-related activities of the United States Government, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003eElectronic Freedom of Information Act Amendments of 1996\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/104/plaws/publ231/PLAW-104publ231.htm\"\u003eElectronic Freedom of Information Act Amendments of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The Freedom of Information Act (FOIA) established the public's right of access to government information, on the basis of openness and accountability. The 1996 Electronic Freedom of Information Act (e-FOIA) Amendments extended these principles to include electronic access to information.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Oct 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Justice (DoJ)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003eClarifying Lawful Overseas Use of Data (CLOUD) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2022/07/06/2022-14320/office-of-the-attorney-general-clarifying-lawful-overseas-use-of-data-act-attorney-general\"\u003eClarifying Lawful Overseas Use of Data (CLOUD) Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Lifts certain restrictions under U.S. law on companies disclosing electronic data, in response to qualifying, lawful orders in investigations of serious crime, directly to a qualifying foreign government with which the United States has entered into an executive agreement governing access by the foreign government to covered data.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jul 2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Justice (DoJ)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eFederal Regulations\u003c/h2\u003e\u003cp\u003eRegulations are published by executive branch agencies to clarify their interpretation of a law and how a law will be implemented. Regulations also state requirements or prohibitions. This list contains all federal regulations that relate to information security and privacy at CMS.\u003c/p\u003e\u003ch3\u003eB.O.D. 18-01\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/news-events/directives/bod-18-01-enhance-email-and-web-security\"\u003eBinding Operational Directive (B.O.D) 18-01: Enhance Email and Web Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Enhances the security of federal agencies' email and web systems to protect against cyber threats. The directive outlines specific actions that federal agencies must take to improve their email and web security posture, including implementing specific security protocols, enhancing monitoring capabilities, and strengthening authentication mechanisms.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Oct 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eB.O.D. 18-02\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.cisa.gov/news-events/directives/bod-18-02-securing-high-value-assets\"\u003eBinding Operation Directive (B.O.D.) 18-02 - Security High Value Assets (HVAs)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eEnhances the Department of Homeland Security's coordinated approach to securing the federal governments HVAs from cybersecurity threats\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eFISMA 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eB.O.D. 20-01\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/news-events/directives/bod-20-01-develop-and-publish-vulnerability-disclosure-policy\"\u003eBinding Operation Directive (B.O.D) 20-01: Develop and Publish a Vulnerability Disclosure Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires each agency to develop and publish a vulnerability disclosure policy (VDP) and maintain supporting handling procedures.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Sep 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law:\u003c/strong\u003e OMB M-20-32\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.D. 19-01\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/news-events/directives/ed-19-01-mitigate-dns-infrastructure-tampering\"\u003eEmergency Directive (E.D.) 19-01: Mitigate DNS Infrastructure Tampering\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires agencies take near-term actions to mitigate risks from undiscovered tampering, enable agencies to prevent illegitimate DNS activity for their domains, and detect unauthorized certificates.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jan 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law:\u003c/strong\u003e Homeland Security Act of 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eThe Privacy Rule\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html\"\u003eThe Privacy Rule\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eAssures that individuals' health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well being\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eHIPAA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Health and Human Services (DHHS or HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eRegulation that implements HIPAA requirements\u003c/p\u003e\u003ch3\u003eThe Security Rule\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html\"\u003eThe Security Rule\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eEstablishes standards and safeguards for the secure handling of electronic protected health information (ePHI) by healthcare entities, aiming to ensure the confidentiality, integrity, and availability of sensitive health data\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eHIPAA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Health and Human Services (DHHS or HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eRegulation that implements HIPAA requirements\u003c/p\u003e\u003ch3\u003eFAR\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.acquisition.gov/sites/default/files/current/far/pdf/FAR.pdf\"\u003eFederal Acquisition Regulation (FAR)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003ePrimary regulation for use by all executive agencies in their acquisition of supplies and services with appropriated funds\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApril 1984\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eCompetition in Contracting Act of 1984 - FAR: Title 48 of the Code of Federal Regulations (CFR).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eGeneral Services Administration (GSA), Department of \u0026nbsp;Defense (DOD), \u0026amp; National Aeronautics and Space Administration (NASA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Accounting Standards Advisory Board (FASAB)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://fasab.gov/accounting-standards/\"\u003eFederal Accounting Standards Advisory Board (FASAB)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Primary regulation for use by all executive agencies in their acquisition of supplies and services with appropriated funds\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1990\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eCompetition in Contracting Act of 1984 - FAR: Title 48 of the Code of Federal Regulations (CFR).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Treasury, Office of Management and Budget (OMB), \u0026amp; Government Accountability Office (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eFederal Information Processing Standards (FIPS) Publications\u003c/h2\u003e\u003cp\u003eFederal Information Processing Standards (FIPS) are standards and guidelines for federal computer systems that are developed by \u003ca href=\"https://security.cms.gov/learn/national-institute-standards-and-technology-nist\"\u003eNational Institute of Standards and Technology (NIST)\u003c/a\u003e in accordance with the \u003ca href=\"https://security.cms.gov/learn/federal-information-security-modernization-act-fisma\"\u003eFederal Information Security Management Act (FISMA)\u003c/a\u003e and approved by the Secretary of Commerce.\u003c/p\u003e\u003cp\u003eFIPS Standards can be viewed and downloaded from the NIST Computer Security Resource Center (CSRC) website here: \u003ca href=\"https://csrc.nist.gov/publications/fips\"\u003eFIPS publications\u003c/a\u003e\u003c/p\u003e\u003cp\u003eAnswers to Frequently Asked Questions about FIPS can be found on the NIST website here: \u003ca href=\"https://www.nist.gov/standardsgov/compliance-faqs-federal-information-processing-standards-fips\"\u003eFIPS FAQs\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThis list contains all FIPS publications that relate to information security and privacy at CMS.\u003c/p\u003e\u003ch3\u003eFIPS-202\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/202/final\"\u003eSHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e8/4/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 201-3\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/201-3/final\"\u003ePersonal Identity Verification (PIV) of Federal Employees and Contractors\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e1/24/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 200\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/200/final\"\u003eMinimum Security Requirements for Federal Information and Information Systems\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e3/1/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 199\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/199/final\"\u003eStandards for Security Categorization of Federal Information and Information Systems\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e2/1/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 198-1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/198-1/final\"\u003eThe Keyed-Hash Message Authentication Code (HMAC)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e7/16/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 197\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/197/final\"\u003eAdvanced Encryption Standard (AES)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e5/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 186-5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/186-5/final\"\u003eDigital Signature Standard (DSS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e2/13/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 180-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/180-4/upd1/final\"\u003eSecure Hash Standard (SHS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e8/4/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 140-3\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/140-3/final\"\u003eSecurity Requirements for Cryptographic Modules\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e3/22/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eNIST S.P. Guidelines\u003c/h2\u003e\u003cp\u003eFIPS Publications may reference specific NIST Special Publications (S.P.) guidelines (SP800) and/or practices (SP1800), in which that guideline or practice becomes a governance policy for CMS FISMA systems.\u003c/p\u003e\u003cp\u003eAll NIST Special Publications (SP 500, SP800 and SP1800) can be viewed and downloaded from the NIST Computer Security Resource Center (CSRC) website here: \u003ca href=\"https://csrc.nist.gov/publications/sp\"\u003eNIST S.P. list\u003c/a\u003e\u003c/p\u003e\u003cp\u003eNIST S.P. descriptions can be found on the NIST website here: \u003ca href=\"https://www.nist.gov/nist-research-library/nist-special-publication-subseries-descriptions\"\u003eNIST S.P. descriptions\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThe following list consists of NIST S.P.s that are CMS FISMA governance policy by way of FIPS references.\u003c/p\u003e\u003ch3\u003e500-267A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-267Ar1.pdf\"\u003eNIST IPv6 Profile\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e500-267B\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-267Br1.pdf\"\u003eUSGv6 Profile\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e500-281A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=929798\"\u003eUSGv6 Test Program Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e500-281B\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-281Br1.pdf\"\u003eUSGv6 Test Methods: General Description and Validation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-16\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/16/final\"\u003eInformation Technology Security Training Requirements: a Role- and Performance-Based Model\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-18 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/18/r1/final\"\u003eGuide for Developing Security Plans for Federal Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 200\u003c/p\u003e\u003ch3\u003e800-30\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/30/r1/final\"\u003eGuide for Conducting Risk Assessments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-34\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://www.nist.gov/privacy-framework/nist-sp-800-34\"\u003eContingency Planning Guide for Federal Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-37 Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/37/r2/final\"\u003eRisk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-38 (A-G)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/publications/sp800\"\u003eRecommendation for Block Cipher Modes: *\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 197\u003c/p\u003e\u003ch3\u003e800-39\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/39/final\"\u003eManaging Information Security Risk: Organization, Mission, and Information System View\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-40\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/40/r4/final\"\u003eGuide to Enterprise Patch Management Planning: Preventive Maintenance for Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-41\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/41/r1/final\"\u003eGuidelines on Firewalls and Firewall Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-46\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/46/r2/final\"\u003eGuide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-50\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/50/final\"\u003eBuilding an Information Technology Security Awareness and Training Program\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-51\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/51/r1/final\"\u003eGuide to Using Vulnerability Naming Schemes\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-52\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/52/r2/final\"\u003eGuidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-53 Rev. 5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final\"\u003eSecurity and Privacy Controls for Information Systems and Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-53A Rev. 5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/a/r5/final\"\u003eAssessing Security and Privacy Controls in Information Systems and\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/a/r5/final\"\u003eOrganizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-56A\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/56/a/r3/final\"\u003eRecommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-56B Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/56/b/r2/final\"\u003eRecommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-57 Part 1 Rev. 5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/57/pt1/r5/final\"\u003eRecommendation for Key Management - Part 1: General\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-57 Part 3 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/57/pt3/r1/final\"\u003eRecommendation for Key Management, Part 3: Application-Specific Key Management Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-59\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/59/final\"\u003eGuideline for Identifying an Information System as a National Security System\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-60 Vol. 1 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/60/v1/r1/final\"\u003eGuide for Mapping Types of Information and Information Systems to Security Categories\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 200\u003c/p\u003e\u003ch3\u003e800-61\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/61/r2/final\"\u003eComputer Security Incident Handling Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-63-3\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\"\u003eDigital Identity Guidelines\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-63A\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/a/upd2/final\"\u003eDigital Identity Guidelines: Enrollment and Identity Proofing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-63B\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/b/upd2/final\"\u003eDigital Identity Guidelines: Authentication and Lifecycle Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-63C\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/c/upd2/final\"\u003eDigital Identity Guidelines: Federation and Assertions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-70\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/70/r4/final\"\u003eNational Checklist Program for IT Products: Guidelines for Checklist Users and Developers\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-73-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/73/4/upd1/final\"\u003eInterfaces for Personal Identity Verification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-76-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/76/2/final\"\u003eBiometric Specifications for Personal Identity Verification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-78-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/78/4/final\"\u003eCryptographic Algorithms and Key Sizes for Personal Identity Verification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-79-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/79/2/final\"\u003eGuidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-81\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/81/2/final\"\u003eSecure Domain Name System (DNS) Deployment Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-85A-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/85/a/4/final\"\u003ePIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-87 Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/87/r2/final\"\u003eCodes for Identification of Federal and Federally-Assisted Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-88\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/88/r1/final\"\u003eGuidelines for Media Sanitization\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-89\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/89/final\"\u003eRecommendation for Obtaining Assurances for Digital Signature\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://csrc.nist.gov/pubs/sp/800/89/final\"\u003eApplications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-90A Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/90/a/r1/final\"\u003eRecommendation for Random Number Generation Using Deterministic Random Bit Generators\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-94\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/94/final\"\u003eGuide to Intrusion Detection and Prevention Systems (IDPS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-96\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/96/final\"\u003ePIV Card to Reader Interoperability Guidelines\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-97\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/97/final\"\u003eEstablishing Wireless Robust Security Networks: A Guide to IEEE 802.11i\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-102\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/102/final\"\u003eRecommendation for Digital Signature Timeliness\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-107\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/107/r1/final\"\u003eRecommendation for Applications Using Approved Hash Algorithms\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003cli\u003eFIPS 202\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-111\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/111/final\"\u003eGuide to Storage Encryption Technologies for End User Devices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 197\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-115\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/115/final\"\u003eTechnical Guide to Information Security Testing and Assessment\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-116 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/116/r1/final\"\u003eGuidelines for the Use of PIV Credentials in Facility Access\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-119\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/119/final\"\u003eGuidelines for the Secure Deployment of IPv6\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-122\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/122/final\"\u003eGuide to Protecting the Confidentiality of Personally Identifiable Information (PII)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-124\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/124/r2/final\"\u003eGuidelines for Managing the Security of Mobile Devices in the Enterprise\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-126\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/126/r3/final\"\u003eThe Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-128\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/128/upd1/final\"\u003eGuide for Security-Focused Configuration Management of Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-131A Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/131/a/r2/final\"\u003eTransitioning the Use of Cryptographic Algorithms and Key Lengths\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-133 Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/133/r2/final\"\u003eRecommendation for Cryptographic Key Generation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 197\u003c/p\u003e\u003ch3\u003e800-137\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/137/final\"\u003eInformation Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-140\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/final\"\u003eFIPS 140-3 Derived Test Requirements (DTR): CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/a/final\"\u003eCMVP Documentation Requirements: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140B Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/b/r1/final\"\u003eCryptographic Module Validation Program (CMVP) Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140C Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/c/r2/final\"\u003eCryptographic Module Validation Program (CMVP)-Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140D Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/d/r2/final\"\u003eCryptographic Module Validation Program (CMVP)-Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140E\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/e/final\"\u003eCMVP Approved Authentication Mechanisms: CMVP Validation Authority Requirements for ISO/IEC 19790 Annex E and ISO/IEC 24579 Section 6.17\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140F\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/f/final\"\u003eCMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-144\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/144/final\"\u003eGuidelines on Security and Privacy in Public Cloud Computing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-145\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/145/final\"\u003eThe NIST Definition of Cloud Computing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-152\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/152/final\"\u003eA Profile for U.S. Federal Cryptographic Key Management Systems (CKMS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 197\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-153\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/153/final\"\u003eGuidelines for Securing Wireless Local Area Networks (WLANs)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-156\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/156/final\"\u003eRepresentation of PIV Chain-of-Trust for Import and Export\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-157\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/157/final\"\u003eGuidelines for Derived Personal Identity Verification (PIV) Credentials\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-157\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/157/final\"\u003eGuidelines for Derived Personal Identity Verification (PIV) Credentials\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-163\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/163/r1/final\"\u003eVetting the Security of Mobile Applications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-167\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/167/final\"\u003eGuide to Application Whitelisting\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-171\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final\"\u003eProtecting Controlled Unclassified Information in Nonfederal Systems and Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-175A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/175/a/final\"\u003eGuideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-175B\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/175/b/r1/final\"\u003eGuideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 197\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 202\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-177\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/177/r1/final\"\u003eTrustworthy Email\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-181\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/181/r1/final\"\u003eWorkforce Framework for Cybersecurity (NICE Framework)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-186\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/186/final\"\u003eRecommendations for Discrete-Logarithm Based Cryptography: Elliptic Curve Domain Parameters\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 186\u003c/p\u003e\u003ch3\u003e800-207\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/207/final\"\u003eZero Trust Architecture\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-217\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/217/ipd\"\u003eGuidelines for the Use of Personal Identity Verification (PIV) Credentials with Federation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-219\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/219/r1/final\"\u003eAutomated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eExecutive Orders (E.O.)\u003c/h2\u003e\u003cp\u003eAn Executive Order (E.O.) is a signed, written, and published directive from the President of the United States that manages operations of the federal government. They are numbered consecutively, so executive orders may be referenced by their assigned number, or their topic. This list contains all E.O.s that relate to information security and privacy.\u003c/p\u003e\u003ch3\u003eE.O 9397\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.ssa.gov/foia/html/EO9397.htm\"\u003eNumbering System for Federal Accounts Relating to Individual Persons\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes a centralized numbering system for federal accounts relating to individual persons in the United States.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e November 30, 1943\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Social Security Administration (SSA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 11609\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.archives.gov/federal-register/codification/executive-order/11609.html\"\u003eDelegating certain functions vested in the President to other officers of the Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Grants certain, presidential authorities to the GSA without approval, ratification, or other action of the President.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 22, 1971\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e General Services Administration (GSA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13011\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/CFR-1997-title3-vol1/html/CFR-1997-title3-vol1-eo13011.htm\"\u003eFederal Information Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Aimed to improve the management and utilization of IT resources across federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 16, 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eDHS\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eE.O 13381\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2005/06/30/05-13098/strengthening-processes-relating-to-determining-eligibility-for-access-to-classified-national\"\u003eStrengthening Processes Relating to Determining Eligibility for Access to Classified National Security Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Assists in determining eligibility for access to classified national security information, while taking appropriate account of title III of Public Law 108-458\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jun 2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13402\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2006/05/15/06-4552/strengthening-federal-efforts-to-protect-against-identity-theft\"\u003eStrengthening Federal Efforts To Protect Against Identity Theft\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Strengthens efforts to protect against identity theft\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13439\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2007/07/20/07-3593/establishing-an-interagency-working-group-on-import-safety\"\u003eEstablishing an Interagency Working Group on Import Safety\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensures that the executive branch takes all appropriate steps to promote the safety of imported products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jul 2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e HHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13520\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/executive-order-reducing-improper-payments\"\u003eReducing Improper Payments and Eliminating Waste in Federal Programs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Reduces payment errors and eliminating waste, fraud, and abuse in Federal programs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Nov 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13526\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.archives.gov/isoo/policy-documents/cnsi-eo.html\"\u003eClassified National Security Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prescribes a uniform system for classifying, safeguarding, and declassifying national security information, including information relating to defense against transnational terrorism\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Dec 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Information Security Oversight Office\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13556\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.commerce.gov/sites/default/files/2022-02/Controlled-Unclassified-Information-Policy.pdf\"\u003eControlled Unclassified Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes an open and uniform program for managing unclassified information requiring safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Aug 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e National Archives \u0026amp; Records Administration (NARA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13571\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/04/27/executive-order-13571-streamlining-service-delivery-and-improving-custom\"\u003eStreamlining Service Delivery and Improving Customer Service\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the quality of service to the public by the Federal Government\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Apr 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13576\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/06/13/executive-order-13576-delivering-efficient-effective-and-accountable-gov\"\u003eDelivering an Efficient, Effective, and Accountable Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Aims to cut waste, streamline Government operations, and reinforce the performance and management reform gains the Obama Administration has achieved\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jun 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13583\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/08/18/executive-order-13583-establishing-coordinated-government-wide-initiativ\"\u003eEstablishing a Coordinated Government-wide Initiative to Promote Diversity and Inclusion in the Federal Workforce\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Promotes the Federal workplace as a model of equal opportunity, diversity, and inclusion\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Aug 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOPM\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003ePresidents Management Council (PMC)\u003c/li\u003e\u003cli\u003eEqual Employment Opportunity Commission (EEOC)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13589\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/11/09/executive-order-13589-promoting-efficient-spending\"\u003ePromoting Efficient Spending\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Further promote efficient spending in the Federal Government\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Nov 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13636\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity\"\u003eImproving Critical Infrastructure Cybersecurity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Designed to increase the level of core capabilities for our critical infrastructure to manage cyber risk. It does this by focusing on three key areas: (1) information sharing, (2) privacy, and (3) the adoption of cybersecurity practices.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 12, 2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eDHS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13642\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/01/31/executive-order-13564-presidents-council-jobs-and-competitiveness\"\u003eThe President's Council on Jobs and Competitiveness\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Aims to strengthen the Nation's economy and ensure the competitiveness of the United States and to create jobs, opportunity, and prosperity for the American people by ensuring the availability of non partisan advice to the President from participants in and experts on the economy\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jan 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Department of Treasury\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13681\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2014/10/17/executive-order-improving-security-consumer-financial-transactions\"\u003eImproving the Security of Consumer Financial Transactions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the security of consumer financial transactions in both the private and public sectors\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e October 17, 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Treasury\u003c/li\u003e\u003cli\u003eDepartment of Justice\u003c/li\u003e\u003cli\u003eDepartment of Commerce\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eSocial Security Administration (SSA)\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC)\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003eDHS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13719\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2016/02/09/executive-order-establishment-federal-privacy-council\"\u003eEstablishment of the Federal Privacy Council\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The Federal Privacy Council is the principal interagency forum to improve the privacy practices of agencies and entities acting on their behalf.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 9, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Federal Privacy Council (FPC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13800\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/topics/cybersecurity-best-practices/executive-order-strengthening-cybersecurity-federal-networks-and-critical-infrastructure\"\u003eStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Modernizes federal information technology infrastructure, working with state and local government and private sector partners to more fully secure critical infrastructure, and collaborating with foreign allies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 11, 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13833\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2018/05/18/2018-10855/enhancing-the-effectiveness-of-agency-chief-information-officers\"\u003eEnhancing the Effectiveness of Agency Chief Information Officers\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Strengthens the role and responsibilities of Chief Information Officers (CIOs) within federal agencies to improve the efficiency and effectiveness of IT management\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 15, 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13834\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2018/05/22/2018-11101/efficient-federal-operations\"\u003eEfficient Federal Operations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the efficiency, effectiveness, and accountability of federal agencies in managing their operations and resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 17, 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13859\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2019/02/14/2019-02544/maintaining-american-leadership-in-artificial-intelligence\"\u003eMaintaining American Leadership in Artificial Intelligence\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Identifies five key lines of effort, including increasing AI research investment, unleashing Federal AI computing and data resources, setting AI technical standards, building Americas AI workforce, and engaging with international allies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Feb 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e National AI Initiative Office\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eTo oversee and implement the U.S. national AI strategy, the White House established the National Artificial Intelligence Initiative Office in early January 2021, in accordance with the National AI Initiative Act of 2020 (still a bill as of Feb 2024)\u003c/p\u003e\u003ch3\u003eE.O 13873\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2019/05/17/2019-10538/securing-the-information-and-communications-technology-and-services-supply-chain\"\u003eSecuring the Information and Communications Technology and Services Supply Chain\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Strengthens efforts to prevent foreign adversaries from exploiting vulnerabilities in the ICT supply chain and protect the vast amount of sensitive information being stored in and communicated through ICT products and services\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Commerce\u003c/li\u003e\u003cli\u003eCISA\u003c/li\u003e\u003cli\u003eICT SCRM Task Force\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13960\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2020/12/08/2020-27065/promoting-the-use-of-trustworthy-artificial-intelligence-in-the-federal-government\"\u003ePromoting the Use of Trustworthy Artificial Intelligence in the Federal Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes principles for the use of AI in the Federal Government, establishes a common policy for implementing the principles, directs agencies to catalogue their AI use cases\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e December 3, 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 14028\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity\"\u003eImproving the Nation's Cybersecurity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Charges multiple agencies, including NIST, with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e NIST\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 14034\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2021/06/11/2021-12506/protecting-americans-sensitive-data-from-foreign-adversaries\"\u003eProtecting Americans' Sensitive Data From Foreign Adversaries\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires government agencies to issue regulations that prohibit, or otherwise restrict, certain categories of data transactions that pose an unacceptable risk to national security.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e June 2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003eDepartment of Justice\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 14110\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://crsreports.congress.gov/product/pdf/R/R47843\"\u003eSafe, Secure, and Trustworthy Development and Use of Artificial Intelligence\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes a government-wide effort to guide responsible artificial intelligence (AI) development and deployment through federal agency leadership, regulation of industry, and engagement with\u003cbr\u003einternational partners\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e October 30, 2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eOffice of Science and Technology Policy (OSTP)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eGovernment Accountability Office (GAO) and GAO Accounting and Information Management Division (AIMD)\u003c/h2\u003e\u003cp\u003eThe U.S. Government Accountability Office (GAO) provides Congress, the heads of executive agencies, and the public with timely, fact-based, non-partisan information that can be used to improve government and save taxpayers billions of dollars. The GAO reports provide findings from their audits.\u003c/p\u003e\u003ch3\u003eAIMD-10.1.13\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/aimd-10.1.13.pdf\"\u003eAssessing Risks and Returns: A Guide for Evaluating Federal Agencies IT Investment Decision-making\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 3, 1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePaperwork Reduction Act (PRA)\u003c/li\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eGovernment Performance and Results Act (GPRA)\u003c/li\u003e\u003cli\u003eChief Financial Officers Act\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 04-394G\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-04-394g.pdf\"\u003eInformation Technology Investment Management: A Framework for Assessing and Improving Process Maturity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e March 1, 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 05-471\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-05-471.pdf\"\u003eINTERNET PROTOCOL VERSION 6 - Federal Agencies Need to Plan for Transition and Manage\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://www.gao.gov/assets/gao-05-471.pdf\"\u003eSecurity Risks\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 20, 2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 13-87\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-04-394g.pdf\"\u003eInformation Technology Investment Management: A Framework for Assessing and Improving Process Maturity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e March 1, 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 14-413\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/d14413.pdf\"\u003eFederal Software Licenses: Better Management Needed to Achieve Significant Savings Government-Wide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 22, 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 16-469\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-16-469.pdf\"\u003eInformation Technology Reform: Agencies Need to Increase Their Use of Incremental Development Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e August 16, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e FITARA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 20-195G\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-20-195g.pdf\"\u003eCost Estimating and Assessment Guide: Best Practices for Developing and Managing Program Costs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e March 12, 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eFederal Continuity Directives\u003c/h2\u003e\u003cp\u003eFederal Continuity Directives (FCDs) and Presidential Policy Directives (PPDs) and are both types of directives issued by the President of the United States to guide and coordinate specific policies, programs, and activities across the federal government.\u003c/p\u003e\u003cp\u003ePPDs are presidential statements that set forth national policies and decisions, while FCDs are agency-level directives aimed at ensuring the continuity and resilience of government operations during emergencies and crises.\u003c/p\u003e\u003ch3\u003eFCD-1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gpo.gov/docs/default-source/accessibility-privacy-coop-files/January2017FCD1-2.pdf\"\u003eFederal Executive Branch National Continuity Program and Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e January 17, 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFCD-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.fema.gov/sites/default/files/2020-07/Federal_Continuity_Directive-2_June132017.pdf\"\u003eFederal Executive Branch Mission Essential Functions and Candidate Primary Mission Essential Functions\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://www.fema.gov/sites/default/files/2020-07/Federal_Continuity_Directive-2_June132017.pdf\"\u003eIdentification and Submission Process\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e June 13, 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://irp.fas.org/offdocs/ppd/ppd-1.pdf\"\u003eOrganization of the National Security Council System\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 13, 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e National Security Council (NSC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://irp.fas.org/offdocs/ppd/ppd-2.pdf\"\u003eImplementation of the National Strategy for Countering Biological Threats\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e November 23, 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e National Security Staff Executive Secretary\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-40\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.fema.gov/emergency-managers/national-preparedness/continuity/toolkit/chapter-1\"\u003eNational Continuity Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 15, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e Federal Emergency Management Agency (FEMA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-41\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2016/07/26/presidential-policy-directive-united-states-cyber-incident\"\u003eUnited States Cyber Incident Coordination\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 26, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eOMB Circulars\u003c/h2\u003e\u003cp\u003eOMB Circulars are a series of guidance documents issued by the Office of Management and Budget (OMB) of the United States federal government. They provide instructions, requirements, and policies for federal agencies in specific areas of financial management, budgeting, procurement, grants management, and administrative operations.\u003c/p\u003e\u003ch3\u003eA-11\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/06/a11.pdf\"\u003ePreparation, Submission, and Execution of the Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/11/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GRPA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-19\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/Circular-019.pdf\"\u003eLegislative Coordination and Clearance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/20/1979\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Budget Control Act of 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-76\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A76/a76_incl_tech_correction.pdf\"\u003ePerformance of Commercial Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/14/2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFederal Procurement Policy Act\u003c/li\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eEO 11609\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-94\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/11/CircularA-94.pdf\"\u003eGuidelines and Discount Rates for Benefit-Cost Analysis of Federal Programs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Budget and Accounting Act of 1921\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-108\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A108/omb_circular_a-108.pdf\"\u003eFederal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/1975\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act (PRA)\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-123\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/omb/circulars_a123_rev\"\u003eManagements Responsibility for Internal Control\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/21/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eSarbanes-Oxley Act\u003c/li\u003e\u003cli\u003eFederal Managers' Financial Integrity Act\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-130\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf\"\u003eManaging Information as a Strategic Resource\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/28/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eE-Government Act\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003ePRA\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eDigital Accountability and Transparency Act\u003c/li\u003e\u003cli\u003eElectronic Signatures in Global and National Commerce Act\u003c/li\u003e\u003cli\u003eGovernment Paperwork Elimination Act\u003c/li\u003e\u003cli\u003eGPRA\u003c/li\u003e\u003cli\u003eOffice of Federal Procurement Policy Act\u003c/li\u003e\u003cli\u003eBudget and Accounting Procedures Act\u003c/li\u003e\u003cli\u003eChief Financial Officers Act\u003c/li\u003e\u003cli\u003eEO 13719\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-136\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2024/05/A-136-for-FY-2024.pdf\"\u003eFinancial Reporting Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/30/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eChief Financial Officers Act of 1990\u003c/li\u003e\u003cli\u003eGovernment Management Reform Act of 1994\u003c/li\u003e\u003cli\u003eAccountability of Tax Dollars Act of 2002\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eOMB Memos\u003c/h2\u003e\u003cp\u003eThe Office of Management and Budget (OMB) memoranda provide Federal agencies with instructions and implementation guidance for specific management priorities or legislative requirements. They provide annual updates, such as for FISMA reporting requirements, or have longer term guidance for agency implementation.\u003c/p\u003e\u003ch3\u003e2024\u003c/h3\u003e\u003ch4\u003eM-24-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/12/M-24-08-Strengthening-Digital-Accessibility-and-the-Management-of-Section-508-of-the-Rehabilitation-Act.pdf\"\u003eStrengthening Digital Accessibility and the Management of Section 508 of the Rehabilitation Act (digital)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/21/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Section 508 of the Rehabilitation Act\u003c/p\u003e\u003ch4\u003eM-24-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/12/M-24-04-FY24-FISMA-Guidance.pdf\"\u003eFiscal Year 2024 Guidance on Federal Information Security and Privacy Management Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/4/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-24-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/10/M-24-02-Buy-America-Implementation-Guidance-Update.pdf\"\u003eImplementation Guidance on Application of Buy America Preference in Federal Financial Assistance Programs for Infrastructure\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/25/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Buy America Act\u003c/p\u003e\u003ch3\u003e2023\u003c/h3\u003e\u003ch4\u003eM-23-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/09/M-23-22-Delivering-a-Digital-First-Public-Experience.pdf\"\u003eDelivering a Digital-First Public Experience (digital)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/22/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e 21st Century Integrated Digital Experience Act\u003c/p\u003e\u003ch4\u003eM-23-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/08/M-23-20.pdf\"\u003eMulti-Agency Research and Development Priorities for the FY 2025 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/17/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-23-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-18-Administration-Cybersecurity-Priorities-for-the-FY-2025-Budget-s.pdf\"\u003eAdministration Cybersecurity Priorities for the FY 2025 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/27/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e National Cybersecurity Strategy (NCS)\u003c/p\u003e\u003ch4\u003eM-23-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-16-Update-to-M-22-18-Enhancing-Software-Security.pdf\"\u003eUpdate to Memorandum M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements: \u003c/strong\u003eE.O. 14028\u003c/p\u003e\u003ch4\u003eM-23-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/02/M-23-13-No-TikTok-on-Government-Devices-Implementation-Guidance_final.pdf\"\u003e“No TikTok on Government Devices” Implementation Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/27/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e No Tiktok on Government Devices\u003c/p\u003e\u003ch4\u003eM-23-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/02/M-23-10-DOTGOV-Act-Guidance.pdf\"\u003eThe Registration and Use of .gov Domains in the Federal Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/8/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e DOTGOV Online Trust in Government Act of 2020\u003c/p\u003e\u003ch4\u003eM-23-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/12/M_23_07-M-Memo-Electronic-Records_final.pdf\"\u003eUpdate to Transition to Electronic Records\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/23/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-23-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/11/M-23-02-M-Memo-on-Migrating-to-Post-Quantum-Cryptography.pdf\"\u003eMigrating to Post-Quantum Cryptography\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/18/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2022\u003c/h3\u003e\u003ch4\u003eM-22-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/09/M-22-18.pdf\"\u003eEnhancing the Security of the Software Supply Chain through Secure Software Development Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/14/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-22-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/07/M-22-16.pdf\"\u003eAdministration Cybersecurity Priorities for the FY 2024 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/22/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch4\u003eM-22-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/07/M-22-15.pdf\"\u003eMulti-Agency Research and Development Priorities for the FY 2024 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/22/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-22-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf\"\u003eMoving the U.S. Government Toward Zero Trust Cybersecurity Principles\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/26/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-22-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/12/M-22-04-IG-Cooperation.pdf\"\u003ePromoting Accountability through Cooperation among Agencies and Inspectors General\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/3/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e IG Act\u003c/p\u003e\u003ch4\u003eM-22-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/10/M-22-01.pdf\"\u003eImproving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Systems through Endpoint Detection and Response\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/8/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch3\u003e2021\u003c/h3\u003e\u003ch4\u003eM-21-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/07/M-21-32-Multi-Agency-Research-and-Development-Prioirties-for-FY-2023-Budget-.pdf\"\u003eMulti-Agency Research and Development Priorities for the FY 2023 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/27/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-21-31\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf\"\u003eImproving the Federal Governments Investigative and Remediation Capabilities Related to Cybersecurity Incident\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/27/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch4\u003eM-21-30\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-30.pdf\"\u003eProtecting Critical Software Through Enhanced Security Measures\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/10/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch4\u003eM-21-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-07.pdf\"\u003eCompleting the Transition to Internet Protocol Version 6 (IPv6)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/19/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FAR\u003c/p\u003e\u003ch4\u003eM-21-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-06.pdf\"\u003eGuidance for Regulation of Artificial Intelligence Applications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/17/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 13859\u003c/p\u003e\u003ch4\u003eM-21-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-05.pdf\"\u003eExtension of Data Center Optimization Initiative (DCOI)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/13/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch4\u003eM-21-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-04.pdf\"\u003eModernizing Access to and Consent for Disclosure of Records Subject to the Privacy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/12/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e The Privacy Act of 1974\u003c/p\u003e\u003ch3\u003e2020\u003c/h3\u003e\u003ch4\u003eM-20-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/09/M-20-32.pdf\"\u003eImproving Vulnerability Identification, Management, and Remediation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/2/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA\u003c/p\u003e\u003ch4\u003eM-20-29\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/08/M-20-29.pdf\"\u003eR \u0026amp; D Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/14/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-20-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/03/M-20-19.pdf\"\u003eHarnessing Technology to Support Mission Continuity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/22/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-20-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/11/M-20-04.pdf\"\u003eFiscal Year 2019-2020 Guidance on Federal Information Security and Privacy Management Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/19/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2019\u003c/h3\u003e\u003ch4\u003eM-19-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/09/M-19-26.pdf\"\u003eUpdate to the Trusted Internet Connections (TIC) Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/12/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-19-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/08/M-19-21-new-2.pdf\"\u003eTransition of Electronic Records\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/28/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e NARA\u003c/p\u003e\u003ch4\u003eM-19-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/06/M-19-19-Data-Centers.pdf\"\u003eUpdate to Data Center Optimization Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/25/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch4\u003eM-19-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/06/M-19-18.pdf\"\u003eFederal Data Strategy A Framework for Consistency\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/4/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-19-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/05/M-19-17.pdf\"\u003eEnabling Mission Delivery through Improved Identity, Credential, and Access Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/21/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-19-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/02/M-19-10.pdf\"\u003eGuidance for Achieving Interoperability with the National Freedom of Information Act (FOIA) Portal on FOIA.gov\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/12/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FOIA\u003c/p\u003e\u003ch4\u003eM-19-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/12/M-19-03.pdf\"\u003eStrengthening the Cybersecurity of Federal Agencies by enhancing the High Value Asset Program\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/10/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e High Value Asset (HVA) program\u003c/p\u003e\u003ch4\u003eM-19-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/10/M-19-02.pdf\"\u003eFiscal Year 2018-2019 Guidance on Federal Information Security and Privacy Management Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/25/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-19-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/10/M-19-01.pdf\"\u003eRequest for Agency Feedback on the Federal Data Strategy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/16/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Federal Data Strategy\u003c/p\u003e\u003ch3\u003e2018\u003c/h3\u003e\u003ch4\u003eM-18-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/09/M-18-26.pdf\"\u003eIncentivizing Workforce Participation and Expanding Recruitment Sources for the 2020 Decennial Census\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/28/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-18-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/07/M-18-22.pdf\"\u003eFY 2020 Administration Research and Development Budget Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/31/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-18-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/06/M-18-20.pdf\"\u003eAppendix C to OMB Circular No. A-123, Requirements for Payment Integrity Improvement\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/26/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch3\u003e2017\u003c/h3\u003e\u003ch4\u003eM-17-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-32.pdf\"\u003eTravel on Government-Owned Rented, Leased or Chartered Aircraft\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/29/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-126\u003c/p\u003e\u003ch4\u003eM-17-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-25.pdf\"\u003eReporting Guidance for Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/19/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-17-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-23.pdf\"\u003eGuidance on Regulatory Reform Accountability under Executive Order 13777, titled “Enforcing the Regulatory Reform Agenda”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/28/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13777\u003c/p\u003e\u003ch4\u003eM-17-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-22.pdf\"\u003eComprehensive Plan for Reforming the Federal Government and Reducing the Federal Civilian Workforce\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/12/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GPRA Modernization Act of 2010\u003c/p\u003e\u003ch4\u003eM-17-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-21-OMB.pdf\"\u003eImplementing Executive Order 13771, Titled “Reducing Regulation and Controlling Regulatory Costs”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/5/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13771\u003c/p\u003e\u003ch4\u003eM-17-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-19-OMB.pdf\"\u003eLegislative Coordination and Clearance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/28/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-19\u003c/p\u003e\u003ch4\u003eM-17-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-15.pdf\"\u003eRescission of Memoranda Relating to Identity Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/19/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-17-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-12_0.pdf\"\u003ePreparing for and Responding to a Breach of Personally Identifiable Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/3/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-17-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-09.pdf\"\u003eManagement of Federal High Value Assets\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/9/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eB.O.D. 18-02\u003c/li\u003e\u003cli\u003eHHS HVA Program\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-17-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-04.pdf\"\u003eAdditional Guidance for Data Act Implementation: Further Requirements For Reporting And Assuring Data Reliability\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/4/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e DATA Act\u003c/p\u003e\u003ch4\u003eM-17-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-03.pdf\"\u003eInstitutionalizing Hiring Excellence To Achieve Mission Outcomes\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/1/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda (PMA) Cross Agency Priority (CAP)\u003c/p\u003e\u003ch4\u003eM-17-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-02.pdf\"\u003ePrecision Medicine Initiative Privacy and Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/21/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eGenetic Information Nondiscrimination Act\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2016\u003c/h3\u003e\u003ch4\u003eM-16-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_24_0.pdf\"\u003eRole and Designation of Senior Agency Officials for Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/15/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13719\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-16-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_23.pdf\"\u003ePrioritizing Federal Investments in Promise Zones\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/2/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-16-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_21.pdf\"\u003eFederal Source Code Policy: Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/8/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger Cohen Act\u003c/p\u003e\u003ch4\u003eM-16-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-17.pdf\"\u003eOMB Circular No. A-123, Managements Responsibility for Enterprise Risk Management and Internal Control\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/15/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-16-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-15.pdf\"\u003eFederal Cybersecurity Workforce Strategy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/12/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-16-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-14.pdf\"\u003eCategory Management Policy 16-2: Providing Comprehensive Identity Protection Services, Identity Monitoring, and Data Breach Response\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-16-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-12_1.pdf\"\u003eCategory Management Policy 16-1: Improving the Acquisition and Management of Common Information Technology: Software Licensing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/2/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GAO 14-413\u003c/p\u003e\u003ch4\u003eM-16-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-11.pdf\"\u003eImproving Administrative Functions Through Shared Services\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/4/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Federal Cloud Computing Strategy - Cloud Smart\u003c/p\u003e\u003ch4\u003eM-16-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-08.pdf\"\u003eEstablishment of the Core Federal Services Council\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/30/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda (PMA) Cross Agency Priority (CAP)\u003c/p\u003e\u003ch4\u003eM-16-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-04.pdf\"\u003eCybersecurity Strategy and Implementation Plan (CSIP) for the Federal Civilian Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/30/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-16-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-02.pdf\"\u003eCategory Management Policy 15-1: Improving the Acquisition and Management of Common Information Technology: Laptops and Desktops\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/16/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch3\u003e2015\u003c/h3\u003e\u003ch4\u003eM-15-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-18.pdf\"\u003eFiscal Year 2017 Budget Guidance for Countering Biological Threats Resource Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/9/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e PPD-2\u003c/p\u003e\u003ch4\u003eM-15-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-16.pdf\"\u003eMulti-Agency Science and Technology Priorities for the FY 2017 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/9/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-15-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-15.pdf\"\u003eImproving Statistical Activities through Interagency Collaboration\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/8/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Economy Act\u003c/p\u003e\u003ch4\u003eM-15-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-14.pdf\"\u003eManagement and Oversight of Federal Information Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/10/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch4\u003eM-15-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-13.pdf\"\u003ePolicy to Require Secure Connections across Federal Websites and Web Services\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/8/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-15-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-11.pdf\"\u003eFiscal Year 2017 Budget Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/1/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDATA Act\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-15-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-09.pdf\"\u003eGuidance on Implementing the Federal Customer Service Awards Program\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/19/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13571\u003c/p\u003e\u003ch4\u003eM-15-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-07.pdf\"\u003eEstablishment of a Diversity and Inclusion in Government Council\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/6/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13583\u003c/p\u003e\u003ch4\u003eM-15-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-02.pdf\"\u003eAppendix C to Circular No. A-123, Requirements for Effective Estimation and Remediation of Improper Payments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/20/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch3\u003e2014\u003c/h3\u003e\u003ch4\u003eM-14-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-17.pdf\"\u003eMetrics for Uniform Guidance (2 C.F.R. 200\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/30/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13520\u003c/p\u003e\u003ch4\u003eM-14-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-16.pdf\"\u003eGuidance on Managing Email\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/15/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Managing Government Records Directive of 2012\u003c/p\u003e\u003ch4\u003eM-14-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-15.pdf\"\u003eEnsuring That Employment and Training Programs Are Job-Driven\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/22/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-14.pdf\"\u003eFiscal Year 2016 Budget Guidance for Countering Biological Threats Resource Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e PPD-2\u003c/p\u003e\u003ch4\u003eM-14-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/M-14-13.pdf\"\u003eFiscal Year 2016 Budget Guidance for Combating Antibiotic Resistant Bacteria Resource Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e PPD-1\u003c/p\u003e\u003ch4\u003eM-14-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-12.pdf\"\u003eManagement Agenda Priorities for the FY 2016 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-11.pdf\"\u003eScience and Technology Priorities for FY 2016 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-06.pdf\"\u003eGuidance for Providing and Using Administrative Data for Statistical Purposes\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/14/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-04.pdf\"\u003eFiscal Year 2013 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/18/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-14-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-03.pdf\"\u003eEnhancing the Security of Federal Information and Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/1/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GPRA Modernization Act 0f 2010\u003c/p\u003e\u003ch3\u003e2013\u003c/h3\u003e\u003ch4\u003eM-13-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-20.pdf\"\u003eProtecting Privacy while Reducing Improper Payments with the Do Not Pay Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/16/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIPERIA 2012\u003c/li\u003e\u003cli\u003eDo Not Pay (DNP) Initiative\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-13-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-17.pdf\"\u003eNext Steps in the Evidence and Innovation Agenda\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/26/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-13-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-16.pdf\"\u003eScience and Technology Priorities for the FY 2015 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/26/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-13-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-13.pdf\"\u003eOpen Data Policy Managing Information as an Asset\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/9/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13642\u003c/p\u003e\u003ch4\u003eM-13-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-10.pdf\"\u003eAntideficiency Act Implications of Certain Online Terms of Service Agreements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/4/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Antideficiency Act\u003c/p\u003e\u003ch4\u003eM-13-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-09.pdf\"\u003eFiscal Year 2013 PortfolioStat Guidance: Strengthening Federal IT Portfolio Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/27/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-13-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-06.pdf\"\u003eIssuance of the Sequestration Order Pursuant To Section 251A of the Balanced Budget and Emergency Deficit Control Act of 1985, as Amended\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/1/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Budget Control Act of 2011\u003c/p\u003e\u003ch4\u003eM-13-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-02_0.pdf\"\u003eImproving Acquisition through Strategic Sourcing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/5/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e2012\u003c/h3\u003e\u003ch4\u003eM-12-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-20.pdf\"\u003eFY 2012 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/27/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-12-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-18.pdf\"\u003eManaging Government Records Directive\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/24/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidential Memorandum - Managing Government Records\u003c/p\u003e\u003ch4\u003eM-12-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-15.pdf\"\u003eScience and Technology Priorities for the FY 2014 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/6/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-12-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-14_1.pdf\"\u003eUse of Evidence and Evaluation in the 2014 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/18/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-12-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-12_0.pdf\"\u003ePromoting Efficient Spending to Support Agency Operations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/11/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13589\u003c/p\u003e\u003ch4\u003eM-12-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-11_1.pdf\"\u003eReducing Improper Payments through the “Do Not Pay List”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/12/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13520\u003c/p\u003e\u003ch4\u003eM-12-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-09_0.pdf\"\u003eFederal Activities Inventory Reform (FAIR) Act Submission for Fiscal Year 2012\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/26/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-12-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-01.pdf\"\u003eCreation of the Council on Financial Assistance Reform\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/27/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13576\u003c/p\u003e\u003ch3\u003e2011\u003c/h3\u003e\u003ch4\u003eM-11-33\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-33.pdf\"\u003eFY 2011 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/14/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-11-27\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-27.pdf\"\u003eImplementing the Telework Enhancement Act of 2010: Security Guidelines\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/15/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Telework Enhancement Act of 2010\u003c/p\u003e\u003ch4\u003eM-11-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-26.pdf\"\u003eNew Fast-Track Process for Collecting Service Delivery Feedback Under the Paperwork Reduction Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/15/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003eM-11-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-21.pdf\"\u003eImplementing the Presidential Memorandum “Administrative Flexibility, Lower Costs, and Better Results for State, Local, and Tribal Governments”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/29/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidential Memorandum - Administrative Flexibility\u003c/p\u003e\u003ch4\u003eM-11-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-16.pdf\"\u003e2011 Issuance of Revised Parts I and II to Appendix C of OMB Circular A-123\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/14/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-11-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-15.pdf\"\u003e2011 Final Guidance on Implementing the Plain Writing Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/13/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Plain Writing Act of 2010\u003c/p\u003e\u003ch4\u003eM-11-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-11.pdf\"\u003eContinued Implementation of Homeland Security Presidential Directive (HSPD) 12Policy for a Common Identification Standard for Federal Employees and Contractors\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/3/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-11-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-08.pdf\"\u003eInitial Assessments of Safeguarding and Counterintelligence Postures for Classified National Security Information in Automated Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/3/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13526\u003c/p\u003e\u003ch4\u003eM-11-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-04.pdf\"\u003eIncreasing Efforts to Recapture Improper Payments by Intensifying and Expanding Payment Recapture Audits\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/16/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e IPERIA 2012\u003c/p\u003e\u003ch4\u003eM-11-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-02.pdf\"\u003eSharing Data While Protecting Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/3/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Privacy Act of 1974\u003c/p\u003e\u003ch4\u003eM-11-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-01.pdf\"\u003ePilot Projects for the Partnership Fund for Program Integrity Innovation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/19/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Consolidated Appropriations Act of 2010\u003c/p\u003e\u003ch3\u003e2010\u003c/h3\u003e\u003ch4\u003eM-10-34\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-34.pdf\"\u003eUpdated Guidance on the American Recovery and Reinvestment Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/24/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-30\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-30.pdf\"\u003eScience and Technology Priorities for the FY 2012 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-10-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m-10-26.pdf\"\u003eImmediate Review of Financial Systems IT Projects\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/28/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-10-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-23.pdf\"\u003eGuidance for Agency Use of Third-Party Websites and Applications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/25/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003eM-10-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-22.pdf\"\u003eGuidance for Online Use of Web Measurement and Customization Technologies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/25/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB M-10-06\u003c/p\u003e\u003ch4\u003eM-10-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-21.pdf\"\u003eDeveloping Effective Place-Based Policies for the FY 2012 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/21/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-10-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-16.pdf\"\u003eGrants.gov Return to Normal Operations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/23/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-14.pdf\"\u003eUpdated Guidance on the American Recovery and Reinvestment Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/22/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-13.pdf\"\u003eIssuance of Part III to OMB Circular A-123, Appendix C\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/22/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-10-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-10.pdf\"\u003eFederal Agency Coordination on Health Information Technology (HIT)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/19/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HITECH\u003c/p\u003e\u003ch4\u003eM-10-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-03.pdf\"\u003ePayments to State Grantees for their Administrative Costs for Recovery Act Funding Alternative Allocation Methodologies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/13/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-01.pdf\"\u003eIncreased Emphasis on Program Evaluations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/7/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e2009\u003c/h3\u003e\u003ch4\u003eM-09-33\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-33.pdf\"\u003eTechnical Amendments to OMB Bulletin No. 07-04, Audit Requirements for Federal Financial Statements\u003c/a\u003e\u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-01.pdf\"\u003eIncreased Emphasis on Program Evaluations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/23/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-136\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-09-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-32.pdf\"\u003eUpdate on the Trusted Internet Connections Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/16/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch4\u003eM-09-27\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-27.pdf\"\u003eScience and Technology Priorities for the FY 2011 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/4/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-09-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-18.pdf\"\u003ePayments to State Grantees for Administrative Costs of Recovery Act Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/11/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-17.pdf\"\u003eImproving Grants.gov\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/8/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-15.pdf\"\u003eUpdated Implementing Guidance for the American Recovery and Reinvestment Act of 2009\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/3/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-14.pdf\"\u003eRecovery Act Implementation Improving Grants.gov and Other Critical Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/9/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-14.pdf\"\u003eRecovery Act Implementation Improving Grants.gov and Other Critical Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/9/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-10.pdf\"\u003eInitial Implementing Guidance for the American Recovery and Reinvestment Act of 2009\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/18/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch3\u003e2008\u003c/h3\u003e\u003ch4\u003eM-08-27\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-27.pdf\"\u003eGuidance for Trusted Internet Connection (TIC) Compliance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/30/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch4\u003eM-08-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-25.pdf\"\u003eGuidance for Completing FY 2008 Financial and Performance Reports\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/252008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-08-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-24.pdf\"\u003eTechnical Amendments to OMB Bulletin No. 07-04, Audit Requirements for Federal Financial Statements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB Bulletin No. 07-04\u003c/p\u003e\u003ch4\u003eM-08-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-16.pdf\"\u003eGuidance for Trusted Internet Connection Statement of Capability Form (SOC)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/4/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch4\u003eM-08-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-15.pdf\"\u003eTools Available for Implementing Electronic Records Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/31/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-08-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-14.pdf\"\u003e2008 Inventories of Commercial and Inherently Governmental Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/26/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-08-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-13.pdf\"\u003eUpdate to Civilian Position Full Fringe Benefit Cost Factor, Federal Pay Raise Assumptions, and Inflation Factors used in OMB Circular No. A-76, “Performance of Commercial Activities”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/11/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements: \u003c/strong\u003eOMB A-76\u003c/p\u003e\u003ch4\u003eM-08-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-11.pdf\"\u003eCompetitive Sourcing Requirements in Division D of Public Law 110-161\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/20/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Consolidated Appropriations Act of 2010\u003c/p\u003e\u003ch4\u003eM-08-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-09.pdf\"\u003eNew FISMA Privacy Reporting Requirements for FY 2008\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/18/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-08-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-05.pdf\"\u003eImplementation of Trusted Internet Connections (TIC)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/20/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch3\u003e2007\u003c/h3\u003e\u003ch4\u003eM-07-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-25.pdf\"\u003eBioShield Procurement Approval Anthrax Vaccine Adsorbed\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/20/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eProject BioShield Act of 2004\u003c/li\u003e\u003cli\u003ePublic Health Service Act\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-07-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-24.pdf\"\u003eUpdated Principles for Risk Analysis\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/19/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB Memorandum - Principles for Risk Analysis\u003c/p\u003e\u003ch4\u003eM-07-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-23.pdf\"\u003eRequiring Agency Use of the International Trade Data System\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/10/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13439\u003c/p\u003e\u003ch4\u003eM-07-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-21.pdf\"\u003eVerifying the Employment Eligibility of Federal Employees\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/10/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-07-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-20.pdf\"\u003eFY 2007 E-Government Act Reporting Instructions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/14/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-07-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-18.pdf\"\u003eEnsuring New Acquisitions Include Common Security Configurations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/1/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-07-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-16.pdf\"\u003eSafeguarding Against and Responding to the Breach of Personally Identifiable Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/22/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/business_migrations.pdf\"\u003eCompetition Framework for Human Resources Management Line of Business Migrations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/18/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-07-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-14.pdf\"\u003e2007 Inventories of Commercial and Inherently Governmental Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/3/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-07-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-02.pdf\"\u003eUpdate to Civilian Position Full Fringe Benefit Cost Factor, Federal Pay Raise Assumptions, Inflation Factors, and Tax Rates used in OMB Circular No. A-76, “Performance of Commercial Activities”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/31/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-76\u003c/p\u003e\u003ch3\u003e2006\u003c/h3\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/task_force_theft_memo.pdf\"\u003eRecommendations for Identity Theft Related Data Breach Notification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/20/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13402\u003c/p\u003e\u003ch4\u003eM-06-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-25.pdf\"\u003eFY 2006 E-Government Act Reporting Instructions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-06-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-21.pdf\"\u003eReciprocal Recognition of Existing Personnel Security Clearances\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/17/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 12958\u003c/p\u003e\u003ch4\u003eM-06-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-19.pdf\"\u003eReporting Incidents Involving Personally Identifiable Information Incorporating the Cost for Security in Agency Information Technology Investments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/12/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-06-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-18.pdf\"\u003eAcquisition of Products and Services for Implementation of HSPD-12\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/30/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-06-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m-06-15.pdf\"\u003eSafeguarding Personally Identifiable Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/22/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Privacy Act of 1974\u003c/p\u003e\u003ch4\u003eM-06-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-12.pdf\"\u003eFollow-up Memorandum on “Implementation of the Presidents Executive Order “Improving Agency Disclosure of Information”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/13/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FOIA\u003c/p\u003e\u003ch4\u003eM-06-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-06.pdf\"\u003eSample Privacy Documents for Agency Implementation of Homeland Security Presidential Directive (HSPD) 12\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/17/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-06-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-04.pdf\"\u003eImplementation of the Presidents Executive Order “Improving Agency Disclosure of Information”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/30/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FOIA\u003c/p\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/reciprocal121205.pdf\"\u003eReciprocal Recognition of Existing Personnel Security Clearances\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/12/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Intelligence Reform and Terrorism Prevention Act of 2004\u003c/p\u003e\u003ch4\u003eM-06-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-02.pdf\"\u003eImproving Public Access to and Dissemination of Government Information and Using the Federal Enterprise Architecture Data Reference Model\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/16/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2005\u003c/h3\u003e\u003ch4\u003eM-05-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-25.pdf\"\u003eSmartBUY Agreement with Oracle\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-05-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-24.pdf\"\u003eImplementation of Homeland Security Presidential Directive (HSPD) 12 Policy for a Common Identification Standard for Federal Employees and Contractors\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-05-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-23.pdf\"\u003eImproving Information Technology (IT) Project Planning and Execution\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/4/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-05-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-22.pdf\"\u003eTransition Planning for Internet Protocol Version 6 (IPv6)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/2/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GAO 05-471\u003c/p\u003e\u003ch4\u003eM-05-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-17.pdf\"\u003eAllocation of Responsibilities For Security Clearances Under the Executive Order, Strengthening Processes Relating to Determining Eligibility for Access to Classified National Security Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/30/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13381\u003c/p\u003e\u003ch4\u003eM-05-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-16.pdf\"\u003eRegulation on Maintaining Telecommunication Services During a Crisis or Emergency in Federally-owned Buildings\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/30/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Section 414 of the Transportation, Treasury, Independent Agencies, and General Government Appropriations Act\u003c/p\u003e\u003ch4\u003eM-05-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-08.pdf\"\u003eDesignation of Senior Agency Officials for Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/11/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Privacy Act of 1974\u003c/p\u003e\u003ch4\u003eM-05-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-05.pdf\"\u003eElectronic Signatures: How to Mitigate the Risk of Commercial Managed Services\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/20/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-05-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-04.pdf\"\u003ePolicies for Federal Agency Public Websites\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/17/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch3\u003e2004\u003c/h3\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-25_template.xls\"\u003eSection E — FY04 FISMA Reporting Template\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-04-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/omb/memoranda_fy04_m04-24/\"\u003eExpanded Electronic Government (E-Gov) Presidents Management Agenda (PMA) Scorecard Cost, Schedule and Performance Standard for Success\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/23/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda - Expanded Electronic Government (E-Gov) Initiative\u003c/p\u003e\u003ch4\u003eM-04-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-19.pdf\"\u003eInformation Technology (IT) Project Manager (PM) Qualification Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/21/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-04-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m-04-18.pdf\"\u003eMedicare Modernization Act and Federal Programs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/19/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Medicare Prescription Drug, Improvement, and Modernization Act (MMA)\u003c/p\u003e\u003ch4\u003eM-04-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2004-M-04-16-Software-Acquisition-.pdf\"\u003eSoftware Acquisition\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-04-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m-04-15.pdf\"\u003eDevelopment of Homeland Security Presidential Directive(HSPD) 7 Critical Infrastructure Protection Plans to Protect Federal Critical Infrastructures and Key Resources\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/17/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-04-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-08.pdf\"\u003eMaximizing Use of SmartBuy and Avoiding Duplication of Agency Activities with the Presidents 24 E-Gov Initiatives\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/25/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda - Expanded Electronic Government (E-Gov) Initiative\u003c/p\u003e\u003ch4\u003eM-04-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-04.pdf\"\u003eE-Authentication Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/16/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003ePaperwork Elimination Act of 1998\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2003\u003c/h3\u003e\u003ch4\u003eM-03-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/203-M-03-22-OMB-Guidance-for-Implementing-the-Privacy-Provisions-of-the-E-Government-Act-of-2002-1.pdf\"\u003eOMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/16/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-03-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2003/m03-18.pdf\"\u003eImplementation Guidance for the E-Government Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/1/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-03-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2003-M-03-04-Determination-Orders-Organizing-the-Department-of-Homeland-Security-1.pdf\"\u003eDetermination Orders Organizing the Department of Homeland Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/7/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Public Law 107-296 - Establishing the Department of Homeland Security\u003c/p\u003e\u003ch3\u003e2002\u003c/h3\u003e\u003ch4\u003eM-02-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2002/m02-14.pdf\"\u003eAdditional Information Requirements for Overseas Combating Terrorism and Homeland Security for the FY 2004 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/8/2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-02-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2002/m02-11.pdf\"\u003eDepartment of Homeland Security Transition Issues\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/16/2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Public Law 107-296 - Establishing the Department of Homeland Security\u003c/p\u003e\u003ch4\u003eM-02-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2002-M-02-01-Guidance-for-Preparing-and-Submitting-Security-Plans-of-Action-and-Milestones-1.pdf\"\u003eGuidance for Preparing and Submitting Security Plans of Action and Milestones\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/17/2001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Government Information Security Reform Act\u003c/p\u003e\u003ch3\u003e2001\u003c/h3\u003e\u003ch4\u003eM-01-28\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2001-M-01-28-Citizen-Centered-E-Government-Developing-the-Action-Plan.pdf\"\u003eCitizen-Centered E-Government: Developing the Action Plan\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e President Management Agenda - e-Government\u003c/p\u003e\u003ch4\u003eM-01-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2001-M-01-05-Guidance-on-Inter-Agency-Sharing-of-Personal-Data-Protecting-Personal-Privacy.pdf\"\u003eGuidance on Inter-Agency Sharing of Personal Data Protecting Personal Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/20/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Computer Matching and Privacy Protection Act\u003c/p\u003e\u003ch3\u003e2000\u003c/h3\u003e\u003ch4\u003eM-00-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-15-OMB-Guidance-on-Implementing-the-Electronic-Signatures-in-Global-and-National-Commerce-Act.pdf\"\u003eOMB Guidance on Implementing the Electronic Signatures in Global and National Commerce Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/25/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Sign Act\u003c/p\u003e\u003ch4\u003eM-00-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-13-Privacy-Policies-and-Data-Collection-on-Federal-Web-Sites.pdf\"\u003ePrivacy Policies and Data Collection on Federal Web Sites\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/22/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eChildrens Online Privacy Protection Act\u003c/li\u003e\u003cli\u003ePrivacy Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-00-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-10-OMB-Procedures-and-Guidance-on-Implementing-the-Government-Paperwork-Elimination-Act.pdf\"\u003eOMB Procedures and Guidance on Implementing the Government Paperwork Elimination Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/25/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003eM-00-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-03-Reporting-Y2K-Compliance-of-Non-mission-Critical-Systems.pdf\"\u003eReporting Y2K Compliance of Non-mission Critical Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/10/1999\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e1999\u003c/h3\u003e\u003ch4\u003eM-99-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1999-M-99-18-Privacy-Policies-on-Federal-Web-Sites.pdf\"\u003ePrivacy Policies on Federal Web Sites\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/2/1999\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-99-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1999-M-99-01-New-Statutory-Language-on-Paperwork-Reduction-FY-1999-ICB.pdf\"\u003eNew Statutory Language on Paperwork Reduction FY 1999 ICB\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/16/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003e1998\u003c/h4\u003e\u003ch4\u003eM-98-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1995-1998-M-98-14-Comprehensive-Plans-and-Associated-Funding-Requirements-for-Achieving-Year-2000-Computer-Compliance.pdf\"\u003eComprehensive Plans and Associated Funding Requirements for Achieving Year 2000 Computer Compliance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/13/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-11\u003c/p\u003e\u003ch4\u003eM-98-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1995-1998-M-98-09-Updated-Guidance-on-Developing-a-Handbook-for-Individuals-Seeking-Access-of-Public-Information.pdf\"\u003eUpdated Guidance on Developing a Handbook for Individuals Seeking Access of Public Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/23/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eElectronic Freedom of Information Act Amendments of 1996\u003c/li\u003e\u003cli\u003eFOIA\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-98-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1998-M-98-04-Annual-Performance-Plans-Required-by-the-Government-Performance-and-Results-Act-GPRA.pdf\"\u003eAnnual Performance Plans Required by the Government Performance and Results Act (GPRA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/29/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GPRA Modernization Act of 2010\u003c/p\u003e\u003ch3\u003e1997\u003c/h3\u003e\u003ch4\u003eM-97-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/1995-1998/m97-15.pdf\"\u003eLocal Telecommunications Services Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/12/1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch4\u003eM-97-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-09-Interagency-Support-for-Information-Technology.pdf\"\u003eInteragency Support for Information Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/10/1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch4\u003eM-97-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-07-Multiagency-Contracts-Under-the-Information-Technology-Management-Reform-Act-of-1996.pdf\"\u003eMultiagency Contracts Under the Information Technology Management Reform Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/26/1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch4\u003eM-97-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-02-Funding-Information-Systems-Investments.pdf\"\u003eFunding Information Systems Investments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/25/1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eGPRA Modernization Act of 2010\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e1996\u003c/h3\u003e\u003ch4\u003eM-96-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1996-M-96-20-Implementation-of-the-Information-Technology-Management-Reform-Act-of-1996.pdf\"\u003eImplementation of the Information Technology Management Reform Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/4/1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch3\u003e1995\u003c/h3\u003e\u003ch4\u003eM-95-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/1995-1998/m95-17.pdf\"\u003eContingency Planning for Agency Operations in Fiscal Year 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/17/1995\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch2\u003eHHS Policies, Standards, Memorandum, and Guides\u003c/h2\u003e\u003ch3\u003eHHS Policies\u003c/h3\u003e\u003cp\u003eThe HHS Cybersecurity Program develops policies, standards, memoranda, guides, and standard operating procedures. They are collectively referred to as policy documents. HHS policy documents help to apply Federal legislation, OMB regulations, NIST standards, and U.S. Computer Emergency Readiness Team (US-CERT) guidelines in the context of the HHS environment, thus standardizing the implementation of information security and privacy practices across the Department.\u003c/p\u003e\u003cp\u003eNOTE: The HHS Polices can be found at \u003cem\u003ehttp://intranet.hhs.gov/working-at-hhs/cybersecurity/ocio-policies\u003c/em\u003e and are only accessible through the HHS intranet/CMS network and cannot be accessed with a public internet connection.\u003c/p\u003e\u003ch4\u003eCybersecurity Awareness and Training\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2024-03-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Identifies the baseline requirements for providing HHS personnel with the requirements for Awareness Training and of their responsibility to help protect the confidentiality, integrity, and availability of HHS information systems and data\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/role-based-training-rbt\"\u003eCyberGeek - Role Based Training (RBT)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-2-awareness-and-training\"\u003eCyberGeek - Risk Management Handbook (RMH) Chapter 2: Awareness \u0026amp; Training (AT)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e5 CFR 930.301\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS Policy for Information Security and Privacy Protection (IS2P)\u003c/li\u003e\u003cli\u003eNIST S.P. 800-16\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-50\u003c/li\u003e\u003cli\u003eNIST SP 800-181 rev 1\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRecords Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-CDO-2024-02-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the principles, responsibilities, and requirements for managing HHS records\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 2/1/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003eCMS Records and Information Management Program\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B\u003c/li\u003e\u003cli\u003e32 CFR Part 2002\u003c/li\u003e\u003cli\u003e18 U.S. Code § 641\u003c/li\u003e\u003cli\u003e18 U.S. Code § 2071\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 2901-2910\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 3101-3107\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 3106\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 3301-3324\u003c/li\u003e\u003cli\u003e44 U.S. Code § 3301\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eFederal Rules of Civil Procedures\u003c/li\u003e\u003cli\u003eNARA Bulletin 2010-05\u003c/li\u003e\u003cli\u003eNARA Bulletin 2013-02\u003c/li\u003e\u003cli\u003eNARA Bulletin 2014-02\u003c/li\u003e\u003cli\u003eNARA Bulletin 2015-02\u003c/li\u003e\u003cli\u003eNARA Bulletin 2023-02\u003c/li\u003e\u003cli\u003eNARA Criteria for Successfully Managing Permanent Electronic Records\u003c/li\u003e\u003cli\u003eNARA Guidance on Records Management Language for Contracts\u003c/li\u003e\u003cli\u003eNARA Universal Electronic Records Management Requirements\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB M-19-21\u003c/li\u003e\u003cli\u003eOMB M-23-07\u003c/li\u003e\u003cli\u003eHHS Policy for Litigation Holds\u003c/li\u003e\u003cli\u003eHHS Policy for Rules of Behavior for Use of Information and IT Resources\u003c/li\u003e\u003cli\u003eHHS Policy for Mobile Devices and Removable Media\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePrivacy Impact Assessments\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2023-09-005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Set forth the minimum HHS Privacy Threshold Analysis (PTA), PIA, and Internal PIA requirements, as well as accompanying approval and publication processes\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/privacy-impact-assessment-pia\"\u003eCyberGeek - Privacy Impact Assessment (PIA)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS Policy for Information Security and Privacy Protection (IS2P)\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53 Rev. 5\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management v1.0\u003c/li\u003e\u003cli\u003eOMB Circular A-108\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eOMB M-17-06\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act (PRA)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eLitigation Holds\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-CDO-2023-08-004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish that HHS takes all reasonable steps to preserve potentially relevant information in the possession, custody, or control of HHS when civil litigation has commenced or when there is reasonable anticipation of litigation\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/10/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Litigation Holds and Essential Records Program\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B §§ 1220.30-1220.34\u003c/li\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B §§ 1230.1-1230.18\u003c/li\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B §§ 1236.2-1236.36\u003c/li\u003e\u003cli\u003e18 USC § 641\u003c/li\u003e\u003cli\u003e18 USC § 2071\u003c/li\u003e\u003cli\u003e44 USC §§ 2071-2120\u003c/li\u003e\u003cli\u003e44 USC §§ 2901-2912\u003c/li\u003e\u003cli\u003e44 USC §§ 3101-3107\u003c/li\u003e\u003cli\u003e44 USC §§ 3301-3314\u003c/li\u003e\u003cli\u003e44 USC §§ 3501-3583\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eDuty to Disclose, Rule 26\u003c/li\u003e\u003cli\u003eProducing Documents, Rule 34\u003c/li\u003e\u003cli\u003eFailure to Make Disclosures or to Cooperate in Discovery, Rule 37\u003c/li\u003e\u003cli\u003eDelivering Government Solutions in 21st Century\u003c/li\u003e\u003cli\u003eNARA 2010-05\u003c/li\u003e\u003cli\u003eNARA 2014-02\u003c/li\u003e\u003cli\u003eNARA 2015-02\u003c/li\u003e\u003cli\u003eNARA Criteria for Successfully Managing Permanent Electronic Records\u003c/li\u003e\u003cli\u003eNARA Guidance on Records Management Language for Contracts\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMA/NARA M-23-07\u003c/li\u003e\u003cli\u003ePublic Law 113-187\u003c/li\u003e\u003cli\u003eUniversal Electronic Records Management Requirements\u003c/li\u003e\u003cli\u003eNARA General Records Schedules\u003c/li\u003e\u003cli\u003eGeneral Record Schedule 6.1\u003c/li\u003e\u003cli\u003eHHS Implementing Email Records Management\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior for Use of Information and IT Resources\u003c/li\u003e\u003cli\u003eHHS Mobile Devices and Removable Media\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eData Loss Prevention\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2022-05-003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish comprehensive DLP requirements for HHS systems and information that are compliant with FISMA 2014, NIST S.P. 800-53, EO 14028\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/16/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eEO 13556\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHSS IS2P\u003c/li\u003e\u003cli\u003eNARA CUI Program\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB M-22-09\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRules of Behavior for Use of Information and IT Resources\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2023-02-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Defines the acceptable use of HHS information and IT resources and establishes the baseline requirements for developing Rules of Behavior that all users, including privileged users, are required to sign prior to accessing HHS information systems and resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 2/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/hhs-policy-rules-behavior-use-information-it-resources\"\u003eCyberGeek - HHS Policy for Rules of Behavior for Use of Information and IT Resources\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eNIST S.P. 800-18\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003ePublic Law § 115-232 889\u003c/li\u003e\u003cli\u003e5 USC § 552a\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eCommon Data Use Agreement (DUA) Structure and Repository\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-CDO-2023-01-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Defines a DUA as a document that establishes the terms and conditions under which the Data Provider will provide, and the Data Recipient will receive and use, the data covered under the Agreement, which is nonpublic, restricted HHS data shared for a limited government purpose\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/23/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/cms-data-use-agreement-dua\"\u003eCyberGeek - CMS Data Use Agreement (DUA)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e44 USC § 3520\u003c/li\u003e\u003cli\u003e44 USC § 3576\u003c/li\u003e\u003cli\u003eOMB M-14-06\u003c/li\u003e\u003cli\u003eOMB M-01-05\u003c/li\u003e\u003cli\u003eHHS Enterprise Data Management\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEncryption of Computing Devices and Information\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2022-12-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish comprehensive encryption requirements for HHS systems and information that are compliant with FISMA 2014, NIST S.P. 800-53, EO 14028, OMB M-22-09\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/9/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-15-13\u003c/li\u003e\u003cli\u003eOMB M-22-09\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSecuring AI Technology\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-12-007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensure secure implementation of AI technology within HHS, secure HHS networks and information, protect privacy, and address risks\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/14/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13859\u003c/li\u003e\u003cli\u003eEO 13960\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST Privacy Framework\u003c/li\u003e\u003cli\u003eNIST S.P. 800-167\u003c/li\u003e\u003cli\u003eNIST S.P. 800-94\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eDHS AI Using Standards to Mitigate Risks\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Security and Privacy Protection (IS2P)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-11-0006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish comprehensive security and privacy requirements for HHS systems and information that are compliant with FISMA 2014 and NIST S.P. 800-53\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/18/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eEO 13556\u003c/li\u003e\u003cli\u003eFERPA\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eBuy American Act\u003c/li\u003e\u003cli\u003eFASCSA 2018\u003c/li\u003e\u003cli\u003ePublic Law 115-232 § 889\u003c/li\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eHSPD-12\u003c/li\u003e\u003cli\u003eNARA\u003c/li\u003e\u003cli\u003eB.O.D 18-02\u003c/li\u003e\u003cli\u003eFIPS 140-2, 199, 200, 201-1\u003c/li\u003e\u003cli\u003eNIST S.P. 800-111\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST S.P. 800-144\u003c/li\u003e\u003cli\u003eNIST S.P. 800-152\u003c/li\u003e\u003cli\u003eNIST S.P. 800-171\u003c/li\u003e\u003cli\u003eNIST S.P. 800-175A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-175B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-46\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-79-2\u003c/li\u003e\u003cli\u003eNIST S.P. 800-88\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB Circular A-108\u003c/li\u003e\u003cli\u003eOMB M-02-01\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eOMB M-10-22\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-16-17\u003c/li\u003e\u003cli\u003eOMB M-14-03\u003c/li\u003e\u003cli\u003eOMB M-16-17\u003c/li\u003e\u003cli\u003eOMB M-14-03\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003e5 CFR § 930.301\u003c/li\u003e\u003cli\u003ePublic Law 113-291 Title VIII Subtitle D\u003c/li\u003e\u003cli\u003eSection 508 of the Rehabilitation Act of 1973\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Portfolio Management (PfM)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2021-09-005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Describes the Captital Planning and Investment Control (CPIC) principles and requirements, and establishes standard methodologies for conducting OAs, evaluating Investment Risks, certifying adequate Incremental Development, and successfully implementing TBM\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 9/23/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e \u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition\"\u003eCyberGeek - Risk Management Handbook Chapter 15: System \u0026amp; Services Acquisition\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGovernment Performance and Results Act of 1993\u003c/li\u003e\u003cli\u003eFederal Acquisition Streamlining Act of 1994\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act of 1995\u003c/li\u003e\u003cli\u003eFederal Financial Management Improvement Act of 1996\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFITARA 2014\u003c/li\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003ePolicies \u0026amp; Priorities, Technology Business Management. CIO. GOV\u003c/li\u003e\u003cli\u003eRecords Management Act of 1950\u003c/li\u003e\u003cli\u003eSection 508 of the Rehabilitation Act\u003c/li\u003e\u003cli\u003eEO 13636\u003c/li\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eGAO-04-394G\u003c/li\u003e\u003cli\u003eAIMD-10.1.13\u003c/li\u003e\u003cli\u003eGAO-13-87\u003c/li\u003e\u003cli\u003eGAO Report 16-469\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-94\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB Federal Cloud Computing Strategy - Cloud Smart\u003c/li\u003e\u003cli\u003eOMB M-97-02\u003c/li\u003e\u003cli\u003eOMB M-05-23\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eFederal Continuity Directive 1\u003c/li\u003e\u003cli\u003eFederal Continuity Directive 2\u003c/li\u003e\u003cli\u003eFIPS 140-2\u003c/li\u003e\u003cli\u003eNIST S.P. 800-30\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-39\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-56A\u003c/li\u003e\u003cli\u003eSection 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)\u003c/li\u003e\u003cli\u003eHHS Section 508 Electronic and IT\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation\u003c/li\u003e\u003cli\u003eHHS OCIO Roles and Responsibilities\u003c/li\u003e\u003cli\u003eHHS OCIO Enterprise Performance Life Cycle Framework Overview Document\u003c/li\u003e\u003cli\u003eHHS IT Strategic Plan\u003c/li\u003e\u003cli\u003eHHS IT Policy for Enterprise Architecture\u003c/li\u003e\u003cli\u003eHHS Office of Acquisition Management and Policy (OAMP) Acquisition Policy Memorandum\u003c/li\u003e\u003cli\u003eHHS IT Acquisition Reviews (ITAR)\u003c/li\u003e\u003cli\u003eHHS IT Enterprise Performance Life Cycle\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Records Management\u003c/li\u003e\u003cli\u003eHHS Enterprise Risk Management Framework\u003c/li\u003e\u003cli\u003eHHS Cloud Computing and FedRamp Guidance\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy Language\u003c/li\u003e\u003cli\u003eHHS Cyber Supply Chain Risk Management\u003c/li\u003e\u003cli\u003eHHS High Value Asset (HVA) Program\u003c/li\u003e\u003cli\u003eOCIO FITARA Approval Guidance\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eTransition to IPv6\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2021-08-004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides guidance to which HHS Operating Divisions (OpDivs) and Staff Divsions (StaffDivs) must follow to meet the requirements and milestones laid out in the OMB Memorandum 21-07, Completing the Transition to IPv6 (M-21-07)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/1/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eFederal Acquisition Regulation (FAR)\u003c/li\u003e\u003cli\u003eNIST S.P. 500-267A\u003c/li\u003e\u003cli\u003eNIST S.P. 500-267B\u003c/li\u003e\u003cli\u003eNIST S.P. 500-281A\u003c/li\u003e\u003cli\u003eNIST S.P. 500-281B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-21-07\u003c/li\u003e\u003cli\u003eOMB M-05-22\u003c/li\u003e\u003cli\u003eHHS IT Acquisition Reviews (ITAR)\u003c/li\u003e\u003cli\u003eHHS IT Asset Management (ITAM)\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy Language\u003c/li\u003e\u003cli\u003eHHS IT System Inventory Management\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eImplementation of DHS Directive on Vulnerability Disclosure\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-05-003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the HHS compliance requirements under the DHS B.O.D 20-01\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/4/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCarnegie Mellon SEI, The CERT Guide to Coordinated Vulnerable Disclosure\u003c/li\u003e\u003cli\u003eB.O.D. 20-01\u003c/li\u003e\u003cli\u003eDOJ A Framework for a Vulnerability Disclosure Program for Online Systems\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eISO/IEC 29147:2018\u003c/li\u003e\u003cli\u003eNIST Framework for Improving Critical Infrastructure Cybersecurity\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-20-32\u003c/li\u003e\u003cli\u003eEO 13800\u003c/li\u003e\u003cli\u003eTitle 44, U.S. Code, Section 3553(b)(2) Authority and Functions of the Director and the Secretary\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eImplementation of Trusted Internet Connections (TIC)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-03-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the requirements to which HHS Operating Divisions (OpDivs) must adhere when implementing TICs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/17/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e6 USC 1523(b)(1)(D)\u003c/li\u003e\u003cli\u003eOMB M-19-26\u003c/li\u003e\u003cli\u003eCommittee on National Security Systems (CNSS), Internet Engineering Task Force (IETF) RFC 4949\u003c/li\u003e\u003cli\u003eDHS CISA TIC Reference Architecture Document\u003c/li\u003e\u003cli\u003eDHS CISA TIC Volume 1-5\u003c/li\u003e\u003cli\u003eDHS CISA TIC Interim Telework Guidance\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA) Enterprise Infrastructure Solutions (EIS) Management and Operations Handbook\u003c/li\u003e\u003cli\u003eGSA, Transition Handbook, Network, WITS 3, and GSA Regional Local Services to EIS Contracts\u003c/li\u003e\u003cli\u003eNational Cybersecurity Protection System (NCPS) Cloud Interface Reference Architecture\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-41\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-145\u003c/li\u003e\u003cli\u003eNIST S.P. 800-152\u003c/li\u003e\u003cli\u003eNIST S.P. 800-207\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Internet and Email Security\u003c/li\u003e\u003cli\u003eHHS POA\u0026amp;M Standard\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Procurements - Security And Privacy Language\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-03-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Mandates the standard security and privacy language for information and information technology (IT) procurements throughout HHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/3/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/security-and-privacy-requirements-it-procurements\"\u003eCyberGeek - Security and Privacy Requirements for IT Procurements\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eBuy American Act\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eFASCSA 2018\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePublic Law 115-232 § 889\u003c/li\u003e\u003cli\u003ePublic Law 115-390\u003c/li\u003e\u003cli\u003eU.S.C of CFR\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eIT System Inventory Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2020-12-011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Direct HHS entities (i.e., Operating Divisions [OpDiv] and Staff Divisions [StaffDiv]) to establish and maintain an enterprise-wide inventory of HHS IT systems by providing guidance and baseline standards for maintaining a comprehensive inventory of all IT systems and related information\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA 2014\u003c/li\u003e\u003cli\u003eFITARA Enhancement Act of 2017\u003c/li\u003e\u003cli\u003eMEGABYTE Act of 2016\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-17-09\u003c/li\u003e\u003cli\u003eOMB M-19-01\u003c/li\u003e\u003cli\u003eOMB M-19-21\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eHHS CPIC\u003c/li\u003e\u003cli\u003eHHS HVA\u003c/li\u003e\u003cli\u003eHHS ITAM\u003c/li\u003e\u003cli\u003eHHS Records Management\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Asset Management (ITAM)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OCPO-2020-08-008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the HHS program for the management of IT and Telecommunication assets in compliance with the Cap Goal 7: Category Management - Leveraging Common Contracts and Best Practices to Drive Saving and Efficiencies, within the Presidents Management Agenda (PMA); to buy common goods and services as an enterprise to eliminate redundancies, increase efficiency, and to deliver more value and savings from the governments acquisition programs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/19/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003eE-Government Act\u003c/li\u003e\u003cli\u003eMEGABYTE Act of 2016\u003c/li\u003e\u003cli\u003eSection 508 of the Rehabilitation Act\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eFederal Accounting Standards Advisory Board (FASAB), Statement of Federal Financial Accounting Standards (SFFAS) No. 10, Accounting for Internal Use Software\u003c/li\u003e\u003cli\u003eFASAB, Federal Finacial Accounting Technical Release 16, Implementation Guidance for Internal Use Software\u003c/li\u003e\u003cli\u003eGAO 14-413\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-16-12\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-19-13\u003c/li\u003e\u003cli\u003eHHS FITARA Implementation-Revised HHS IT Governance Framework\u003c/li\u003e\u003cli\u003eHHS FITAR Implementation Plan\u003c/li\u003e\u003cli\u003eGAO audit recommendations of HHSs Telecommunications inventory management and IT Strategic Planning\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eVulnerability Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-08-009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the baseline requirements for maintaining and effective vulnerability management program to implement and support activities pertaining to vulnerability scanning and remediation and to continually manage risks impacting HHS IT resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/19/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eSection International Organization for Standardization (ISO) 27002\u003c/li\u003e\u003cli\u003eNIST S.P. 800-40\u003c/li\u003e\u003cli\u003eNIST S.P. 800-51\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-126\u003c/li\u003e\u003cli\u003eNIST S.P. 800-128\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eCyber Supply Chain Risk Management (C-SCRM)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-08-010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the baseline requirements for securing the information and communications technology (ICT) products and services supply chain in order to protect HHS information systems and information from the risks involving ICT procurement supply chain\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/18/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eSECURE Technology Act\u003c/li\u003e\u003cli\u003eBuy American Act\u003c/li\u003e\u003cli\u003ePublic Law 115-232 § 889\u003c/li\u003e\u003cli\u003eFASCSA 2018\u003c/li\u003e\u003cli\u003eComprehensive National Cybersecurity Initiative (CNCI)\u003c/li\u003e\u003cli\u003eCISA National Risk Management Center\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eNIST S.P. 800-161\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eHHS ISP2\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSection 508 Compliance and Accessibility of Information and Communications Technology (ICT)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2020-07-007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Implement uniformity and conformity of accessibility compliance across all of HHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCommunications Act of 1934\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003e36 CFR § 1193-1194\u003c/li\u003e\u003cli\u003eOMB M-17-06\u003c/li\u003e\u003cli\u003eOMB M-13-13\u003c/li\u003e\u003cli\u003eOMB M-16-20\u003c/li\u003e\u003cli\u003eOMB Memorandum, Improving the Accessibility of Government Information\u003c/li\u003e\u003cli\u003eOMB Strategic Plan for Improving Management of Section 508 of the Rehabilitation Act\u003c/li\u003e\u003cli\u003eRehabilitation Act of 1973\u003c/li\u003e\u003cli\u003eWorkforce Innovation and Opportunities Act\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Acquisition Reviews (ITAR)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2020-06-006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the HHS ITAR Program, which ensures HHS conducts its due diligence to manage and maintain oversight and governance over the procurement of IT therefore contributing to effective planning, budgeting, and execution of IT resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eNational Defense Authorization Act for Fiscal Year 2015\u003c/li\u003e\u003cli\u003eEO 13833\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-16-12\u003c/li\u003e\u003cli\u003eHHS FITARA Implementation-Revised HHS IT Governance Framework\u003c/li\u003e\u003cli\u003eHHS FITARA HHS Implementation Plan\u003c/li\u003e\u003cli\u003eHHS Memorandum for Record, HHS Chief Information Officer Delegation of Authorities to Operating Divsiion Chief Information Officers\u003c/li\u003e\u003cli\u003eHHS CPIC\u003c/li\u003e\u003cli\u003eHHS EPLC\u003c/li\u003e\u003cli\u003eHHS Procedures, Guidance and Instructions (PGI)\u003c/li\u003e\u003cli\u003eInformation Technology Decision Criteria and Clause Matrix\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy language\u003c/li\u003e\u003cli\u003eHHS Standard for Encryption of computing Devices and Information\u003c/li\u003e\u003cli\u003eHHS Minumun Security Configuration Standards Guidance\u003c/li\u003e\u003cli\u003eHHS Software Development Secure Coding Practices\u003c/li\u003e\u003cli\u003eHHS Directive for Acquisition Strategy\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePreparing for and Responding to a Breach\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-PIM-2020-05-003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Addresses OMB M-17-22, Preparing for and Responding to a Breach of PII, and sets forth the approach of HHS in preparing for and responding to breaches of PII in any medium or form\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\"\u003eCyberGeek - Risk Management Handbook Chapter 8: Incident Response (IR)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-20-04\u003c/li\u003e\u003cli\u003eOMB M-16-14\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePPD-41\u003c/li\u003e\u003cli\u003eNIST S.P. 800-34\u003c/li\u003e\u003cli\u003eNIST S.P. 800-61\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eUS-CERT Federal Incident Notification Guidelines\u003c/li\u003e\u003cli\u003eNational Cybersecurity and Communications Integration Center (NCCIC) Cyber Incident Scoring System\u003c/li\u003e\u003cli\u003eIdentity Protection Services (IPS) Multiple Award Blanket Purchase Agreement (BPA)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSecuring Wireless Local Area Networks\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-01-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Updates the requirements and specification for securing all HHS WLANs in compliance with the NIST S.P. 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs) and the Institute of Electrical and Electronic Engineers (IEEE) 802.11 WLANs standards\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/13/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-153\u003c/li\u003e\u003cli\u003eNIST S.P. 800-97\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Memorandum, Addendum to the HHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEnterprise Data Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-02-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the requirements for the efficient and secure management and protection of enterprise data\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/13/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-13-13\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eDomain Name System (DNS) and DNS Security Extensions (DNSSEC) Services\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2019-11-011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the minumum requirements for implementing the DNS and DNSEC services across the HHS and the OpDiv networks\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eDHS DNS Security Reference Architecture\u003c/li\u003e\u003cli\u003eNIST S.P. 800-81\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eDHS B.O.D. 19-01\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInternet and Email Security\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2019-10-009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the minimum requirements for securing the internet and email services throughout HHS, including OpDivs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-16-system-communications-protection\"\u003eCyberGeek - RMH Chapter 16: System \u0026amp; Communications Protection\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/email-encryption-requirements-cms\"\u003eCyberGeek - Email Encryption Requirements at CMS\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13800\u003c/li\u003e\u003cli\u003eOMB M-15-13\u003c/li\u003e\u003cli\u003eDHS B.O.D 19-01\u003c/li\u003e\u003cli\u003eDHS B.O.D 18-01\u003c/li\u003e\u003cli\u003eNIST S.P. 800-177\u003c/li\u003e\u003cli\u003eNIST S.P. 800-119\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC) Bureau of Consumer Protections, Businesses Can Help Stop Phishing and Protect their Brands Using Email Authentication\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior (ROB)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHigh Value Asset (HVA) Program\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2018-09-006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides HHS OpDivs and StaffDivs with the policy for governance of HHS HVAs along with the requirements for the identification, categorization, prioritization, reporting, assessment, and the remediation of finding of HVAs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-16-04\u003c/li\u003e\u003cli\u003eOMB M-19-02\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-13-13\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eDHS B.O.D. 18-02\u003c/li\u003e\u003cli\u003eCybersecurity Strategy and Implementation Plan for the Federal Civilian Government (CSIP)\u003c/li\u003e\u003cli\u003eCybersecurity National Action Plan (CNAP)\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Continuity of Operation Program\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy Language\u003c/li\u003e\u003cli\u003eSenior Accountable Official for Risk Management (SAORM) Designee for Department of Homeland Security B.O.D. 18-02 Securing HVAs\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMobile Devices and Removable Media\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2019-09-0005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Protects HHS information and information systems from risks related to the use of mobile devices for government businesses and the risks of using mobile devices to access HHS information systems remotely from outside of HHS facilities\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-5-configuration-management-cm\"\u003eCyberGeek - Risk Management Handbook Chapter 5: Configuration Management (CM)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-10-media-protection-mp\"\u003eCyberGeek - Risk Management Handbook Chapter 10: Media Protection (MP)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-access-control-handbook\"\u003eCyberGeek - CMS Access Control Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFederal Records Act of 1950\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-124\u003c/li\u003e\u003cli\u003eEO 13556\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior for Use of HHS Information and IT Resources Policy\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSoftware Development Secure Coding Practices\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2019-08-005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the minimum baseline secure coding practices that must be implemented to ensure secure code is “built in” in the early phases of the software development lifecycle in order to protect and secure all HHS information, IT systems, and networks\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMobile Applications Privacy Policy\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-PIM-2018-09-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Sets forth HHS policy for protecting privacy in HHS Mobile Applications\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eCOPPA 1998\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eOMB M-17-06\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB A-108\u003c/li\u003e\u003cli\u003eDigital Government: Building a 21st Century Platform to Better Serve the American People\u003c/li\u003e\u003cli\u003eNIST 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-163\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-61\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eHHS Policy and Plan for Preparing for and Responding to Breaches of PII\u003c/li\u003e\u003cli\u003eHHS Privacy Impact Assessment Guidance\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Privacy Impact Assessments (PIA)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology (IT) Policy for Enterprise Performance Life Cycle (EPLC)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2008-004.002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e All HHS IT projects shall be managed using the HHS EPLC Framework, including life cycle phases, reviews, deliverables, activities, responsibilities, and tailoring, regardless of the specific development methodology used\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.cms.gov/data-research/cms-information-technology/tlc\"\u003eCMS.gov - Target Life Cycle (TLC)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition\"\u003eCyberGeek - Risk Management Handbook Chapter 15: System \u0026amp; Services Acquisition\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-16-system-communications-protection\"\u003eCyberGeek - RMH Chapter 16: System \u0026amp; Communications Protection\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003eFederal Acquisition Certification-Program and Project Manager Program (FAC-P/PM)\u003c/li\u003e\u003cli\u003eHHS IT Capital Planning and Investment Control\u003c/li\u003e\u003cli\u003eHHS IRM Policy for Conducting IT Alternatives Analysis\u003c/li\u003e\u003cli\u003eHHS IT Performance Management (PfM)\u003c/li\u003e\u003cli\u003eHHS Enterprise Architecture (EA)\u003c/li\u003e\u003cli\u003eHHS IT System Inventory Management\u003c/li\u003e\u003cli\u003eHHS Records Mangement\u003c/li\u003e\u003cli\u003eHHS Implementing Email Records Management\u003c/li\u003e\u003cli\u003eHHS Section 508 and Accessibility of Technology and Communications Technology (ICT)\u003c/li\u003e\u003cli\u003eHHS Security Policies, Standards, Charters and Training Resources\u003c/li\u003e\u003cli\u003eHHS Incident Reporting, Policy and Incident Management Reference\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eGAO Cost Estimating and Assessment Guide\u003c/li\u003e\u003cli\u003eOMB M-05-23\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-127\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEnvironmental Practices of Electronics\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the framework for the implementation of sound environmental practices in the acquisition, operations and maintenance, and end-of-life management of HHS-purchased electronic products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/5/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Property Management\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13423\u003c/li\u003e\u003cli\u003eEO 13514\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eElectronic Stewardship\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2011-0002.001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the framework for the implementation of sound environmental practices in the acquisition, operations and maintenance, and end-of-life management of HHS-purchased electronic products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Property Management\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13423\u003c/li\u003e\u003cli\u003eEO 13514\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for FOIA Investigatory \u0026amp; Audit Matters\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides HHS staff with a policy for legal holds and to inform HHS staff about FOIA, investigatory, and audit matters that require holds on HHS records and other related documentary materials\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/26/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Freedom of Information Group\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFOIA\u003c/li\u003e\u003cli\u003e44 U.S.C Chapter 31\u003c/li\u003e\u003cli\u003e44 U.S.C Chapter 33\u003c/li\u003e\u003cli\u003e5 U.S.C Chapter 552\u003c/li\u003e\u003cli\u003e36 CFR Chapter XII, subchapter B\u003c/li\u003e\u003cli\u003eFederal Rules of Civil Procedure (FRCP)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for Networks Program Designated Agency Representatives\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2010-0005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Identifies and provides supplemental information in the establishment of titles, roles and responsibilities of Designated Agency Representatives (DARs) for the move from the FTS-2001 contract to the Networx contract and its transition program\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/10/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA) guidelines regarding Networx contracts, policies, and procedures\u003c/li\u003e\u003cli\u003eGSA DAR Guidelines for Network Services Contracts of the Office of ITS FAA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for Enterprise Architecture\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2008-0003.001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Outlines the roles and responsibilities for ensuring compliance with legislative and executive level guidance on Enterprise Architecture (EA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/7/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGRPA 1993\u003c/li\u003e\u003cli\u003eFASA V 1994\u003c/li\u003e\u003cli\u003ePRA 1995\u003c/li\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003eGovernment Paperwork Elimination Act of 1998\u003c/li\u003e\u003cli\u003eGISRA 2000\u003c/li\u003e\u003cli\u003eFISMA 2002\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eEO 13011\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-109\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-127\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-00-07\u003c/li\u003e\u003cli\u003eOMB M-97-02\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for eGov Forms\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2006-0003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensures that HHS maintains accurate form content for those HHS forms that are in the E-Gov Forms Catalogue, managed by the Small Business Administration (SBA) and the General Services Administration (GSA) under the Business Gateway (BG) initiative\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/7/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFederal Property and Administrative Services Act of 1949\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eSection 508 Rehabilitation Act\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act of 1980\u003c/li\u003e\u003cli\u003eInformation Quality Act\u003c/li\u003e\u003cli\u003e5 U.S.C. 552a(e)(1)\u003c/li\u003e\u003cli\u003e44 U.S.C. 3508\u003c/li\u003e\u003cli\u003eSmall Business Paperwork Relief Act of 2002\u003c/li\u003e\u003cli\u003e36 CFR Parts 1220-1238\u003c/li\u003e\u003cli\u003e5 CFR part 1320\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for HHSMail Change Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO 2006-0002.001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the policy for change management within the HHS HHSMail project\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eHHS Standards\u003c/h3\u003e\u003ch4\u003eHHS Standard for Plan of Action and Milestones (POAM) Management and Reporting\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2019-0002.001S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides OpDivs with the baseline standards and guidelines for properly documenting and managing POA\u0026amp;Ms and support the OpDivs in their development and management of POA\u0026amp;Ms within their respective organizations\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/3/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-plan-action-and-milestones-poam-handbook\"\u003eCyberGeek - CMS Plan of Action and Milestones (POA\u0026amp;M) Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eEO 13800\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-14-04\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Standard for System Inventory Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2018-0001.002S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides guidance and the baseline standards for maintaining a comprehensive inventory of all systems throughout HHS and enable management to have continuous accounting of all information systems and information assets\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/27/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Memorandum, FY15 Cybersecurity IT Priorities\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMinimum Security Configuration Standards Guidance\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2017-0001.001S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides personnel involved in configuring or connecting servers, workstations, or network devices to the HHS infrastructure with minimum security configuration standards for each respective device\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/5/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCyber Security Research and Development Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eCNSS Instruction No. 4009\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-52\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-60\u003c/li\u003e\u003cli\u003eNIST S.P. 800-70\u003c/li\u003e\u003cli\u003eNIST S.P. 800-115\u003c/li\u003e\u003cli\u003eNIST S.P. 800-128\u003c/li\u003e\u003cli\u003eNIST S.P. 800-152\u003c/li\u003e\u003cli\u003eNIST S.P. 800-175A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-179\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Minimum Security Configuration Standards for Palo Alto Networks\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2017-0001-002S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides OpDivs with specific technical configuration guidance for implementing the Palo Alto Networks Uniform Resource Locator (URL) filtering and Transport Layer Security (TLS) decryption solution\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/31/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-privacy-impact-assessment-pia-handbook\"\u003eCyberGeek - CMS Privacy Impact Assessment (PIA) Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eNIST S.P. 800-66\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eHHS Memoranda\u003c/h3\u003e\u003ch4\u003eHHS Approved Physical Access and Logical Access Authentication Mechanisms\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/15/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-access-control-handbook\"\u003eCyberGeek - CMS Access Control Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHSPD-12\u003c/li\u003e\u003cli\u003eOMB M-19-17\u003c/li\u003e\u003cli\u003eOMB M-22-09\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63-3\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63C\u003c/li\u003e\u003cli\u003eNIST S.P. 800-157\u003c/li\u003e\u003cli\u003eNIST S.P. 800-217\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eReminder of Existing HHS IT User Policies Relevant for Third-Party Generative AI Tools\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/20/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e40 U.S.C § 11319(b)(1)(A)\u003c/li\u003e\u003cli\u003e40 U.S.C § 11319\u003c/li\u003e\u003cli\u003e40 U.S.C § 11315(c)(2)\u003c/li\u003e\u003cli\u003eHHS Securing AI Technology\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior for Use of Information and IT Resources\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMemorandum M-23-13 “No TikTok on Government Devices” Implementation\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/31/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNo TikTok on Government Devices Act\u003c/li\u003e\u003cli\u003eOMB M-23-13\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eIS2P / NIST S.P. 800-53 Revision 5 - Compliance Timeline\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/20/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eHHS IS2P \u0026nbsp;\u003c/li\u003e\u003cli\u003eHHS Control Catalog\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eUpdated Department Standard Warning Banner for HHS Systems\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 9/12/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRescission of Outdated and Superseded Policy\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/9/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Control Catalog\u003c/li\u003e\u003cli\u003eHHS Minimum Security Configuration Standards Guidance\u003c/li\u003e\u003cli\u003eHHS Minimum Security Configuration Standards for Palo Alto Networks\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Social Security Number (SSN) Reduction and Elimination\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/10/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act of 1995\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eOMB M-07-16\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eEO 9397\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eHHS Sensitive PII Definition and Guidance\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eComplete Transition to IPv 6 Memorandum\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 4/29/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-21-07\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRoles \u0026amp; Repsonsibilities of OpDiv SOPs\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/3/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eImplementing Recommendations of the 9/11 Commission Act of 2007\u003c/li\u003e\u003cli\u003eEO 13636\u003c/li\u003e\u003cli\u003eEO 9397\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-20-04\u003c/li\u003e\u003cli\u003eOMB M-16-24\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-10-22\u003c/li\u003e\u003cli\u003eOMB M-07-16\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS IT Acquisition Reviews (ITAR)\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS High Value Asset (HVA) Program\u003c/li\u003e\u003cli\u003eHHS IT Procurements Security and Privacy Language\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003eHHS Mobile Applications Privacy Policy\u003c/li\u003e\u003cli\u003eHHS POA\u0026amp;M Standard\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eHHS Sensitive PII Definition and Guidance\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eUse of Government Furnished Equipment (GFE) During Foreign Travel\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 2/10/21\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Counterintelligence and Insider Threat - Foreign Travel\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140-2\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRescission of Security and Privacy Outdated and Superseded Policies\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/25/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS IT Security and Privacy Incident Reporting and Response\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Minimum Security Configurations Standards Guidance\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSensitive PII Definition and Guidance\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/4/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST S.P. 800-88\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAddendum to the HHS IS2P\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/24/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003ch4\u003eRequirement for Role-Based Training of Personnel with Significant Security Responsibilities\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/28/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/role-based-training-rbt\"\u003eCyberGeek - Role Based Training (RBT)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFCWAA 2015\u003c/li\u003e\u003cli\u003e5 CFR 930.301\u003c/li\u003e\u003cli\u003eNIST S.P. 800-181\u003c/li\u003e\u003cli\u003eNIST S.P. 800-16\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Cloud Computing and Federal Risk and Authorization Management Program Guidance\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/15/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/fedramp\"\u003eCyberGeek - Federal Risk and Authorization Management Program (FedRAMP)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFedRAMP\u003c/li\u003e\u003cli\u003eNIST S.P. 800-144\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eHHS Cloud Computing Strategy\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEnd-of-Life Operating Systems, Software and Applications Policy\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/19/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eFY15 Cybersecurity IT Priorities\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/1/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eEO 13636\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Usage of Unauthorized External Information Systems to Conduct Department Business Memorandum\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/8/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Security Data Warehouse Escalation Memorandum\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/15/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for Monitoring Employee Use of HHS IT Resources (2013)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/26/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIG Act 1978\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eWhistleblower Protection Act\u003c/li\u003e\u003cli\u003eFOIA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eDetermining Non-Sensitive Data on Mobile Computers/Devices\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/11/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-06-16\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eImplementation of OMB M-10-22 and M-10-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/21/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-10-22\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-07-16\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eResolving Security Audit Finding Disputes\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/13/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-08-21\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eUpdated Departmental Standard for the Definition of Sensitive Information\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/18/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003ch4\u003eApplicability of FISMA to HHS Grantees\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/29/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2002\u003c/li\u003e\u003cli\u003eOMB M-07-19\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eHHS Guides, Forms, and Templates\u003c/h3\u003e\u003ch4\u003eInformation Security \u0026amp; Privacy Certification Checklist\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/1/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition\"\u003eCyberGeek - Risk Management Handbook Chapter 15: System \u0026amp; Services Acquisition\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eNIST S.P. 800-60\u003c/li\u003e\u003cli\u003eNIST S.P. 800-88\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy Exception-Risk Based Decision Request\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/10/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e44 U.S. C, Sec. 3502\u003c/li\u003e\u003cli\u003eOMB A-127\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Guidance for Selection of e-Authentication Assurance Levels\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13681\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63-3\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63C\u003c/li\u003e\u003cli\u003eOMB M-04-04\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Guidance for e-Authentication RA Template\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-63\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63-3\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63C\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eCharter Establishing the EPLC Change Control Board\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e \u003ca href=\"https://www.cms.gov/data-research/cms-information-technology/tlc\"\u003eCMS.gov - Target Life Cycle\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eNon-Disclosure Agreement\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e N/A\u003c/p\u003e"])</script><script>self.__next_f.push([1,"19:T3796b,"])</script><script>self.__next_f.push([1,"\u003cp\u003eThere are federal laws, regulations, and policies outside of CMS that shape how security and privacy is managed inside CMS. This page contains a comprehensive list of these external requirements, and shows how they relate to the security and privacy policies and guidance at CMS.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDISCLAIMER:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003cem\u003eThe laws, regulations, standards, and guidelines provided herein are considered a work in progress and are subject to continuous updates. While we strive to ensure the accuracy and relevance of the information presented, it is important to note that legislative changes, regulatory updates, or evolving standards may impact the content provided. Users are encouraged to regularly check for the latest revisions and consult official sources to ensure compliance with the most current legal and regulatory requirements. The information offered is intended for general informational purposes only and should not be construed as legal advice. Any reliance on the content provided is at the user's own risk. We reserve the right to modify, amend, or update the information without prior notice.\u003c/em\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eQUESTIONS OR COMMENTS?\u003c/strong\u003e Check out CMS Slack channel:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://cmsgov.slack.com/archives/C06KFL4RSSC\"\u003e# cms_fed_laws_policies\u003c/a\u003e\u003c/p\u003e\u003ch2\u003eFederal Laws\u003c/h2\u003e\u003cp\u003eLaws are passed by both branches of Congress and signed by the President. Laws establish requirements or prohibitions. This list contains all federal laws that relate to information security and privacy at CMS.\u003c/p\u003e\u003ch3\u003eFISMA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.cisa.gov/topics/cyber-threats-and-advisories/federal-information-security-modernization-act\"\u003eFederal Information Security Modernization Act of 2014 (FISMA 2014\u003c/a\u003e)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eFederal legislation that defines a framework of guidelines and security standards to protect government information and operations\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eFISMA 2014 amends the FISMA of 2002\u003c/p\u003e\u003ch3\u003eThe Privacy Act of 1974\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.justice.gov/opcl/overview-privacy-act-1974-2020-edition/introduction\"\u003eThe Privacy Act of 1974\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eEstablishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Sep 1975\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eHIPAA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html\"\u003eHealth Insurance Portability and Accountability Act (HIPAA) of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eFederal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patients consent or knowledge\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eHHS issued the Privacy Rule and the Security Rule to implement the requirement of HIPAA\u003c/p\u003e\u003ch3\u003eE-Government Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.justice.gov/opcl/e-government-act-2002\"\u003eE-Government Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eImproves the management of Federal e-government services and processes involving the collection, maintenance, or dissemination of public or personal information\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eSection 208 requires Privacy Impact Assessments (PIAs)\u003c/p\u003e\u003ch3\u003eFedRAMP\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.fedramp.gov/program-basics/\"\u003eFederal Risk and Authorization Management Program (FedRAMP)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eA government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003e2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eJoint Authorization Board (JAB)\u003c/li\u003e\u003cli\u003eDepartment of Defense (DoD)\u003c/li\u003e\u003cli\u003eDepartment of Homeland Security (DHS)\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eComputer Matching and Privacy Protection Act of 1988\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.congress.gov/bill/100th-congress/senate-bill/496\"\u003eComputer Matching and Privacy Protection Act of 1988\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eRequires agencies engaged in computer matching activities to provide notice to individuals if their information is being disclosed to other federal and state agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eSep 1988\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eGovernment Accountability Office (GAO)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSection 508\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.section508.gov/manage/laws-and-policies/\"\u003eSection 508 of the Rehabilitation Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eA federal law that requires agencies to provide individuals with disabilities equal access to electronic information and data comparable to those who do not have disabilities, unless an undue burden would be imposed on the agency\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003e1988\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eU.S. Access Board\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eAmended in 2000\u003c/p\u003e\u003ch3\u003eHSPD-12\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.dhs.gov/homeland-security-presidential-directive-12\"\u003eHomeland Security Presidential Directive 12 (HSPD-12)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eA Government-wide standard for a secure and reliable form of identification issued by the Federal government to its employees and employees of Federal contractors for access to Federally-controlled facilities and Government information systems\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFASCSA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.congress.gov/bill/115th-congress/senate-bill/3085/text\"\u003eFederal Acquisition Supply Chain Security Act (FASCSA) of 2018\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eTo establish a Federal Acquisition Security Council and to provide executive agencies with authorities relating to mitigating supply chain risks in the procurement of information technology, and for other purposes\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eGovernment Accountability Office (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFITARA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.cio.gov/handbook/it-laws/fitara-2014/\"\u003eFederal Information Technology Acquisition Reform Act (FITARA) of 2014\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eStrengthens the role of agency Chief Information Officers (CIOs) and provided greater accountability for the delivery of IT capabilities across the Federal Government\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eOMB M-15-14 implements\u003c/p\u003e\u003ch3\u003eMMA of 2003\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.ssa.gov/privacy/pia/Medicare%20Modernization%20Act%20(MMA)%20FY07.htm\"\u003eMedicare Prescription Drug, Improvement, and Modernization Act (MMA) of 2003\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eAmended section 1144 of the Social Security Act to require the Commissioner of Social Security to conduct additional outreach efforts to identify individuals entitled to benefits, or enrolled under the Medicare program under Title XVIII, who may be eligible for transitional assistance under the Medicare Prescription Drug Discount Card Program and premium and cost-sharing subsidies under the Prescription Drug Card Part D Program\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Health and Human Services (HHS) - Centers for MEDICARE \u0026amp; MEDICAID Services (CMS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eBuy America Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.gao.gov/products/105519\"\u003eBuy America Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eRequires Federal agencies to procure domestic materials and products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApr 1978\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eGovernment Accountability Office (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eNo TikTok on Government Devices Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.congress.gov/bill/117th-congress/senate-bill/1143\"\u003eNo TikTok on Government Devices Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eRequires the social media video application TikTok to be removed from the information technology of federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFOIA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.foia.gov/\"\u003eFreedom of Information Act (FOIA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eProvides that any person has the right to request access to federal agency records or information except to the extent the records are protected from disclosure by any of nine exemptions contained in the law or by one of three special law enforcement record exclusions\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1967\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Justice (DOJ)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eIG Act of 1978\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.ignet.gov/content/inspector-general-act-1978\"\u003eInspectors General Act (IG Act) of 1978\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eCreates Inspector General positions and offices in more than a dozen specific departments and agencies. The Act gave these inspectors general the authority to review the internal documents of their departments or offices. They were given responsibility to investigate fraud, to give policy advice (5 U.S.C. § 404; IG Act, sec. 4), to handle certain complaints by employees, and to report to the heads of their agencies and to Congress on their activities every six months\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1978\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eDOTGOV Act of 2020\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.federalregister.gov/documents/2022/07/26/2022-15670/federal-management-regulation-fmr-internet-gov-domain\"\u003eDOTGOV Online Trust in Government Act of 2020\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eTransfers the DotGov internet domain program, as operated by the General Services Administration under title 41, Code of Federal Regulations, to DHS CISA. The Act also orders that on the date CISA begins operational administration of the DotGov internet domain program, the GSA Administrator shall rescind the requirements in part 102173 of title 41, Code of Federal Regulations applicable to any Federal, State, local, or territorial government entity, or other publicly controlled entity, including any Tribal government recognized by the Federal Government or a State government that is registering or operating a DotGov internet domain. Finally, the DOTGOV orders that in place of the requirements in part 102173 of title 41, Code of Federal Regulations, CISA, in consultation with the Director of Management and Budget (OMB), shall establish and publish a new set of requirements for the registration and operation of DotGov domains.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003ePart of the Consolidated Appropriations Act, 2021\u003c/p\u003e\u003ch3\u003eGovernment Performance and Results Act (GPRA) of 1993\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.federalreserve.gov/publications/gpra.htm\"\u003eGovernment Performance and Results Act (GPRA) of 1993\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to prepare a strategic plan covering a multiyear period and requires each agency to submit an annual performance plan and an annual performance report.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 1993\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Acquisition Streamlining Act (FASA) of 1994\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/103rd-congress/senate-bill/1587\"\u003eFederal Acquisition Streamlining Act (FASA) of 1994\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Streamlines the federal governments acquisition system and dramatically changes the way the government performs its contracting functions. Generally, the statute seeks to: (1) increase the governments reliance on commercial goods and services; (2) streamline the procurement process for high volume, low value acquisitions; (3) improve access by small businesses to government contracting opportunities; (4) improve the bid protest process; and (5) extend the Truth in Negotiations Act to civilian agencies and raise the threshold for submitting certified cost or pricing data under that Act.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1994\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePaperwork Reduction Act (PRA) of 1995\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/104th-congress/senate-bill/244\"\u003ePaperwork Reduction Act (PRA) of 1995\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires that agencies obtain Office of Management and Budget (OMB) approval before requesting most types of information from the public. “Information collections” include forms, interviews, and record keeping, to name a few categories.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 1995\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Financial Management Improvement Act of 1996\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/104th-congress/house-bill/4319\"\u003eFederal Financial Management Improvement Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Advances Federal financial management by ensuring that Federal financial management systems provide accurate, reliable, and timely financial management information to the governments managers.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eSep 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eClinger-Cohen Act of 1996\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/clinger-cohen-act/\"\u003eClinger-Cohen Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The IT Management Reform Act (ITMRA) and the Federal Acquisition Reform Act (FARA) together make up the Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Records Act (FRA) (Records Management Act of 1950)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://presidentialtransition.org/wp-content/uploads/sites/6/2020/11/Federal-Records-Act-Overview.pdf\"\u003eRecords Management Act of 1950 / Federal Records Act (FRA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Designed to ensure that institutional records of vital historical, fiscal and legal value are identified and preserved by the government, providing the public with a historical record of federal; decision-making.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1950\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eNational Archives and Records Administration (NARA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSection 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.acquisition.gov/Section-889-Policies\"\u003eSection 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prohibits the Federal Government from procuring or obtaining, or extending or renewing a contract to procure or obtain “any equipment, system, or service that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system,” on or after August 13, 2019, unless an exception applies or a waiver is granted.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Defense (DoD)\u003c/li\u003e\u003cli\u003eNational Aeronautics and Space Administration (NASA)\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFITARA Enhancement Act of 2017\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/115th-congress/house-bill/3243\"\u003eFITARA Enhancement Act of 2017\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e An act to amend title 40, United States Code, to eliminate the sunset of certain provisions relating to information technology, to amend the National Defense Authorization Act for Fiscal Year 2015 to extend the sunset relating to the Federal Data Center Consolidation Initiative, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eMaking Electronic Government Accountable by Yielding Tangible Efficiencies (MEGABYTE) Act of 2016\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/114th-congress/house-bill/4904/text\"\u003eMaking Electronic Government Accountable by Yielding Tangible Efficiencies (MEGABYTE) Act of 2016\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the Director of the Office of Management and Budget to issue a directive on the management of software licenses by the US federal government.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eStrengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure (SECURE) Technology Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/115th-congress/house-bill/7327/text\"\u003eStrengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure (SECURE) Technology Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the Secretary of Homeland Security to establish a security vulnerability disclosure policy, to establish a bug bounty program for the Department of Homeland Security, to amend title 41, United States Code, to provide for Federal acquisition supply chain security, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eCommunications Act of 1934\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1288\"\u003eCommunications Act of 1934\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Combined and organized federal regulation of telephone, telegraph, and radio communications. The Act created the Federal Communications Commission (FCC) to oversee and regulate these industries. The Act is updated periodically to add provisions governing new communications technologies, such as broadcast, cable and satellite television.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJun 1934\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eFederal Communications Commission (FCC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eWorkforce Innovation and Opportunities Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.dol.gov/agencies/eta/wioa\"\u003eWorkforce Innovation and Opportunities Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Designed to strengthen and improve our nation's public workforce system and help get Americans, including youth and those with significant barriers to employment, into high-quality jobs and careers and help employers hire and retain skilled workers.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Labor (DOL)\u003c/li\u003e\u003cli\u003eDepartment of Education (ED)\u003c/li\u003e\u003cli\u003eDepartment of Health and Human Services (HHS)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eChildrens Online Privacy Protection Act (COPPA) of 1998\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa\"\u003eChildrens Online Privacy Protection Act (COPPA) of 1998\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApr 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eFederal Trade Commission (FTC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGovernment Paperwork Elimination Act of 1998\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/gpea/\"\u003eGovernment Paperwork Elimination Act of 1998\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e It requires Federal agencies, by October 21, 2003, to provide individuals or entities that deal with agencies the option to submit information or transact with the agency electronically, and to maintain records electronically, when practicable.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Property and Administrative Services Act of 1949\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/USCODE-2011-title40/html/USCODE-2011-title40-subtitleI-chap1.htm\"\u003eFederal Property and Administrative Services Act of 1949\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the General Services Administration (GSA). The act also provides for various Federal Standards to be published by the GSA.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1949\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eGeneral Services Administration (GSA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eInformation Quality Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/information-quality-act/\"\u003eInformation Quality Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the OMB to promulgate guidance to agencies ensuring the quality, objectivity, utility, and integrity of information (including statistical information) disseminated by Federal agencies.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSmall Business Paperwork Relief Act of 2002\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.sba.gov/document/policy-guidance--small-business-paperwork-relief-act-2002\"\u003eSmall Business Paperwork Relief Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Institutes a process to reduce paperwork, and introduces measures to make it easier for small businesses to comply with the law.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJun 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eCyber Security Research and Development Act of 2002\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/107th-congress/house-bill/3394\"\u003eCyber Security Research and Development Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Authorizes appropriations to the National Science Foundation (NSF) and to the Secretary of Commerce for the National Institute of Standards and Technology (NIST) to establish new programs, and to increase funding for certain current programs, for computer and network security (CNS) research and development and CNS research fellowships.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eNational Science Foundation (NSF)\u003c/li\u003e\u003cli\u003eNational Institute of Standards and Technology (NIST)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eImplementing Recommendations of the 9/11 Commission Act of 2007\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/110th-congress/house-bill/1\"\u003eImplementing Recommendations of the 9/11 Commission Act of 2007\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides for implementation of recommendations of the National Commission on Terrorist Attacks Upon the United States (9/11 Commission).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Cybersecurity Workforce Assessment Act (FCWAA) of 2015\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/113/plaws/publ246/PLAW-113publ246.pdf\"\u003eFederal Cybersecurity Workforce Assessment Act (FCWAA) of 2015\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the Secretary of Homeland Security to assess the cybersecurity workforce of the Department of Homeland Security and develop a comprehensive workforce strategy, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eWhistleblower Protection Act of 1989\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/101st-congress/senate-bill/20\"\u003eWhistleblower Protection Act of 1989\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prohibits retaliation against most executive branch employees when they blow the whistle on \u0026nbsp;ignificant agency wrongdoing or when they engage in protected conduct.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApr 1989\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Special Counsel\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eComputer Security Act of 1987\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/100th-congress/house-bill/145/all-info\"\u003eComputer Security Act of 1987\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides for a computer standards program within the National Bureau of Standards, to provide for Government-wide computer security, and to provide for the training in security matters of persons who are involved in the management, operation, and use of Federal computer systems, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJan 1988\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eNational Institute of Standards and Technology (NIST)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eOffice of Federal Procurement Policy Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/omb/management/office-federal-procurement-policy/\"\u003eOffice of Federal Procurement Policy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The Office of Federal Procurement Policy (OFPP) was established by Congress in 1974 to provide overall direction for government-wide procurement policies, regulations and procedures and to promote economy, efficiency, and effectiveness in acquisition processes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Aug 1974\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Activities Inventory Reform (FAIR) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/105/plaws/publ270/PLAW-105publ270.pdf\"\u003eFederal Activities Inventory Reform (FAIR) Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to submit to the Office of Management and Budget inventories of commercial activities performed by federal employees every year by June 30.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Oct 1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eBudget and Accounting Act of 1921\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/D03855.pdf\"\u003eBudget and Accounting Act of 1921\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides a national budget system and an independent audit of Government accounts, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jun 1921\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Managers' Financial Integrity Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/omb/financial_fmfia1982\"\u003eFederal Managers Financial Integrity Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the statutory basis for managements responsibility for and assessment of accounting and administrative internal controls. Such controls include program, operational, and administrative areas, as well as accounting and financial management.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Sep 1982\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eSarbanes-Oxley Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://sarbanes-oxley-act.com/\"\u003eSarbanes-Oxley Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Contains provisions affecting corporate governance, risk management, auditing, and financial reporting of public companies, including provisions intended to deter and punish corporate accounting fraud and corruption.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jul 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003ePublic Company Accounting Oversight Board (PCAOB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eDigital Accountability and Transparency Act (DATA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/113/plaws/publ101/PLAW-113publ101.pdf\"\u003eDigital Accountability and Transparency Act (DATA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to prepare and submit standardized, accurate information about their spending.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e May 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eDepartment of Treasury\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eElectronic Signatures in Global and National Commerce (E-Sign) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/PLAW-106publ229/pdf/PLAW-106publ229.pdf\"\u003eElectronic Signatures in Global and National Commerce (E-Sign) Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Facilitates the use of electronic records and signatures in interstate or foreign commerce.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jun 2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Commerce\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eSpecifies that, in the United States, the use of an electronic signature (e-signature) is as legally valid as a traditional signature written in ink on paper.\u003c/p\u003e\u003ch3\u003eChief Financial Officers Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cio.gov/handbook/it-laws/cfo-act/\"\u003eChief Financial Officers Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Gives OMB new authority and responsibility for directing federal financial management, modernizing the governments financial management systems, and strengthening financial reporting.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 1990\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eOffice of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eHomeland Security Act of 2002\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.dhs.gov/homeland-security-act-2002\"\u003eHomeland Security Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Established the Department of Homeland Security\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eNov 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eHealth Information Technology for Economic and Clinical Health (HITECH) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html\"\u003eHITECH Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Part of the American Recovery and Reinvestment Act of 2009 that incentivized the meaningful use of Electronic Health Records (EHRs) and strengthened the privacy and security provisions of HIPAA.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Health and Human Services (HHS)\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePatient Protection and Affordable Care Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/3590\"\u003ePatient Protection and Affordable Care Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensures that all Americans have access to quality, affordable health care and will create the transformation within the health care system necessary to contain costs.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMar 2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility: \u003c/strong\u003eDepartment of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGovernment Performance and Results Act (GPRA) Modernization Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/111/plaws/publ352/PLAW-111publ352.pdf\"\u003eGovernment Performance and Results Act (GPRA) Modernization Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e An amended version of the Government Performance and Results Act of 1993, it requires each executive agency to make its strategic plan available on its public website and to the OMB on the first Monday in February of any year following that in which the term of the President commences and to notify the President and Congress.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJan 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGenetic Information Nondiscrimination Act (GINA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/PLAW-110publ233/pdf/PLAW-110publ233.pdf\"\u003eGenetic Information Nondiscrimination Act (GINA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Protects individuals against discrimination based on their genetic information in health coverage and in employment.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eEconomy Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.acquisition.gov/node/29803/printable/pdf\"\u003eEconomy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Authorizes agencies to enter into agreements to obtain \u003cem\u003esupplies\u003c/em\u003e or services from another agency.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 1933\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Federal Acquistition Regulations (FAR)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eIPERIA\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/112/plaws/publ248/PLAW-112publ248.pdf\"\u003eImproper Payments Elimination and Recovery Improvement Act (IPERIA) of 2012\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides guidance on monitoring and reporting improper payments, and requires agencies to continue their review of programs and activities annually to identify those susceptible to significant improper payments and updates the definition of significant improper payments.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJan 2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eAntideficiency Act (ADA)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/legal/appropriations-law/resources\"\u003eAntideficiency Act (ADA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prohibits federal agencies from obligating or expending federal funds in advance or in excess of an appropriation, and from accepting voluntary services.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eSep 1982\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Government Accountability Offices (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eBudget Control Act of 2011\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/112/plaws/publ25/PLAW-112publ25.pdf\"\u003eBudget Control Act of 2011\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Amends the Balanced Budget and Emergency Deficit Control Act of 1985 (Gramm-Rudman-Hollings Act) to revise sequestration requirements for enforcement of discretionary spending limits (spending caps).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eAug 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Activities Inventory Reform (FAIR) Act of 1998\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/105/plaws/publ270/PLAW-105publ270.pdf\"\u003eFederal Activities Inventory Reform (FAIR) Act of 1998\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires federal agencies to submit to the Office of Management and Budget inventories of commercial activities performed by federal employees every year by June 30.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eTelework Enhancement Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/1722/text\"\u003eTelework Enhancement Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires the head of each executive agency to: (1) establish a policy under which eligible agency employees may be authorized to telework; (2) determine employee eligibility to participate in telework; and (3) notify all employees of their eligibility to telework.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOffice of Personnel Management (OPM)\u003c/li\u003e\u003cli\u003eFederal Emergency Management Agency (FEMA)\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eNational Archives and Records Administration (NARA)\u003c/li\u003e\u003cli\u003eOffice of Management and Budget (OMB)\u003c/li\u003e\u003cli\u003eDepartment of Homeland Security (DHS)\u003c/li\u003e\u003cli\u003eNational Institute of Standards and Technology (NIST)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePlain Writing Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/PLAW-111publ274/pdf/PLAW-111publ274.pdf\"\u003ePlain Writing Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the effectiveness and accountability of Federal agencies to the public by promoting clear Government communication that the public can understand and use.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Office of Management and Budget (OMB)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eConsolidated Appropriations Act of 2010\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/111/plaws/publ117/PLAW-111publ117.pdf\"\u003eConsolidated Appropriations Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e An act making appropriations for the Departments of Transportation, and Housing and Urban Development, and related agencies for the fiscal year ending September 30, 2010, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Dec 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/3288\"\u003eMultiple agencies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e Many agencies oversee the guidance for this Act\u003c/p\u003e\u003ch3\u003eAmerican Recovery and Reinvestment Act of 2009\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/1/text\"\u003eAmerican Recovery and Reinvestment Act of 2009\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Developed in response to the Great Recession, the primary objective of this federal statute was to save existing jobs and create new ones as soon as possible. Other objectives were to provide temporary relief programs for those most affected by the recession and invest in infrastructure, education, health, and renewable energy.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/111th-congress/house-bill/1\"\u003eMultiple agencies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e Many agencies oversee the guidance for this Act\u003c/p\u003e\u003ch3\u003eProject BioShield Act of 2004\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/108th-congress/senate-bill/15/text\"\u003eProject BioShield Act of 2004\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Project BioShield was established to help incentivize private industry to develop vitally needed medical countermeasures by providing multi-year funding to support advanced research, clinical development, manufacture and procurement.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003ePublic Health Service Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.ssa.gov/policy/docs/ssb/v7n8/v7n8p15.pdf\"\u003ePublic Health Service Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Consolidates and revises the laws relating to the Public Health Service.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eJul 1944\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Health and Human Services (HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003eIntelligence Reform and Terrorism Prevention Act of 2004\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/bill/108th-congress/senate-bill/2845/text\"\u003eIntelligence Reform and Terrorism Prevention Act of 2004\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Reforms the intelligence community and the intelligence and intelligence-related activities of the United States Government, and for other purposes.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Homeland Security (DHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003eElectronic Freedom of Information Act Amendments of 1996\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.congress.gov/104/plaws/publ231/PLAW-104publ231.htm\"\u003eElectronic Freedom of Information Act Amendments of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The Freedom of Information Act (FOIA) established the public's right of access to government information, on the basis of openness and accountability. The 1996 Electronic Freedom of Information Act (e-FOIA) Amendments extended these principles to include electronic access to information.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Oct 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Justice (DoJ)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003ch3\u003eClarifying Lawful Overseas Use of Data (CLOUD) Act\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2022/07/06/2022-14320/office-of-the-attorney-general-clarifying-lawful-overseas-use-of-data-act-attorney-general\"\u003eClarifying Lawful Overseas Use of Data (CLOUD) Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Lifts certain restrictions under U.S. law on companies disclosing electronic data, in response to qualifying, lawful orders in investigations of serious crime, directly to a qualifying foreign government with which the United States has entered into an executive agreement governing access by the foreign government to covered data.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jul 2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight responsibility:\u003c/strong\u003e Department of Justice (DoJ)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eFederal Regulations\u003c/h2\u003e\u003cp\u003eRegulations are published by executive branch agencies to clarify their interpretation of a law and how a law will be implemented. Regulations also state requirements or prohibitions. This list contains all federal regulations that relate to information security and privacy at CMS.\u003c/p\u003e\u003ch3\u003eB.O.D. 18-01\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/news-events/directives/bod-18-01-enhance-email-and-web-security\"\u003eBinding Operational Directive (B.O.D) 18-01: Enhance Email and Web Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Enhances the security of federal agencies' email and web systems to protect against cyber threats. The directive outlines specific actions that federal agencies must take to improve their email and web security posture, including implementing specific security protocols, enhancing monitoring capabilities, and strengthening authentication mechanisms.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Oct 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eB.O.D. 18-02\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.cisa.gov/news-events/directives/bod-18-02-securing-high-value-assets\"\u003eBinding Operation Directive (B.O.D.) 18-02 - Security High Value Assets (HVAs)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eEnhances the Department of Homeland Security's coordinated approach to securing the federal governments HVAs from cybersecurity threats\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eMay 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eFISMA 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eB.O.D. 20-01\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/news-events/directives/bod-20-01-develop-and-publish-vulnerability-disclosure-policy\"\u003eBinding Operation Directive (B.O.D) 20-01: Develop and Publish a Vulnerability Disclosure Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires each agency to develop and publish a vulnerability disclosure policy (VDP) and maintain supporting handling procedures.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Sep 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law:\u003c/strong\u003e OMB M-20-32\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.D. 19-01\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/news-events/directives/ed-19-01-mitigate-dns-infrastructure-tampering\"\u003eEmergency Directive (E.D.) 19-01: Mitigate DNS Infrastructure Tampering\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires agencies take near-term actions to mitigate risks from undiscovered tampering, enable agencies to prevent illegitimate DNS activity for their domains, and detect unauthorized certificates.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released:\u003c/strong\u003e Jan 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law:\u003c/strong\u003e Homeland Security Act of 2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Homeland Security (DHS) - Cybersecurity \u0026amp; Infrastructure Security Agency (CISA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eThe Privacy Rule\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html\"\u003eThe Privacy Rule\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eAssures that individuals' health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public's health and well being\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eDec 2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eHIPAA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Health and Human Services (DHHS or HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eRegulation that implements HIPAA requirements\u003c/p\u003e\u003ch3\u003eThe Security Rule\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html\"\u003eThe Security Rule\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003eEstablishes standards and safeguards for the secure handling of electronic protected health information (ePHI) by healthcare entities, aiming to ensure the confidentiality, integrity, and availability of sensitive health data\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eFeb 2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eHIPAA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Health and Human Services (DHHS or HHS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eRegulation that implements HIPAA requirements\u003c/p\u003e\u003ch3\u003eFAR\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.acquisition.gov/sites/default/files/current/far/pdf/FAR.pdf\"\u003eFederal Acquisition Regulation (FAR)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription: \u003c/strong\u003ePrimary regulation for use by all executive agencies in their acquisition of supplies and services with appropriated funds\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eApril 1984\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eCompetition in Contracting Act of 1984 - FAR: Title 48 of the Code of Federal Regulations (CFR).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eGeneral Services Administration (GSA), Department of \u0026nbsp;Defense (DOD), \u0026amp; National Aeronautics and Space Administration (NASA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFederal Accounting Standards Advisory Board (FASAB)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://fasab.gov/accounting-standards/\"\u003eFederal Accounting Standards Advisory Board (FASAB)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Primary regulation for use by all executive agencies in their acquisition of supplies and services with appropriated funds\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate released: \u003c/strong\u003eOct 1990\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements Law: \u003c/strong\u003eCompetition in Contracting Act of 1984 - FAR: Title 48 of the Code of Federal Regulations (CFR).\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAgency: \u003c/strong\u003eDepartment of Treasury, Office of Management and Budget (OMB), \u0026amp; Government Accountability Office (GAO)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eFederal Information Processing Standards (FIPS) Publications\u003c/h2\u003e\u003cp\u003eFederal Information Processing Standards (FIPS) are standards and guidelines for federal computer systems that are developed by \u003ca href=\"https://security.cms.gov/learn/national-institute-standards-and-technology-nist\"\u003eNational Institute of Standards and Technology (NIST)\u003c/a\u003e in accordance with the \u003ca href=\"https://security.cms.gov/learn/federal-information-security-modernization-act-fisma\"\u003eFederal Information Security Management Act (FISMA)\u003c/a\u003e and approved by the Secretary of Commerce.\u003c/p\u003e\u003cp\u003eFIPS Standards can be viewed and downloaded from the NIST Computer Security Resource Center (CSRC) website here: \u003ca href=\"https://csrc.nist.gov/publications/fips\"\u003eFIPS publications\u003c/a\u003e\u003c/p\u003e\u003cp\u003eAnswers to Frequently Asked Questions about FIPS can be found on the NIST website here: \u003ca href=\"https://www.nist.gov/standardsgov/compliance-faqs-federal-information-processing-standards-fips\"\u003eFIPS FAQs\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThis list contains all FIPS publications that relate to information security and privacy at CMS.\u003c/p\u003e\u003ch3\u003eFIPS-202\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/202/final\"\u003eSHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e8/4/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 201-3\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/201-3/final\"\u003ePersonal Identity Verification (PIV) of Federal Employees and Contractors\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e1/24/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 200\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/200/final\"\u003eMinimum Security Requirements for Federal Information and Information Systems\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e3/1/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 199\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/199/final\"\u003eStandards for Security Categorization of Federal Information and Information Systems\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e2/1/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 198-1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/198-1/final\"\u003eThe Keyed-Hash Message Authentication Code (HMAC)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e7/16/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 197\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/197/final\"\u003eAdvanced Encryption Standard (AES)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e5/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 186-5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/186-5/final\"\u003eDigital Signature Standard (DSS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e2/13/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 180-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/180-4/upd1/final\"\u003eSecure Hash Standard (SHS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e8/4/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFIPS 140-3\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://csrc.nist.gov/pubs/fips/140-3/final\"\u003eSecurity Requirements for Cryptographic Modules\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eStatus: \u003c/strong\u003eFinal\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eRelease Date: \u003c/strong\u003e3/22/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eSuperseded by:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eNIST S.P. Guidelines\u003c/h2\u003e\u003cp\u003eFIPS Publications may reference specific NIST Special Publications (S.P.) guidelines (SP800) and/or practices (SP1800), in which that guideline or practice becomes a governance policy for CMS FISMA systems.\u003c/p\u003e\u003cp\u003eAll NIST Special Publications (SP 500, SP800 and SP1800) can be viewed and downloaded from the NIST Computer Security Resource Center (CSRC) website here: \u003ca href=\"https://csrc.nist.gov/publications/sp\"\u003eNIST S.P. list\u003c/a\u003e\u003c/p\u003e\u003cp\u003eNIST S.P. descriptions can be found on the NIST website here: \u003ca href=\"https://www.nist.gov/nist-research-library/nist-special-publication-subseries-descriptions\"\u003eNIST S.P. descriptions\u003c/a\u003e\u003c/p\u003e\u003cp\u003eThe following list consists of NIST S.P.s that are CMS FISMA governance policy by way of FIPS references.\u003c/p\u003e\u003ch3\u003e500-267A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-267Ar1.pdf\"\u003eNIST IPv6 Profile\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e500-267B\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-267Br1.pdf\"\u003eUSGv6 Profile\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e500-281A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=929798\"\u003eUSGv6 Test Program Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e500-281B\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.500-281Br1.pdf\"\u003eUSGv6 Test Methods: General Description and Validation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-16\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/16/final\"\u003eInformation Technology Security Training Requirements: a Role- and Performance-Based Model\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-18 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/18/r1/final\"\u003eGuide for Developing Security Plans for Federal Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 200\u003c/p\u003e\u003ch3\u003e800-30\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/30/r1/final\"\u003eGuide for Conducting Risk Assessments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-34\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://www.nist.gov/privacy-framework/nist-sp-800-34\"\u003eContingency Planning Guide for Federal Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-37 Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/37/r2/final\"\u003eRisk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-38 (A-G)\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/publications/sp800\"\u003eRecommendation for Block Cipher Modes: *\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 197\u003c/p\u003e\u003ch3\u003e800-39\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/39/final\"\u003eManaging Information Security Risk: Organization, Mission, and Information System View\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-40\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/40/r4/final\"\u003eGuide to Enterprise Patch Management Planning: Preventive Maintenance for Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-41\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/41/r1/final\"\u003eGuidelines on Firewalls and Firewall Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-46\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/46/r2/final\"\u003eGuide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-50\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/50/final\"\u003eBuilding an Information Technology Security Awareness and Training Program\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-51\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/51/r1/final\"\u003eGuide to Using Vulnerability Naming Schemes\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-52\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/52/r2/final\"\u003eGuidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-53 Rev. 5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final\"\u003eSecurity and Privacy Controls for Information Systems and Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-53A Rev. 5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/a/r5/final\"\u003eAssessing Security and Privacy Controls in Information Systems and\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/a/r5/final\"\u003eOrganizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-56A\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/56/a/r3/final\"\u003eRecommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-56B Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/56/b/r2/final\"\u003eRecommendation for Pair-Wise Key-Establishment Using Integer Factorization Cryptography\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-57 Part 1 Rev. 5\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/57/pt1/r5/final\"\u003eRecommendation for Key Management - Part 1: General\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-57 Part 3 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/57/pt3/r1/final\"\u003eRecommendation for Key Management, Part 3: Application-Specific Key Management Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-59\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/59/final\"\u003eGuideline for Identifying an Information System as a National Security System\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-60 Vol. 1 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/60/v1/r1/final\"\u003eGuide for Mapping Types of Information and Information Systems to Security Categories\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 200\u003c/p\u003e\u003ch3\u003e800-61\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/61/r2/final\"\u003eComputer Security Incident Handling Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-63-3\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/3/upd2/final\"\u003eDigital Identity Guidelines\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-63A\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/a/upd2/final\"\u003eDigital Identity Guidelines: Enrollment and Identity Proofing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-63B\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/b/upd2/final\"\u003eDigital Identity Guidelines: Authentication and Lifecycle Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-63C\u0026nbsp;\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/63/c/upd2/final\"\u003eDigital Identity Guidelines: Federation and Assertions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-70\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/70/r4/final\"\u003eNational Checklist Program for IT Products: Guidelines for Checklist Users and Developers\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-73-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/73/4/upd1/final\"\u003eInterfaces for Personal Identity Verification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-76-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/76/2/final\"\u003eBiometric Specifications for Personal Identity Verification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-78-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/78/4/final\"\u003eCryptographic Algorithms and Key Sizes for Personal Identity Verification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-79-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/79/2/final\"\u003eGuidelines for the Authorization of Personal Identity Verification Card Issuers (PCI) and Derived PIV Credential Issuers (DPCI)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-81\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/81/2/final\"\u003eSecure Domain Name System (DNS) Deployment Guide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-85A-4\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/85/a/4/final\"\u003ePIV Card Application and Middleware Interface Test Guidelines (SP 800-73-4 Compliance)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-87 Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/87/r2/final\"\u003eCodes for Identification of Federal and Federally-Assisted Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-88\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/88/r1/final\"\u003eGuidelines for Media Sanitization\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-89\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/89/final\"\u003eRecommendation for Obtaining Assurances for Digital Signature\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://csrc.nist.gov/pubs/sp/800/89/final\"\u003eApplications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-90A Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/90/a/r1/final\"\u003eRecommendation for Random Number Generation Using Deterministic Random Bit Generators\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-94\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/94/final\"\u003eGuide to Intrusion Detection and Prevention Systems (IDPS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-96\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/96/final\"\u003ePIV Card to Reader Interoperability Guidelines\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-97\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/97/final\"\u003eEstablishing Wireless Robust Security Networks: A Guide to IEEE 802.11i\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-102\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/102/final\"\u003eRecommendation for Digital Signature Timeliness\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-107\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/107/r1/final\"\u003eRecommendation for Applications Using Approved Hash Algorithms\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003cli\u003eFIPS 202\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-111\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/111/final\"\u003eGuide to Storage Encryption Technologies for End User Devices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 197\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-115\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/115/final\"\u003eTechnical Guide to Information Security Testing and Assessment\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-116 Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/116/r1/final\"\u003eGuidelines for the Use of PIV Credentials in Facility Access\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-119\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/119/final\"\u003eGuidelines for the Secure Deployment of IPv6\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-122\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/122/final\"\u003eGuide to Protecting the Confidentiality of Personally Identifiable Information (PII)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-124\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/124/r2/final\"\u003eGuidelines for Managing the Security of Mobile Devices in the Enterprise\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-126\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/126/r3/final\"\u003eThe Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.3\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-128\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/128/upd1/final\"\u003eGuide for Security-Focused Configuration Management of Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-131A Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/131/a/r2/final\"\u003eTransitioning the Use of Cryptographic Algorithms and Key Lengths\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-133 Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/133/r2/final\"\u003eRecommendation for Cryptographic Key Generation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 197\u003c/p\u003e\u003ch3\u003e800-137\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/137/final\"\u003eInformation Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-140\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/final\"\u003eFIPS 140-3 Derived Test Requirements (DTR): CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/a/final\"\u003eCMVP Documentation Requirements: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140B Rev. 1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/b/r1/final\"\u003eCryptographic Module Validation Program (CMVP) Security Policy Requirements: CMVP Validation Authority Updates to ISO/IEC 24759 and ISO/IEC 19790 Annex B\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140C Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/c/r2/final\"\u003eCryptographic Module Validation Program (CMVP)-Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140D Rev. 2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/d/r2/final\"\u003eCryptographic Module Validation Program (CMVP)-Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140E\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/e/final\"\u003eCMVP Approved Authentication Mechanisms: CMVP Validation Authority Requirements for ISO/IEC 19790 Annex E and ISO/IEC 24579 Section 6.17\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-140F\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/140/f/final\"\u003eCMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-144\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/144/final\"\u003eGuidelines on Security and Privacy in Public Cloud Computing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-145\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/145/final\"\u003eThe NIST Definition of Cloud Computing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-152\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/152/final\"\u003eA Profile for U.S. Federal Cryptographic Key Management Systems (CKMS)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 197\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-153\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/153/final\"\u003eGuidelines for Securing Wireless Local Area Networks (WLANs)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-156\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/156/final\"\u003eRepresentation of PIV Chain-of-Trust for Import and Export\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-157\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/157/final\"\u003eGuidelines for Derived Personal Identity Verification (PIV) Credentials\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-157\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/157/final\"\u003eGuidelines for Derived Personal Identity Verification (PIV) Credentials\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-163\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/163/r1/final\"\u003eVetting the Security of Mobile Applications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-167\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/167/final\"\u003eGuide to Application Whitelisting\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 140\u003c/p\u003e\u003ch3\u003e800-171\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final\"\u003eProtecting Controlled Unclassified Information in Nonfederal Systems and Organizations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-175A\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/175/a/final\"\u003eGuideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-175B\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/175/b/r1/final\"\u003eGuideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 180\u003c/li\u003e\u003cli\u003eFIPS 186\u003c/li\u003e\u003cli\u003eFIPS 197\u003c/li\u003e\u003cli\u003eFIPS 198\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 202\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-177\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/177/r1/final\"\u003eTrustworthy Email\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eFIPS 201\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e800-181\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/181/r1/final\"\u003eWorkforce Framework for Cybersecurity (NICE Framework)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e800-186\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/186/final\"\u003eRecommendations for Discrete-Logarithm Based Cryptography: Elliptic Curve Domain Parameters\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 186\u003c/p\u003e\u003ch3\u003e800-207\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/207/final\"\u003eZero Trust Architecture\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 199\u003c/p\u003e\u003ch3\u003e800-217\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/217/ipd\"\u003eGuidelines for the Use of Personal Identity Verification (PIV) Credentials with Federation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e FIPS 201\u003c/p\u003e\u003ch3\u003e800-219\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle\u003c/strong\u003e: \u003ca href=\"https://csrc.nist.gov/pubs/sp/800/219/r1/final\"\u003eAutomated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFIPS Reference:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eExecutive Orders (E.O.)\u003c/h2\u003e\u003cp\u003eAn Executive Order (E.O.) is a signed, written, and published directive from the President of the United States that manages operations of the federal government. They are numbered consecutively, so executive orders may be referenced by their assigned number, or their topic. This list contains all E.O.s that relate to information security and privacy.\u003c/p\u003e\u003ch3\u003eE.O 9397\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.ssa.gov/foia/html/EO9397.htm\"\u003eNumbering System for Federal Accounts Relating to Individual Persons\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes a centralized numbering system for federal accounts relating to individual persons in the United States.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e November 30, 1943\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Social Security Administration (SSA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 11609\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.archives.gov/federal-register/codification/executive-order/11609.html\"\u003eDelegating certain functions vested in the President to other officers of the Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Grants certain, presidential authorities to the GSA without approval, ratification, or other action of the President.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 22, 1971\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e General Services Administration (GSA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13011\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.govinfo.gov/content/pkg/CFR-1997-title3-vol1/html/CFR-1997-title3-vol1-eo13011.htm\"\u003eFederal Information Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Aimed to improve the management and utilization of IT resources across federal agencies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 16, 1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eDHS\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eE.O 13381\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2005/06/30/05-13098/strengthening-processes-relating-to-determining-eligibility-for-access-to-classified-national\"\u003eStrengthening Processes Relating to Determining Eligibility for Access to Classified National Security Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Assists in determining eligibility for access to classified national security information, while taking appropriate account of title III of Public Law 108-458\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jun 2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13402\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2006/05/15/06-4552/strengthening-federal-efforts-to-protect-against-identity-theft\"\u003eStrengthening Federal Efforts To Protect Against Identity Theft\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Strengthens efforts to protect against identity theft\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13439\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2007/07/20/07-3593/establishing-an-interagency-working-group-on-import-safety\"\u003eEstablishing an Interagency Working Group on Import Safety\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensures that the executive branch takes all appropriate steps to promote the safety of imported products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jul 2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e HHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13520\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/executive-order-reducing-improper-payments\"\u003eReducing Improper Payments and Eliminating Waste in Federal Programs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Reduces payment errors and eliminating waste, fraud, and abuse in Federal programs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Nov 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13526\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.archives.gov/isoo/policy-documents/cnsi-eo.html\"\u003eClassified National Security Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Prescribes a uniform system for classifying, safeguarding, and declassifying national security information, including information relating to defense against transnational terrorism\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Dec 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Information Security Oversight Office\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13556\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.commerce.gov/sites/default/files/2022-02/Controlled-Unclassified-Information-Policy.pdf\"\u003eControlled Unclassified Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes an open and uniform program for managing unclassified information requiring safeguarding or dissemination controls pursuant to and consistent with law, regulations, and Government-wide policies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Aug 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e National Archives \u0026amp; Records Administration (NARA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13571\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/04/27/executive-order-13571-streamlining-service-delivery-and-improving-custom\"\u003eStreamlining Service Delivery and Improving Customer Service\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the quality of service to the public by the Federal Government\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Apr 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13576\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/06/13/executive-order-13576-delivering-efficient-effective-and-accountable-gov\"\u003eDelivering an Efficient, Effective, and Accountable Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Aims to cut waste, streamline Government operations, and reinforce the performance and management reform gains the Obama Administration has achieved\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jun 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13583\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/08/18/executive-order-13583-establishing-coordinated-government-wide-initiativ\"\u003eEstablishing a Coordinated Government-wide Initiative to Promote Diversity and Inclusion in the Federal Workforce\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Promotes the Federal workplace as a model of equal opportunity, diversity, and inclusion\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Aug 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOPM\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003ePresidents Management Council (PMC)\u003c/li\u003e\u003cli\u003eEqual Employment Opportunity Commission (EEOC)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13589\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/11/09/executive-order-13589-promoting-efficient-spending\"\u003ePromoting Efficient Spending\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Further promote efficient spending in the Federal Government\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Nov 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13636\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity\"\u003eImproving Critical Infrastructure Cybersecurity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Designed to increase the level of core capabilities for our critical infrastructure to manage cyber risk. It does this by focusing on three key areas: (1) information sharing, (2) privacy, and (3) the adoption of cybersecurity practices.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 12, 2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eDHS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13642\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2011/01/31/executive-order-13564-presidents-council-jobs-and-competitiveness\"\u003eThe President's Council on Jobs and Competitiveness\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Aims to strengthen the Nation's economy and ensure the competitiveness of the United States and to create jobs, opportunity, and prosperity for the American people by ensuring the availability of non partisan advice to the President from participants in and experts on the economy\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Jan 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Department of Treasury\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13681\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2014/10/17/executive-order-improving-security-consumer-financial-transactions\"\u003eImproving the Security of Consumer Financial Transactions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the security of consumer financial transactions in both the private and public sectors\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e October 17, 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Treasury\u003c/li\u003e\u003cli\u003eDepartment of Justice\u003c/li\u003e\u003cli\u003eDepartment of Commerce\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eSocial Security Administration (SSA)\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC)\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003eDHS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13719\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2016/02/09/executive-order-establishment-federal-privacy-council\"\u003eEstablishment of the Federal Privacy Council\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e The Federal Privacy Council is the principal interagency forum to improve the privacy practices of agencies and entities acting on their behalf.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 9, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e Federal Privacy Council (FPC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13800\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.cisa.gov/topics/cybersecurity-best-practices/executive-order-strengthening-cybersecurity-federal-networks-and-critical-infrastructure\"\u003eStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Modernizes federal information technology infrastructure, working with state and local government and private sector partners to more fully secure critical infrastructure, and collaborating with foreign allies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 11, 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13833\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2018/05/18/2018-10855/enhancing-the-effectiveness-of-agency-chief-information-officers\"\u003eEnhancing the Effectiveness of Agency Chief Information Officers\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Strengthens the role and responsibilities of Chief Information Officers (CIOs) within federal agencies to improve the efficiency and effectiveness of IT management\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 15, 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13834\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2018/05/22/2018-11101/efficient-federal-operations\"\u003eEfficient Federal Operations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Improves the efficiency, effectiveness, and accountability of federal agencies in managing their operations and resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 17, 2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e OMB\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13859\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2019/02/14/2019-02544/maintaining-american-leadership-in-artificial-intelligence\"\u003eMaintaining American Leadership in Artificial Intelligence\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Identifies five key lines of effort, including increasing AI research investment, unleashing Federal AI computing and data resources, setting AI technical standards, building Americas AI workforce, and engaging with international allies\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e Feb 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e National AI Initiative Office\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes: \u003c/strong\u003eTo oversee and implement the U.S. national AI strategy, the White House established the National Artificial Intelligence Initiative Office in early January 2021, in accordance with the National AI Initiative Act of 2020 (still a bill as of Feb 2024)\u003c/p\u003e\u003ch3\u003eE.O 13873\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2019/05/17/2019-10538/securing-the-information-and-communications-technology-and-services-supply-chain\"\u003eSecuring the Information and Communications Technology and Services Supply Chain\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Strengthens efforts to prevent foreign adversaries from exploiting vulnerabilities in the ICT supply chain and protect the vast amount of sensitive information being stored in and communicated through ICT products and services\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDepartment of Commerce\u003c/li\u003e\u003cli\u003eCISA\u003c/li\u003e\u003cli\u003eICT SCRM Task Force\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u0026nbsp;\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 13960\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2020/12/08/2020-27065/promoting-the-use-of-trustworthy-artificial-intelligence-in-the-federal-government\"\u003ePromoting the Use of Trustworthy Artificial Intelligence in the Federal Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes principles for the use of AI in the Federal Government, establishes a common policy for implementing the principles, directs agencies to catalogue their AI use cases\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e December 3, 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGeneral Services Administration (GSA)\u003c/li\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eOMB\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 14028\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity\"\u003eImproving the Nation's Cybersecurity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Charges multiple agencies, including NIST, with enhancing cybersecurity through a variety of initiatives related to the security and integrity of the software supply chain\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e NIST\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 14034\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.federalregister.gov/documents/2021/06/11/2021-12506/protecting-americans-sensitive-data-from-foreign-adversaries\"\u003eProtecting Americans' Sensitive Data From Foreign Adversaries\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Requires government agencies to issue regulations that prohibit, or otherwise restrict, certain categories of data transactions that pose an unacceptable risk to national security.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e June 2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB\u003c/li\u003e\u003cli\u003eDepartment of Justice\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eE.O 14110\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://crsreports.congress.gov/product/pdf/R/R47843\"\u003eSafe, Secure, and Trustworthy Development and Use of Artificial Intelligence\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes a government-wide effort to guide responsible artificial intelligence (AI) development and deployment through federal agency leadership, regulation of industry, and engagement with\u003cbr\u003einternational partners\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e October 30, 2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eOversight Responsibility:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST\u003c/li\u003e\u003cli\u003eOffice of Science and Technology Policy (OSTP)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eGovernment Accountability Office (GAO) and GAO Accounting and Information Management Division (AIMD)\u003c/h2\u003e\u003cp\u003eThe U.S. Government Accountability Office (GAO) provides Congress, the heads of executive agencies, and the public with timely, fact-based, non-partisan information that can be used to improve government and save taxpayers billions of dollars. The GAO reports provide findings from their audits.\u003c/p\u003e\u003ch3\u003eAIMD-10.1.13\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/aimd-10.1.13.pdf\"\u003eAssessing Risks and Returns: A Guide for Evaluating Federal Agencies IT Investment Decision-making\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 3, 1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePaperwork Reduction Act (PRA)\u003c/li\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eGovernment Performance and Results Act (GPRA)\u003c/li\u003e\u003cli\u003eChief Financial Officers Act\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 04-394G\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-04-394g.pdf\"\u003eInformation Technology Investment Management: A Framework for Assessing and Improving Process Maturity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e March 1, 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 05-471\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-05-471.pdf\"\u003eINTERNET PROTOCOL VERSION 6 - Federal Agencies Need to Plan for Transition and Manage\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://www.gao.gov/assets/gao-05-471.pdf\"\u003eSecurity Risks\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 20, 2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 13-87\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-04-394g.pdf\"\u003eInformation Technology Investment Management: A Framework for Assessing and Improving Process Maturity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e March 1, 2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 14-413\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/d14413.pdf\"\u003eFederal Software Licenses: Better Management Needed to Achieve Significant Savings Government-Wide\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e May 22, 2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 16-469\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-16-469.pdf\"\u003eInformation Technology Reform: Agencies Need to Increase Their Use of Incremental Development Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e August 16, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e FITARA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eGAO 20-195G\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gao.gov/assets/gao-20-195g.pdf\"\u003eCost Estimating and Assessment Guide: Best Practices for Developing and Managing Program Costs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e March 12, 2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAuthority:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eFederal Continuity Directives\u003c/h2\u003e\u003cp\u003eFederal Continuity Directives (FCDs) and Presidential Policy Directives (PPDs) and are both types of directives issued by the President of the United States to guide and coordinate specific policies, programs, and activities across the federal government.\u003c/p\u003e\u003cp\u003ePPDs are presidential statements that set forth national policies and decisions, while FCDs are agency-level directives aimed at ensuring the continuity and resilience of government operations during emergencies and crises.\u003c/p\u003e\u003ch3\u003eFCD-1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.gpo.gov/docs/default-source/accessibility-privacy-coop-files/January2017FCD1-2.pdf\"\u003eFederal Executive Branch National Continuity Program and Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e January 17, 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eFCD-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.fema.gov/sites/default/files/2020-07/Federal_Continuity_Directive-2_June132017.pdf\"\u003eFederal Executive Branch Mission Essential Functions and Candidate Primary Mission Essential Functions\u003c/a\u003e\u003cbr\u003e\u003ca href=\"https://www.fema.gov/sites/default/files/2020-07/Federal_Continuity_Directive-2_June132017.pdf\"\u003eIdentification and Submission Process\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e June 13, 2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-1\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://irp.fas.org/offdocs/ppd/ppd-1.pdf\"\u003eOrganization of the National Security Council System\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e February 13, 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e National Security Council (NSC)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-2\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://irp.fas.org/offdocs/ppd/ppd-2.pdf\"\u003eImplementation of the National Strategy for Countering Biological Threats\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e November 23, 2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e National Security Staff Executive Secretary\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-40\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.fema.gov/emergency-managers/national-preparedness/continuity/toolkit/chapter-1\"\u003eNational Continuity Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 15, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e Federal Emergency Management Agency (FEMA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003ePPD-41\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/the-press-office/2016/07/26/presidential-policy-directive-united-states-cyber-incident\"\u003eUnited States Cyber Incident Coordination\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e July 26, 2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Authority:\u003c/strong\u003e DHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eOMB Circulars\u003c/h2\u003e\u003cp\u003eOMB Circulars are a series of guidance documents issued by the Office of Management and Budget (OMB) of the United States federal government. They provide instructions, requirements, and policies for federal agencies in specific areas of financial management, budgeting, procurement, grants management, and administrative operations.\u003c/p\u003e\u003ch3\u003eA-11\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/06/a11.pdf\"\u003ePreparation, Submission, and Execution of the Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/11/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GRPA\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-19\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/Circular-019.pdf\"\u003eLegislative Coordination and Clearance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/20/1979\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Budget Control Act of 2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-76\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A76/a76_incl_tech_correction.pdf\"\u003ePerformance of Commercial Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/14/2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFederal Procurement Policy Act\u003c/li\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eEO 11609\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-94\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/11/CircularA-94.pdf\"\u003eGuidelines and Discount Rates for Benefit-Cost Analysis of Federal Programs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Budget and Accounting Act of 1921\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-108\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A108/omb_circular_a-108.pdf\"\u003eFederal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/1975\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act (PRA)\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-123\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/omb/circulars_a123_rev\"\u003eManagements Responsibility for Internal Control\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/21/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eSarbanes-Oxley Act\u003c/li\u003e\u003cli\u003eFederal Managers' Financial Integrity Act\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-130\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf\"\u003eManaging Information as a Strategic Resource\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/28/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eE-Government Act\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003ePRA\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eDigital Accountability and Transparency Act\u003c/li\u003e\u003cli\u003eElectronic Signatures in Global and National Commerce Act\u003c/li\u003e\u003cli\u003eGovernment Paperwork Elimination Act\u003c/li\u003e\u003cli\u003eGPRA\u003c/li\u003e\u003cli\u003eOffice of Federal Procurement Policy Act\u003c/li\u003e\u003cli\u003eBudget and Accounting Procedures Act\u003c/li\u003e\u003cli\u003eChief Financial Officers Act\u003c/li\u003e\u003cli\u003eEO 13719\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch3\u003eA-136\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2024/05/A-136-for-FY-2024.pdf\"\u003eFinancial Reporting Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/30/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eChief Financial Officers Act of 1990\u003c/li\u003e\u003cli\u003eGovernment Management Reform Act of 1994\u003c/li\u003e\u003cli\u003eAccountability of Tax Dollars Act of 2002\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003ch2\u003eOMB Memos\u003c/h2\u003e\u003cp\u003eThe Office of Management and Budget (OMB) memoranda provide Federal agencies with instructions and implementation guidance for specific management priorities or legislative requirements. They provide annual updates, such as for FISMA reporting requirements, or have longer term guidance for agency implementation.\u003c/p\u003e\u003ch3\u003e2024\u003c/h3\u003e\u003ch4\u003eM-24-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/12/M-24-08-Strengthening-Digital-Accessibility-and-the-Management-of-Section-508-of-the-Rehabilitation-Act.pdf\"\u003eStrengthening Digital Accessibility and the Management of Section 508 of the Rehabilitation Act (digital)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/21/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Section 508 of the Rehabilitation Act\u003c/p\u003e\u003ch4\u003eM-24-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/12/M-24-04-FY24-FISMA-Guidance.pdf\"\u003eFiscal Year 2024 Guidance on Federal Information Security and Privacy Management Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/4/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-24-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/10/M-24-02-Buy-America-Implementation-Guidance-Update.pdf\"\u003eImplementation Guidance on Application of Buy America Preference in Federal Financial Assistance Programs for Infrastructure\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/25/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Buy America Act\u003c/p\u003e\u003ch3\u003e2023\u003c/h3\u003e\u003ch4\u003eM-23-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/09/M-23-22-Delivering-a-Digital-First-Public-Experience.pdf\"\u003eDelivering a Digital-First Public Experience (digital)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/22/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e 21st Century Integrated Digital Experience Act\u003c/p\u003e\u003ch4\u003eM-23-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/08/M-23-20.pdf\"\u003eMulti-Agency Research and Development Priorities for the FY 2025 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/17/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-23-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-18-Administration-Cybersecurity-Priorities-for-the-FY-2025-Budget-s.pdf\"\u003eAdministration Cybersecurity Priorities for the FY 2025 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/27/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e National Cybersecurity Strategy (NCS)\u003c/p\u003e\u003ch4\u003eM-23-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-16-Update-to-M-22-18-Enhancing-Software-Security.pdf\"\u003eUpdate to Memorandum M-22-18, Enhancing the Security of the Software Supply Chain through Secure Software Development Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements: \u003c/strong\u003eE.O. 14028\u003c/p\u003e\u003ch4\u003eM-23-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/02/M-23-13-No-TikTok-on-Government-Devices-Implementation-Guidance_final.pdf\"\u003e“No TikTok on Government Devices” Implementation Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/27/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e No Tiktok on Government Devices\u003c/p\u003e\u003ch4\u003eM-23-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2023/02/M-23-10-DOTGOV-Act-Guidance.pdf\"\u003eThe Registration and Use of .gov Domains in the Federal Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/8/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e DOTGOV Online Trust in Government Act of 2020\u003c/p\u003e\u003ch4\u003eM-23-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/12/M_23_07-M-Memo-Electronic-Records_final.pdf\"\u003eUpdate to Transition to Electronic Records\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/23/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-23-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/11/M-23-02-M-Memo-on-Migrating-to-Post-Quantum-Cryptography.pdf\"\u003eMigrating to Post-Quantum Cryptography\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/18/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2022\u003c/h3\u003e\u003ch4\u003eM-22-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/09/M-22-18.pdf\"\u003eEnhancing the Security of the Software Supply Chain through Secure Software Development Practices\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/14/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-22-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/07/M-22-16.pdf\"\u003eAdministration Cybersecurity Priorities for the FY 2024 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/22/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch4\u003eM-22-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/07/M-22-15.pdf\"\u003eMulti-Agency Research and Development Priorities for the FY 2024 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/22/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-22-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf\"\u003eMoving the U.S. Government Toward Zero Trust Cybersecurity Principles\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/26/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-22-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/12/M-22-04-IG-Cooperation.pdf\"\u003ePromoting Accountability through Cooperation among Agencies and Inspectors General\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/3/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e IG Act\u003c/p\u003e\u003ch4\u003eM-22-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/10/M-22-01.pdf\"\u003eImproving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Systems through Endpoint Detection and Response\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/8/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch3\u003e2021\u003c/h3\u003e\u003ch4\u003eM-21-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/07/M-21-32-Multi-Agency-Research-and-Development-Prioirties-for-FY-2023-Budget-.pdf\"\u003eMulti-Agency Research and Development Priorities for the FY 2023 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/27/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-21-31\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf\"\u003eImproving the Federal Governments Investigative and Remediation Capabilities Related to Cybersecurity Incident\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/27/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch4\u003eM-21-30\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-30.pdf\"\u003eProtecting Critical Software Through Enhanced Security Measures\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/10/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 14028\u003c/p\u003e\u003ch4\u003eM-21-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-07.pdf\"\u003eCompleting the Transition to Internet Protocol Version 6 (IPv6)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/19/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FAR\u003c/p\u003e\u003ch4\u003eM-21-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-06.pdf\"\u003eGuidance for Regulation of Artificial Intelligence Applications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/17/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E.O. 13859\u003c/p\u003e\u003ch4\u003eM-21-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-05.pdf\"\u003eExtension of Data Center Optimization Initiative (DCOI)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/13/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch4\u003eM-21-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/11/M-21-04.pdf\"\u003eModernizing Access to and Consent for Disclosure of Records Subject to the Privacy Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/12/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e The Privacy Act of 1974\u003c/p\u003e\u003ch3\u003e2020\u003c/h3\u003e\u003ch4\u003eM-20-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/09/M-20-32.pdf\"\u003eImproving Vulnerability Identification, Management, and Remediation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/2/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA\u003c/p\u003e\u003ch4\u003eM-20-29\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/08/M-20-29.pdf\"\u003eR \u0026amp; D Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/14/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-20-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2020/03/M-20-19.pdf\"\u003eHarnessing Technology to Support Mission Continuity\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/22/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-20-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/11/M-20-04.pdf\"\u003eFiscal Year 2019-2020 Guidance on Federal Information Security and Privacy Management Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/19/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2019\u003c/h3\u003e\u003ch4\u003eM-19-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/09/M-19-26.pdf\"\u003eUpdate to the Trusted Internet Connections (TIC) Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/12/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-19-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/08/M-19-21-new-2.pdf\"\u003eTransition of Electronic Records\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/28/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e NARA\u003c/p\u003e\u003ch4\u003eM-19-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/06/M-19-19-Data-Centers.pdf\"\u003eUpdate to Data Center Optimization Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/25/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch4\u003eM-19-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/06/M-19-18.pdf\"\u003eFederal Data Strategy A Framework for Consistency\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/4/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-19-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/05/M-19-17.pdf\"\u003eEnabling Mission Delivery through Improved Identity, Credential, and Access Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/21/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-19-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2019/02/M-19-10.pdf\"\u003eGuidance for Achieving Interoperability with the National Freedom of Information Act (FOIA) Portal on FOIA.gov\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/12/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FOIA\u003c/p\u003e\u003ch4\u003eM-19-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/12/M-19-03.pdf\"\u003eStrengthening the Cybersecurity of Federal Agencies by enhancing the High Value Asset Program\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/10/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e High Value Asset (HVA) program\u003c/p\u003e\u003ch4\u003eM-19-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/10/M-19-02.pdf\"\u003eFiscal Year 2018-2019 Guidance on Federal Information Security and Privacy Management Requirements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/25/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE.O. 14028\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-19-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/10/M-19-01.pdf\"\u003eRequest for Agency Feedback on the Federal Data Strategy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/16/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Federal Data Strategy\u003c/p\u003e\u003ch3\u003e2018\u003c/h3\u003e\u003ch4\u003eM-18-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/09/M-18-26.pdf\"\u003eIncentivizing Workforce Participation and Expanding Recruitment Sources for the 2020 Decennial Census\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/28/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-18-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/07/M-18-22.pdf\"\u003eFY 2020 Administration Research and Development Budget Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/31/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-18-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2018/06/M-18-20.pdf\"\u003eAppendix C to OMB Circular No. A-123, Requirements for Payment Integrity Improvement\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/26/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch3\u003e2017\u003c/h3\u003e\u003ch4\u003eM-17-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-32.pdf\"\u003eTravel on Government-Owned Rented, Leased or Chartered Aircraft\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/29/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-126\u003c/p\u003e\u003ch4\u003eM-17-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-25.pdf\"\u003eReporting Guidance for Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/19/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-17-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-23.pdf\"\u003eGuidance on Regulatory Reform Accountability under Executive Order 13777, titled “Enforcing the Regulatory Reform Agenda”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/28/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13777\u003c/p\u003e\u003ch4\u003eM-17-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-22.pdf\"\u003eComprehensive Plan for Reforming the Federal Government and Reducing the Federal Civilian Workforce\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/12/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GPRA Modernization Act of 2010\u003c/p\u003e\u003ch4\u003eM-17-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-21-OMB.pdf\"\u003eImplementing Executive Order 13771, Titled “Reducing Regulation and Controlling Regulatory Costs”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/5/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13771\u003c/p\u003e\u003ch4\u003eM-17-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/M-17-19-OMB.pdf\"\u003eLegislative Coordination and Clearance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/28/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-19\u003c/p\u003e\u003ch4\u003eM-17-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-15.pdf\"\u003eRescission of Memoranda Relating to Identity Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/19/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-17-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-12_0.pdf\"\u003ePreparing for and Responding to a Breach of Personally Identifiable Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/3/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-17-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-09.pdf\"\u003eManagement of Federal High Value Assets\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/9/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eB.O.D. 18-02\u003c/li\u003e\u003cli\u003eHHS HVA Program\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-17-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-04.pdf\"\u003eAdditional Guidance for Data Act Implementation: Further Requirements For Reporting And Assuring Data Reliability\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/4/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e DATA Act\u003c/p\u003e\u003ch4\u003eM-17-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-03.pdf\"\u003eInstitutionalizing Hiring Excellence To Achieve Mission Outcomes\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/1/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda (PMA) Cross Agency Priority (CAP)\u003c/p\u003e\u003ch4\u003eM-17-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle: \u003c/strong\u003e\u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2017/m-17-02.pdf\"\u003ePrecision Medicine Initiative Privacy and Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/21/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eGenetic Information Nondiscrimination Act\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2016\u003c/h3\u003e\u003ch4\u003eM-16-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_24_0.pdf\"\u003eRole and Designation of Senior Agency Officials for Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/15/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13719\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-16-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_23.pdf\"\u003ePrioritizing Federal Investments in Promise Zones\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/2/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-16-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_21.pdf\"\u003eFederal Source Code Policy: Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/8/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger Cohen Act\u003c/p\u003e\u003ch4\u003eM-16-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-17.pdf\"\u003eOMB Circular No. A-123, Managements Responsibility for Enterprise Risk Management and Internal Control\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/15/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-16-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-15.pdf\"\u003eFederal Cybersecurity Workforce Strategy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/12/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-16-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-14.pdf\"\u003eCategory Management Policy 16-2: Providing Comprehensive Identity Protection Services, Identity Monitoring, and Data Breach Response\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-16-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-12_1.pdf\"\u003eCategory Management Policy 16-1: Improving the Acquisition and Management of Common Information Technology: Software Licensing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/2/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GAO 14-413\u003c/p\u003e\u003ch4\u003eM-16-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-11.pdf\"\u003eImproving Administrative Functions Through Shared Services\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/4/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Federal Cloud Computing Strategy - Cloud Smart\u003c/p\u003e\u003ch4\u003eM-16-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-08.pdf\"\u003eEstablishment of the Core Federal Services Council\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/30/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda (PMA) Cross Agency Priority (CAP)\u003c/p\u003e\u003ch4\u003eM-16-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-04.pdf\"\u003eCybersecurity Strategy and Implementation Plan (CSIP) for the Federal Civilian Government\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/30/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-16-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m-16-02.pdf\"\u003eCategory Management Policy 15-1: Improving the Acquisition and Management of Common Information Technology: Laptops and Desktops\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/16/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch3\u003e2015\u003c/h3\u003e\u003ch4\u003eM-15-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-18.pdf\"\u003eFiscal Year 2017 Budget Guidance for Countering Biological Threats Resource Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/9/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e PPD-2\u003c/p\u003e\u003ch4\u003eM-15-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-16.pdf\"\u003eMulti-Agency Science and Technology Priorities for the FY 2017 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/9/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-15-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-15.pdf\"\u003eImproving Statistical Activities through Interagency Collaboration\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/8/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Economy Act\u003c/p\u003e\u003ch4\u003eM-15-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-14.pdf\"\u003eManagement and Oversight of Federal Information Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/10/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FITARA\u003c/p\u003e\u003ch4\u003eM-15-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-13.pdf\"\u003ePolicy to Require Secure Connections across Federal Websites and Web Services\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/8/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-15-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-11.pdf\"\u003eFiscal Year 2017 Budget Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/1/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eDATA Act\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-15-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-09.pdf\"\u003eGuidance on Implementing the Federal Customer Service Awards Program\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/19/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13571\u003c/p\u003e\u003ch4\u003eM-15-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-07.pdf\"\u003eEstablishment of a Diversity and Inclusion in Government Council\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/6/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13583\u003c/p\u003e\u003ch4\u003eM-15-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15-02.pdf\"\u003eAppendix C to Circular No. A-123, Requirements for Effective Estimation and Remediation of Improper Payments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/20/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch3\u003e2014\u003c/h3\u003e\u003ch4\u003eM-14-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-17.pdf\"\u003eMetrics for Uniform Guidance (2 C.F.R. 200\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/30/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13520\u003c/p\u003e\u003ch4\u003eM-14-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-16.pdf\"\u003eGuidance on Managing Email\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/15/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Managing Government Records Directive of 2012\u003c/p\u003e\u003ch4\u003eM-14-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-15.pdf\"\u003eEnsuring That Employment and Training Programs Are Job-Driven\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/22/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-14.pdf\"\u003eFiscal Year 2016 Budget Guidance for Countering Biological Threats Resource Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e PPD-2\u003c/p\u003e\u003ch4\u003eM-14-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/M-14-13.pdf\"\u003eFiscal Year 2016 Budget Guidance for Combating Antibiotic Resistant Bacteria Resource Priorities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e PPD-1\u003c/p\u003e\u003ch4\u003eM-14-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-12.pdf\"\u003eManagement Agenda Priorities for the FY 2016 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-11.pdf\"\u003eScience and Technology Priorities for FY 2016 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-06.pdf\"\u003eGuidance for Providing and Using Administrative Data for Statistical Purposes\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/14/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-14-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-04.pdf\"\u003eFiscal Year 2013 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/18/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-14-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2014/m-14-03.pdf\"\u003eEnhancing the Security of Federal Information and Information Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/1/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GPRA Modernization Act 0f 2010\u003c/p\u003e\u003ch3\u003e2013\u003c/h3\u003e\u003ch4\u003eM-13-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-20.pdf\"\u003eProtecting Privacy while Reducing Improper Payments with the Do Not Pay Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/16/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIPERIA 2012\u003c/li\u003e\u003cli\u003eDo Not Pay (DNP) Initiative\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-13-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-17.pdf\"\u003eNext Steps in the Evidence and Innovation Agenda\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/26/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-13-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-16.pdf\"\u003eScience and Technology Priorities for the FY 2015 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/26/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-13-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-13.pdf\"\u003eOpen Data Policy Managing Information as an Asset\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/9/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13642\u003c/p\u003e\u003ch4\u003eM-13-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-10.pdf\"\u003eAntideficiency Act Implications of Certain Online Terms of Service Agreements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/4/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Antideficiency Act\u003c/p\u003e\u003ch4\u003eM-13-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-09.pdf\"\u003eFiscal Year 2013 PortfolioStat Guidance: Strengthening Federal IT Portfolio Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/27/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-13-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-06.pdf\"\u003eIssuance of the Sequestration Order Pursuant To Section 251A of the Balanced Budget and Emergency Deficit Control Act of 1985, as Amended\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/1/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Budget Control Act of 2011\u003c/p\u003e\u003ch4\u003eM-13-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2013/m-13-02_0.pdf\"\u003eImproving Acquisition through Strategic Sourcing\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/5/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e2012\u003c/h3\u003e\u003ch4\u003eM-12-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-20.pdf\"\u003eFY 2012 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/27/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-12-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-18.pdf\"\u003eManaging Government Records Directive\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/24/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidential Memorandum - Managing Government Records\u003c/p\u003e\u003ch4\u003eM-12-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-15.pdf\"\u003eScience and Technology Priorities for the FY 2014 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/6/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-12-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-14_1.pdf\"\u003eUse of Evidence and Evaluation in the 2014 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/18/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-12-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-12_0.pdf\"\u003ePromoting Efficient Spending to Support Agency Operations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/11/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13589\u003c/p\u003e\u003ch4\u003eM-12-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-11_1.pdf\"\u003eReducing Improper Payments through the “Do Not Pay List”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/12/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13520\u003c/p\u003e\u003ch4\u003eM-12-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-09_0.pdf\"\u003eFederal Activities Inventory Reform (FAIR) Act Submission for Fiscal Year 2012\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/26/2012\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-12-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2012/m-12-01.pdf\"\u003eCreation of the Council on Financial Assistance Reform\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/27/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13576\u003c/p\u003e\u003ch3\u003e2011\u003c/h3\u003e\u003ch4\u003eM-11-33\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-33.pdf\"\u003eFY 2011 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/14/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-11-27\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-27.pdf\"\u003eImplementing the Telework Enhancement Act of 2010: Security Guidelines\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/15/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Telework Enhancement Act of 2010\u003c/p\u003e\u003ch4\u003eM-11-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-26.pdf\"\u003eNew Fast-Track Process for Collecting Service Delivery Feedback Under the Paperwork Reduction Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/15/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003eM-11-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-21.pdf\"\u003eImplementing the Presidential Memorandum “Administrative Flexibility, Lower Costs, and Better Results for State, Local, and Tribal Governments”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/29/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidential Memorandum - Administrative Flexibility\u003c/p\u003e\u003ch4\u003eM-11-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-16.pdf\"\u003e2011 Issuance of Revised Parts I and II to Appendix C of OMB Circular A-123\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/14/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-11-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-15.pdf\"\u003e2011 Final Guidance on Implementing the Plain Writing Act of 2010\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/13/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Plain Writing Act of 2010\u003c/p\u003e\u003ch4\u003eM-11-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-11.pdf\"\u003eContinued Implementation of Homeland Security Presidential Directive (HSPD) 12Policy for a Common Identification Standard for Federal Employees and Contractors\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/3/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-11-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-08.pdf\"\u003eInitial Assessments of Safeguarding and Counterintelligence Postures for Classified National Security Information in Automated Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/3/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13526\u003c/p\u003e\u003ch4\u003eM-11-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-04.pdf\"\u003eIncreasing Efforts to Recapture Improper Payments by Intensifying and Expanding Payment Recapture Audits\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/16/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e IPERIA 2012\u003c/p\u003e\u003ch4\u003eM-11-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-02.pdf\"\u003eSharing Data While Protecting Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/3/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Privacy Act of 1974\u003c/p\u003e\u003ch4\u003eM-11-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2011/m11-01.pdf\"\u003ePilot Projects for the Partnership Fund for Program Integrity Innovation\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/19/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Consolidated Appropriations Act of 2010\u003c/p\u003e\u003ch3\u003e2010\u003c/h3\u003e\u003ch4\u003eM-10-34\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-34.pdf\"\u003eUpdated Guidance on the American Recovery and Reinvestment Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/24/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-30\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-30.pdf\"\u003eScience and Technology Priorities for the FY 2012 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-10-26\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m-10-26.pdf\"\u003eImmediate Review of Financial Systems IT Projects\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/28/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-10-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-23.pdf\"\u003eGuidance for Agency Use of Third-Party Websites and Applications\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/25/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003eM-10-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-22.pdf\"\u003eGuidance for Online Use of Web Measurement and Customization Technologies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/25/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB M-10-06\u003c/p\u003e\u003ch4\u003eM-10-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-21.pdf\"\u003eDeveloping Effective Place-Based Policies for the FY 2012 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/21/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-10-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-16.pdf\"\u003eGrants.gov Return to Normal Operations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/23/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-14.pdf\"\u003eUpdated Guidance on the American Recovery and Reinvestment Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/22/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-13.pdf\"\u003eIssuance of Part III to OMB Circular A-123, Appendix C\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/22/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-123\u003c/p\u003e\u003ch4\u003eM-10-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-10.pdf\"\u003eFederal Agency Coordination on Health Information Technology (HIT)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/19/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HITECH\u003c/p\u003e\u003ch4\u003eM-10-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-03.pdf\"\u003ePayments to State Grantees for their Administrative Costs for Recovery Act Funding Alternative Allocation Methodologies\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/13/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-10-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-01.pdf\"\u003eIncreased Emphasis on Program Evaluations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/7/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e2009\u003c/h3\u003e\u003ch4\u003eM-09-33\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-33.pdf\"\u003eTechnical Amendments to OMB Bulletin No. 07-04, Audit Requirements for Federal Financial Statements\u003c/a\u003e\u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2010/m10-01.pdf\"\u003eIncreased Emphasis on Program Evaluations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/23/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-136\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-09-32\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-32.pdf\"\u003eUpdate on the Trusted Internet Connections Initiative\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/16/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch4\u003eM-09-27\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-27.pdf\"\u003eScience and Technology Priorities for the FY 2011 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/4/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-09-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-18.pdf\"\u003ePayments to State Grantees for Administrative Costs of Recovery Act Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/11/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-17.pdf\"\u003eImproving Grants.gov\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/8/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-15.pdf\"\u003eUpdated Implementing Guidance for the American Recovery and Reinvestment Act of 2009\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/3/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-14.pdf\"\u003eRecovery Act Implementation Improving Grants.gov and Other Critical Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/9/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-14.pdf\"\u003eRecovery Act Implementation Improving Grants.gov and Other Critical Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/9/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch4\u003eM-09-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2009/m09-10.pdf\"\u003eInitial Implementing Guidance for the American Recovery and Reinvestment Act of 2009\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/18/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e American Recovery and Reinvestment Act of 2009\u003c/p\u003e\u003ch3\u003e2008\u003c/h3\u003e\u003ch4\u003eM-08-27\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-27.pdf\"\u003eGuidance for Trusted Internet Connection (TIC) Compliance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/30/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch4\u003eM-08-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-25.pdf\"\u003eGuidance for Completing FY 2008 Financial and Performance Reports\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/252008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-08-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-24.pdf\"\u003eTechnical Amendments to OMB Bulletin No. 07-04, Audit Requirements for Federal Financial Statements\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB Bulletin No. 07-04\u003c/p\u003e\u003ch4\u003eM-08-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-16.pdf\"\u003eGuidance for Trusted Internet Connection Statement of Capability Form (SOC)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/4/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch4\u003eM-08-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-15.pdf\"\u003eTools Available for Implementing Electronic Records Management\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/31/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-08-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-14.pdf\"\u003e2008 Inventories of Commercial and Inherently Governmental Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/26/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-08-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-13.pdf\"\u003eUpdate to Civilian Position Full Fringe Benefit Cost Factor, Federal Pay Raise Assumptions, and Inflation Factors used in OMB Circular No. A-76, “Performance of Commercial Activities”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/11/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements: \u003c/strong\u003eOMB A-76\u003c/p\u003e\u003ch4\u003eM-08-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-11.pdf\"\u003eCompetitive Sourcing Requirements in Division D of Public Law 110-161\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/20/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Consolidated Appropriations Act of 2010\u003c/p\u003e\u003ch4\u003eM-08-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-09.pdf\"\u003eNew FISMA Privacy Reporting Requirements for FY 2008\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/18/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-08-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2008/m08-05.pdf\"\u003eImplementation of Trusted Internet Connections (TIC)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/20/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Trusted Internet Connections Initiative\u003c/p\u003e\u003ch3\u003e2007\u003c/h3\u003e\u003ch4\u003eM-07-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-25.pdf\"\u003eBioShield Procurement Approval Anthrax Vaccine Adsorbed\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/20/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eProject BioShield Act of 2004\u003c/li\u003e\u003cli\u003ePublic Health Service Act\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-07-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-24.pdf\"\u003eUpdated Principles for Risk Analysis\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/19/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB Memorandum - Principles for Risk Analysis\u003c/p\u003e\u003ch4\u003eM-07-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-23.pdf\"\u003eRequiring Agency Use of the International Trade Data System\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/10/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13439\u003c/p\u003e\u003ch4\u003eM-07-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-21.pdf\"\u003eVerifying the Employment Eligibility of Federal Employees\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/10/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-07-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-20.pdf\"\u003eFY 2007 E-Government Act Reporting Instructions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/14/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-07-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-18.pdf\"\u003eEnsuring New Acquisitions Include Common Security Configurations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/1/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-07-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-16.pdf\"\u003eSafeguarding Against and Responding to the Breach of Personally Identifiable Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/22/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/business_migrations.pdf\"\u003eCompetition Framework for Human Resources Management Line of Business Migrations\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/18/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-07-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-14.pdf\"\u003e2007 Inventories of Commercial and Inherently Governmental Activities\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/3/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAIR Act\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-07-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2007/m07-02.pdf\"\u003eUpdate to Civilian Position Full Fringe Benefit Cost Factor, Federal Pay Raise Assumptions, Inflation Factors, and Tax Rates used in OMB Circular No. A-76, “Performance of Commercial Activities”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/31/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-76\u003c/p\u003e\u003ch3\u003e2006\u003c/h3\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/task_force_theft_memo.pdf\"\u003eRecommendations for Identity Theft Related Data Breach Notification\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/20/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13402\u003c/p\u003e\u003ch4\u003eM-06-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-25.pdf\"\u003eFY 2006 E-Government Act Reporting Instructions\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-06-21\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-21.pdf\"\u003eReciprocal Recognition of Existing Personnel Security Clearances\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/17/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 12958\u003c/p\u003e\u003ch4\u003eM-06-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-19.pdf\"\u003eReporting Incidents Involving Personally Identifiable Information Incorporating the Cost for Security in Agency Information Technology Investments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/12/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-06-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-18.pdf\"\u003eAcquisition of Products and Services for Implementation of HSPD-12\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/30/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-06-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m-06-15.pdf\"\u003eSafeguarding Personally Identifiable Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 5/22/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Privacy Act of 1974\u003c/p\u003e\u003ch4\u003eM-06-12\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-12.pdf\"\u003eFollow-up Memorandum on “Implementation of the Presidents Executive Order “Improving Agency Disclosure of Information”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/13/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FOIA\u003c/p\u003e\u003ch4\u003eM-06-06\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-06.pdf\"\u003eSample Privacy Documents for Agency Implementation of Homeland Security Presidential Directive (HSPD) 12\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/17/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-06-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-04.pdf\"\u003eImplementation of the Presidents Executive Order “Improving Agency Disclosure of Information”\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/30/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FOIA\u003c/p\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/reciprocal121205.pdf\"\u003eReciprocal Recognition of Existing Personnel Security Clearances\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/12/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Intelligence Reform and Terrorism Prevention Act of 2004\u003c/p\u003e\u003ch4\u003eM-06-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2006/m06-02.pdf\"\u003eImproving Public Access to and Dissemination of Government Information and Using the Federal Enterprise Architecture Data Reference Model\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/16/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2005\u003c/h3\u003e\u003ch4\u003eM-05-25\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-25.pdf\"\u003eSmartBUY Agreement with Oracle\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-05-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-24.pdf\"\u003eImplementation of Homeland Security Presidential Directive (HSPD) 12 Policy for a Common Identification Standard for Federal Employees and Contractors\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/25/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-05-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-23.pdf\"\u003eImproving Information Technology (IT) Project Planning and Execution\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/4/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-05-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-22.pdf\"\u003eTransition Planning for Internet Protocol Version 6 (IPv6)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/2/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GAO 05-471\u003c/p\u003e\u003ch4\u003eM-05-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-17.pdf\"\u003eAllocation of Responsibilities For Security Clearances Under the Executive Order, Strengthening Processes Relating to Determining Eligibility for Access to Classified National Security Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/30/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e EO 13381\u003c/p\u003e\u003ch4\u003eM-05-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-16.pdf\"\u003eRegulation on Maintaining Telecommunication Services During a Crisis or Emergency in Federally-owned Buildings\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/30/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Section 414 of the Transportation, Treasury, Independent Agencies, and General Government Appropriations Act\u003c/p\u003e\u003ch4\u003eM-05-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-08.pdf\"\u003eDesignation of Senior Agency Officials for Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/11/2005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Privacy Act of 1974\u003c/p\u003e\u003ch4\u003eM-05-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-05.pdf\"\u003eElectronic Signatures: How to Mitigate the Risk of Commercial Managed Services\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/20/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-05-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2005/m05-04.pdf\"\u003ePolicies for Federal Agency Public Websites\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/17/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch3\u003e2004\u003c/h3\u003e\u003ch4\u003eN/A\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-25_template.xls\"\u003eSection E — FY04 FISMA Reporting Template\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e FISMA 2014\u003c/p\u003e\u003ch4\u003eM-04-24\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://obamawhitehouse.archives.gov/omb/memoranda_fy04_m04-24/\"\u003eExpanded Electronic Government (E-Gov) Presidents Management Agenda (PMA) Scorecard Cost, Schedule and Performance Standard for Success\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/23/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda - Expanded Electronic Government (E-Gov) Initiative\u003c/p\u003e\u003ch4\u003eM-04-19\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-19.pdf\"\u003eInformation Technology (IT) Project Manager (PM) Qualification Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/21/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-04-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m-04-18.pdf\"\u003eMedicare Modernization Act and Federal Programs\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/19/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Medicare Prescription Drug, Improvement, and Modernization Act (MMA)\u003c/p\u003e\u003ch4\u003eM-04-16\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2004-M-04-16-Software-Acquisition-.pdf\"\u003eSoftware Acquisition\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/1/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-04-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m-04-15.pdf\"\u003eDevelopment of Homeland Security Presidential Directive(HSPD) 7 Critical Infrastructure Protection Plans to Protect Federal Critical Infrastructures and Key Resources\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/17/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e HSPD-12\u003c/p\u003e\u003ch4\u003eM-04-08\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-08.pdf\"\u003eMaximizing Use of SmartBuy and Avoiding Duplication of Agency Activities with the Presidents 24 E-Gov Initiatives\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/25/2004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Presidents Management Agenda - Expanded Electronic Government (E-Gov) Initiative\u003c/p\u003e\u003ch4\u003eM-04-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2004/m04-04.pdf\"\u003eE-Authentication Guidance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/16/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003ePaperwork Elimination Act of 1998\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e2003\u003c/h3\u003e\u003ch4\u003eM-03-22\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/203-M-03-22-OMB-Guidance-for-Implementing-the-Privacy-Provisions-of-the-E-Government-Act-of-2002-1.pdf\"\u003eOMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/16/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-03-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2003/m03-18.pdf\"\u003eImplementation Guidance for the E-Government Act of 2002\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/1/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Government Act of 2002\u003c/p\u003e\u003ch4\u003eM-03-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2003-M-03-04-Determination-Orders-Organizing-the-Department-of-Homeland-Security-1.pdf\"\u003eDetermination Orders Organizing the Department of Homeland Security\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/7/2003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Public Law 107-296 - Establishing the Department of Homeland Security\u003c/p\u003e\u003ch3\u003e2002\u003c/h3\u003e\u003ch4\u003eM-02-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2002/m02-14.pdf\"\u003eAdditional Information Requirements for Overseas Combating Terrorism and Homeland Security for the FY 2004 Budget\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/8/2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eM-02-11\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2002/m02-11.pdf\"\u003eDepartment of Homeland Security Transition Issues\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/16/2002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Public Law 107-296 - Establishing the Department of Homeland Security\u003c/p\u003e\u003ch4\u003eM-02-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2002-M-02-01-Guidance-for-Preparing-and-Submitting-Security-Plans-of-Action-and-Milestones-1.pdf\"\u003eGuidance for Preparing and Submitting Security Plans of Action and Milestones\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/17/2001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Government Information Security Reform Act\u003c/p\u003e\u003ch3\u003e2001\u003c/h3\u003e\u003ch4\u003eM-01-28\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2001-M-01-28-Citizen-Centered-E-Government-Developing-the-Action-Plan.pdf\"\u003eCitizen-Centered E-Government: Developing the Action Plan\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 7/18/2001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e President Management Agenda - e-Government\u003c/p\u003e\u003ch4\u003eM-01-05\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2001-M-01-05-Guidance-on-Inter-Agency-Sharing-of-Personal-Data-Protecting-Personal-Privacy.pdf\"\u003eGuidance on Inter-Agency Sharing of Personal Data Protecting Personal Privacy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/20/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Computer Matching and Privacy Protection Act\u003c/p\u003e\u003ch3\u003e2000\u003c/h3\u003e\u003ch4\u003eM-00-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-15-OMB-Guidance-on-Implementing-the-Electronic-Signatures-in-Global-and-National-Commerce-Act.pdf\"\u003eOMB Guidance on Implementing the Electronic Signatures in Global and National Commerce Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 9/25/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e E-Sign Act\u003c/p\u003e\u003ch4\u003eM-00-13\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-13-Privacy-Policies-and-Data-Collection-on-Federal-Web-Sites.pdf\"\u003ePrivacy Policies and Data Collection on Federal Web Sites\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/22/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eChildrens Online Privacy Protection Act\u003c/li\u003e\u003cli\u003ePrivacy Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-00-10\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-10-OMB-Procedures-and-Guidance-on-Implementing-the-Government-Paperwork-Elimination-Act.pdf\"\u003eOMB Procedures and Guidance on Implementing the Government Paperwork Elimination Act\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/25/2000\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003eM-00-03\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/2000-M-00-03-Reporting-Y2K-Compliance-of-Non-mission-Critical-Systems.pdf\"\u003eReporting Y2K Compliance of Non-mission Critical Systems\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 12/10/1999\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch3\u003e1999\u003c/h3\u003e\u003ch4\u003eM-99-18\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1999-M-99-18-Privacy-Policies-on-Federal-Web-Sites.pdf\"\u003ePrivacy Policies on Federal Web Sites\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/2/1999\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-99-01\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1999-M-99-01-New-Statutory-Language-on-Paperwork-Reduction-FY-1999-ICB.pdf\"\u003eNew Statutory Language on Paperwork Reduction FY 1999 ICB\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 11/16/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Paperwork Reduction Act\u003c/p\u003e\u003ch4\u003e1998\u003c/h4\u003e\u003ch4\u003eM-98-14\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1995-1998-M-98-14-Comprehensive-Plans-and-Associated-Funding-Requirements-for-Achieving-Year-2000-Computer-Compliance.pdf\"\u003eComprehensive Plans and Associated Funding Requirements for Achieving Year 2000 Computer Compliance\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/13/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e OMB A-11\u003c/p\u003e\u003ch4\u003eM-98-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1995-1998-M-98-09-Updated-Guidance-on-Developing-a-Handbook-for-Individuals-Seeking-Access-of-Public-Information.pdf\"\u003eUpdated Guidance on Developing a Handbook for Individuals Seeking Access of Public Information\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/23/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eElectronic Freedom of Information Act Amendments of 1996\u003c/li\u003e\u003cli\u003eFOIA\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eM-98-04\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1998-M-98-04-Annual-Performance-Plans-Required-by-the-Government-Performance-and-Results-Act-GPRA.pdf\"\u003eAnnual Performance Plans Required by the Government Performance and Results Act (GPRA)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 1/29/1998\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e GPRA Modernization Act of 2010\u003c/p\u003e\u003ch3\u003e1997\u003c/h3\u003e\u003ch4\u003eM-97-15\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/1995-1998/m97-15.pdf\"\u003eLocal Telecommunications Services Policy\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 6/12/1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch4\u003eM-97-09\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-09-Interagency-Support-for-Information-Technology.pdf\"\u003eInteragency Support for Information Technology\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 3/10/1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch4\u003eM-97-07\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-07-Multiagency-Contracts-Under-the-Information-Technology-Management-Reform-Act-of-1996.pdf\"\u003eMultiagency Contracts Under the Information Technology Management Reform Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 2/26/1997\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch4\u003eM-97-02\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1997-M-97-02-Funding-Information-Systems-Investments.pdf\"\u003eFunding Information Systems Investments\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 10/25/1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eGPRA Modernization Act of 2010\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e1996\u003c/h3\u003e\u003ch4\u003eM-96-20\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/2017/11/1996-M-96-20-Implementation-of-the-Information-Technology-Management-Reform-Act-of-1996.pdf\"\u003eImplementation of the Information Technology Management Reform Act of 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 4/4/1996\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e Clinger-Cohen Act\u003c/p\u003e\u003ch3\u003e1995\u003c/h3\u003e\u003ch4\u003eM-95-17\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eTitle:\u003c/strong\u003e \u003ca href=\"https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/1995-1998/m95-17.pdf\"\u003eContingency Planning for Agency Operations in Fiscal Year 1996\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDate Released:\u003c/strong\u003e 8/17/1995\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eImplements:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch2\u003eHHS Policies, Standards, Memorandum, and Guides\u003c/h2\u003e\u003ch3\u003eHHS Policies\u003c/h3\u003e\u003cp\u003eThe HHS Cybersecurity Program develops policies, standards, memoranda, guides, and standard operating procedures. They are collectively referred to as policy documents. HHS policy documents help to apply Federal legislation, OMB regulations, NIST standards, and U.S. Computer Emergency Readiness Team (US-CERT) guidelines in the context of the HHS environment, thus standardizing the implementation of information security and privacy practices across the Department.\u003c/p\u003e\u003cp\u003eNOTE: The HHS Polices can be found at \u003cem\u003ehttp://intranet.hhs.gov/working-at-hhs/cybersecurity/ocio-policies\u003c/em\u003e and are only accessible through the HHS intranet/CMS network and cannot be accessed with a public internet connection.\u003c/p\u003e\u003ch4\u003eCybersecurity Awareness and Training\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2024-03-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Identifies the baseline requirements for providing HHS personnel with the requirements for Awareness Training and of their responsibility to help protect the confidentiality, integrity, and availability of HHS information systems and data\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/role-based-training-rbt\"\u003eCyberGeek - Role Based Training (RBT)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-2-awareness-and-training\"\u003eCyberGeek - Risk Management Handbook (RMH) Chapter 2: Awareness \u0026amp; Training (AT)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e5 CFR 930.301\u003c/li\u003e\u003cli\u003eFIPS 200\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS Policy for Information Security and Privacy Protection (IS2P)\u003c/li\u003e\u003cli\u003eNIST S.P. 800-16\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-50\u003c/li\u003e\u003cli\u003eNIST SP 800-181 rev 1\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRecords Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-CDO-2024-02-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the principles, responsibilities, and requirements for managing HHS records\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 2/1/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003eCMS Records and Information Management Program\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B\u003c/li\u003e\u003cli\u003e32 CFR Part 2002\u003c/li\u003e\u003cli\u003e18 U.S. Code § 641\u003c/li\u003e\u003cli\u003e18 U.S. Code § 2071\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 2901-2910\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 3101-3107\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 3106\u003c/li\u003e\u003cli\u003e44 U.S. Code §§ 3301-3324\u003c/li\u003e\u003cli\u003e44 U.S. Code § 3301\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eFederal Rules of Civil Procedures\u003c/li\u003e\u003cli\u003eNARA Bulletin 2010-05\u003c/li\u003e\u003cli\u003eNARA Bulletin 2013-02\u003c/li\u003e\u003cli\u003eNARA Bulletin 2014-02\u003c/li\u003e\u003cli\u003eNARA Bulletin 2015-02\u003c/li\u003e\u003cli\u003eNARA Bulletin 2023-02\u003c/li\u003e\u003cli\u003eNARA Criteria for Successfully Managing Permanent Electronic Records\u003c/li\u003e\u003cli\u003eNARA Guidance on Records Management Language for Contracts\u003c/li\u003e\u003cli\u003eNARA Universal Electronic Records Management Requirements\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB M-19-21\u003c/li\u003e\u003cli\u003eOMB M-23-07\u003c/li\u003e\u003cli\u003eHHS Policy for Litigation Holds\u003c/li\u003e\u003cli\u003eHHS Policy for Rules of Behavior for Use of Information and IT Resources\u003c/li\u003e\u003cli\u003eHHS Policy for Mobile Devices and Removable Media\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePrivacy Impact Assessments\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2023-09-005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Set forth the minimum HHS Privacy Threshold Analysis (PTA), PIA, and Internal PIA requirements, as well as accompanying approval and publication processes\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/privacy-impact-assessment-pia\"\u003eCyberGeek - Privacy Impact Assessment (PIA)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS Policy for Information Security and Privacy Protection (IS2P)\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53 Rev. 5\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management v1.0\u003c/li\u003e\u003cli\u003eOMB Circular A-108\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eOMB M-17-06\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act (PRA)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eLitigation Holds\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-CDO-2023-08-004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish that HHS takes all reasonable steps to preserve potentially relevant information in the possession, custody, or control of HHS when civil litigation has commenced or when there is reasonable anticipation of litigation\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/10/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Litigation Holds and Essential Records Program\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B §§ 1220.30-1220.34\u003c/li\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B §§ 1230.1-1230.18\u003c/li\u003e\u003cli\u003e36 CFR Chapter XII Subchapter B §§ 1236.2-1236.36\u003c/li\u003e\u003cli\u003e18 USC § 641\u003c/li\u003e\u003cli\u003e18 USC § 2071\u003c/li\u003e\u003cli\u003e44 USC §§ 2071-2120\u003c/li\u003e\u003cli\u003e44 USC §§ 2901-2912\u003c/li\u003e\u003cli\u003e44 USC §§ 3101-3107\u003c/li\u003e\u003cli\u003e44 USC §§ 3301-3314\u003c/li\u003e\u003cli\u003e44 USC §§ 3501-3583\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eDuty to Disclose, Rule 26\u003c/li\u003e\u003cli\u003eProducing Documents, Rule 34\u003c/li\u003e\u003cli\u003eFailure to Make Disclosures or to Cooperate in Discovery, Rule 37\u003c/li\u003e\u003cli\u003eDelivering Government Solutions in 21st Century\u003c/li\u003e\u003cli\u003eNARA 2010-05\u003c/li\u003e\u003cli\u003eNARA 2014-02\u003c/li\u003e\u003cli\u003eNARA 2015-02\u003c/li\u003e\u003cli\u003eNARA Criteria for Successfully Managing Permanent Electronic Records\u003c/li\u003e\u003cli\u003eNARA Guidance on Records Management Language for Contracts\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMA/NARA M-23-07\u003c/li\u003e\u003cli\u003ePublic Law 113-187\u003c/li\u003e\u003cli\u003eUniversal Electronic Records Management Requirements\u003c/li\u003e\u003cli\u003eNARA General Records Schedules\u003c/li\u003e\u003cli\u003eGeneral Record Schedule 6.1\u003c/li\u003e\u003cli\u003eHHS Implementing Email Records Management\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior for Use of Information and IT Resources\u003c/li\u003e\u003cli\u003eHHS Mobile Devices and Removable Media\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eData Loss Prevention\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2022-05-003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish comprehensive DLP requirements for HHS systems and information that are compliant with FISMA 2014, NIST S.P. 800-53, EO 14028\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/16/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eEO 13556\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHSS IS2P\u003c/li\u003e\u003cli\u003eNARA CUI Program\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB M-22-09\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRules of Behavior for Use of Information and IT Resources\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2023-02-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Defines the acceptable use of HHS information and IT resources and establishes the baseline requirements for developing Rules of Behavior that all users, including privileged users, are required to sign prior to accessing HHS information systems and resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 2/9/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/hhs-policy-rules-behavior-use-information-it-resources\"\u003eCyberGeek - HHS Policy for Rules of Behavior for Use of Information and IT Resources\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eNIST S.P. 800-18\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003ePublic Law § 115-232 889\u003c/li\u003e\u003cli\u003e5 USC § 552a\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eCommon Data Use Agreement (DUA) Structure and Repository\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-CDO-2023-01-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Defines a DUA as a document that establishes the terms and conditions under which the Data Provider will provide, and the Data Recipient will receive and use, the data covered under the Agreement, which is nonpublic, restricted HHS data shared for a limited government purpose\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/23/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/cms-data-use-agreement-dua\"\u003eCyberGeek - CMS Data Use Agreement (DUA)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e44 USC § 3520\u003c/li\u003e\u003cli\u003e44 USC § 3576\u003c/li\u003e\u003cli\u003eOMB M-14-06\u003c/li\u003e\u003cli\u003eOMB M-01-05\u003c/li\u003e\u003cli\u003eHHS Enterprise Data Management\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEncryption of Computing Devices and Information\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2022-12-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish comprehensive encryption requirements for HHS systems and information that are compliant with FISMA 2014, NIST S.P. 800-53, EO 14028, OMB M-22-09\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/9/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-15-13\u003c/li\u003e\u003cli\u003eOMB M-22-09\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSecuring AI Technology\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-12-007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensure secure implementation of AI technology within HHS, secure HHS networks and information, protect privacy, and address risks\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/14/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13859\u003c/li\u003e\u003cli\u003eEO 13960\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST Privacy Framework\u003c/li\u003e\u003cli\u003eNIST S.P. 800-167\u003c/li\u003e\u003cli\u003eNIST S.P. 800-94\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eDHS AI Using Standards to Mitigate Risks\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Security and Privacy Protection (IS2P)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-11-0006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establish comprehensive security and privacy requirements for HHS systems and information that are compliant with FISMA 2014 and NIST S.P. 800-53\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/18/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eEO 13556\u003c/li\u003e\u003cli\u003eFERPA\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eBuy American Act\u003c/li\u003e\u003cli\u003eFASCSA 2018\u003c/li\u003e\u003cli\u003ePublic Law 115-232 § 889\u003c/li\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eHSPD-12\u003c/li\u003e\u003cli\u003eNARA\u003c/li\u003e\u003cli\u003eB.O.D 18-02\u003c/li\u003e\u003cli\u003eFIPS 140-2, 199, 200, 201-1\u003c/li\u003e\u003cli\u003eNIST S.P. 800-111\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST S.P. 800-144\u003c/li\u003e\u003cli\u003eNIST S.P. 800-152\u003c/li\u003e\u003cli\u003eNIST S.P. 800-171\u003c/li\u003e\u003cli\u003eNIST S.P. 800-175A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-175B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-46\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-79-2\u003c/li\u003e\u003cli\u003eNIST S.P. 800-88\u003c/li\u003e\u003cli\u003eOMB Circular A-130\u003c/li\u003e\u003cli\u003eOMB Circular A-108\u003c/li\u003e\u003cli\u003eOMB M-02-01\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eOMB M-10-22\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-16-17\u003c/li\u003e\u003cli\u003eOMB M-14-03\u003c/li\u003e\u003cli\u003eOMB M-16-17\u003c/li\u003e\u003cli\u003eOMB M-14-03\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003e5 CFR § 930.301\u003c/li\u003e\u003cli\u003ePublic Law 113-291 Title VIII Subtitle D\u003c/li\u003e\u003cli\u003eSection 508 of the Rehabilitation Act of 1973\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Portfolio Management (PfM)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2021-09-005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Describes the Captital Planning and Investment Control (CPIC) principles and requirements, and establishes standard methodologies for conducting OAs, evaluating Investment Risks, certifying adequate Incremental Development, and successfully implementing TBM\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 9/23/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e \u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition\"\u003eCyberGeek - Risk Management Handbook Chapter 15: System \u0026amp; Services Acquisition\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGovernment Performance and Results Act of 1993\u003c/li\u003e\u003cli\u003eFederal Acquisition Streamlining Act of 1994\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act of 1995\u003c/li\u003e\u003cli\u003eFederal Financial Management Improvement Act of 1996\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFITARA 2014\u003c/li\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003ePolicies \u0026amp; Priorities, Technology Business Management. CIO. GOV\u003c/li\u003e\u003cli\u003eRecords Management Act of 1950\u003c/li\u003e\u003cli\u003eSection 508 of the Rehabilitation Act\u003c/li\u003e\u003cli\u003eEO 13636\u003c/li\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eGAO-04-394G\u003c/li\u003e\u003cli\u003eAIMD-10.1.13\u003c/li\u003e\u003cli\u003eGAO-13-87\u003c/li\u003e\u003cli\u003eGAO Report 16-469\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-94\u003c/li\u003e\u003cli\u003eOMB A-76\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB Federal Cloud Computing Strategy - Cloud Smart\u003c/li\u003e\u003cli\u003eOMB M-97-02\u003c/li\u003e\u003cli\u003eOMB M-05-23\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eFederal Continuity Directive 1\u003c/li\u003e\u003cli\u003eFederal Continuity Directive 2\u003c/li\u003e\u003cli\u003eFIPS 140-2\u003c/li\u003e\u003cli\u003eNIST S.P. 800-30\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-39\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-56A\u003c/li\u003e\u003cli\u003eSection 889(a)(1)(B) of the John S. McCain National Defense Authorization Act (NDAA)\u003c/li\u003e\u003cli\u003eHHS Section 508 Electronic and IT\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation\u003c/li\u003e\u003cli\u003eHHS OCIO Roles and Responsibilities\u003c/li\u003e\u003cli\u003eHHS OCIO Enterprise Performance Life Cycle Framework Overview Document\u003c/li\u003e\u003cli\u003eHHS IT Strategic Plan\u003c/li\u003e\u003cli\u003eHHS IT Policy for Enterprise Architecture\u003c/li\u003e\u003cli\u003eHHS Office of Acquisition Management and Policy (OAMP) Acquisition Policy Memorandum\u003c/li\u003e\u003cli\u003eHHS IT Acquisition Reviews (ITAR)\u003c/li\u003e\u003cli\u003eHHS IT Enterprise Performance Life Cycle\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Records Management\u003c/li\u003e\u003cli\u003eHHS Enterprise Risk Management Framework\u003c/li\u003e\u003cli\u003eHHS Cloud Computing and FedRamp Guidance\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy Language\u003c/li\u003e\u003cli\u003eHHS Cyber Supply Chain Risk Management\u003c/li\u003e\u003cli\u003eHHS High Value Asset (HVA) Program\u003c/li\u003e\u003cli\u003eOCIO FITARA Approval Guidance\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eTransition to IPv6\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2021-08-004\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides guidance to which HHS Operating Divisions (OpDivs) and Staff Divsions (StaffDivs) must follow to meet the requirements and milestones laid out in the OMB Memorandum 21-07, Completing the Transition to IPv6 (M-21-07)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/1/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 14028\u003c/li\u003e\u003cli\u003eFederal Acquisition Regulation (FAR)\u003c/li\u003e\u003cli\u003eNIST S.P. 500-267A\u003c/li\u003e\u003cli\u003eNIST S.P. 500-267B\u003c/li\u003e\u003cli\u003eNIST S.P. 500-281A\u003c/li\u003e\u003cli\u003eNIST S.P. 500-281B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-21-07\u003c/li\u003e\u003cli\u003eOMB M-05-22\u003c/li\u003e\u003cli\u003eHHS IT Acquisition Reviews (ITAR)\u003c/li\u003e\u003cli\u003eHHS IT Asset Management (ITAM)\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy Language\u003c/li\u003e\u003cli\u003eHHS IT System Inventory Management\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eImplementation of DHS Directive on Vulnerability Disclosure\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-05-003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the HHS compliance requirements under the DHS B.O.D 20-01\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/4/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCarnegie Mellon SEI, The CERT Guide to Coordinated Vulnerable Disclosure\u003c/li\u003e\u003cli\u003eB.O.D. 20-01\u003c/li\u003e\u003cli\u003eDOJ A Framework for a Vulnerability Disclosure Program for Online Systems\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eISO/IEC 29147:2018\u003c/li\u003e\u003cli\u003eNIST Framework for Improving Critical Infrastructure Cybersecurity\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-20-32\u003c/li\u003e\u003cli\u003eEO 13800\u003c/li\u003e\u003cli\u003eTitle 44, U.S. Code, Section 3553(b)(2) Authority and Functions of the Director and the Secretary\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eImplementation of Trusted Internet Connections (TIC)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-03-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the requirements to which HHS Operating Divisions (OpDivs) must adhere when implementing TICs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/17/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e6 USC 1523(b)(1)(D)\u003c/li\u003e\u003cli\u003eOMB M-19-26\u003c/li\u003e\u003cli\u003eCommittee on National Security Systems (CNSS), Internet Engineering Task Force (IETF) RFC 4949\u003c/li\u003e\u003cli\u003eDHS CISA TIC Reference Architecture Document\u003c/li\u003e\u003cli\u003eDHS CISA TIC Volume 1-5\u003c/li\u003e\u003cli\u003eDHS CISA TIC Interim Telework Guidance\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA) Enterprise Infrastructure Solutions (EIS) Management and Operations Handbook\u003c/li\u003e\u003cli\u003eGSA, Transition Handbook, Network, WITS 3, and GSA Regional Local Services to EIS Contracts\u003c/li\u003e\u003cli\u003eNational Cybersecurity Protection System (NCPS) Cloud Interface Reference Architecture\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-41\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-145\u003c/li\u003e\u003cli\u003eNIST S.P. 800-152\u003c/li\u003e\u003cli\u003eNIST S.P. 800-207\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Internet and Email Security\u003c/li\u003e\u003cli\u003eHHS POA\u0026amp;M Standard\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Procurements - Security And Privacy Language\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2021-03-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Mandates the standard security and privacy language for information and information technology (IT) procurements throughout HHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/3/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/security-and-privacy-requirements-it-procurements\"\u003eCyberGeek - Security and Privacy Requirements for IT Procurements\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eBuy American Act\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eFASCSA 2018\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePublic Law 115-232 § 889\u003c/li\u003e\u003cli\u003ePublic Law 115-390\u003c/li\u003e\u003cli\u003eU.S.C of CFR\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eIT System Inventory Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2020-12-011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Direct HHS entities (i.e., Operating Divisions [OpDiv] and Staff Divisions [StaffDiv]) to establish and maintain an enterprise-wide inventory of HHS IT systems by providing guidance and baseline standards for maintaining a comprehensive inventory of all IT systems and related information\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA 2014\u003c/li\u003e\u003cli\u003eFITARA Enhancement Act of 2017\u003c/li\u003e\u003cli\u003eMEGABYTE Act of 2016\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-17-09\u003c/li\u003e\u003cli\u003eOMB M-19-01\u003c/li\u003e\u003cli\u003eOMB M-19-21\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eHHS CPIC\u003c/li\u003e\u003cli\u003eHHS HVA\u003c/li\u003e\u003cli\u003eHHS ITAM\u003c/li\u003e\u003cli\u003eHHS Records Management\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Asset Management (ITAM)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OCPO-2020-08-008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the HHS program for the management of IT and Telecommunication assets in compliance with the Cap Goal 7: Category Management - Leveraging Common Contracts and Best Practices to Drive Saving and Efficiencies, within the Presidents Management Agenda (PMA); to buy common goods and services as an enterprise to eliminate redundancies, increase efficiency, and to deliver more value and savings from the governments acquisition programs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/19/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003eE-Government Act\u003c/li\u003e\u003cli\u003eMEGABYTE Act of 2016\u003c/li\u003e\u003cli\u003eSection 508 of the Rehabilitation Act\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eFederal Accounting Standards Advisory Board (FASAB), Statement of Federal Financial Accounting Standards (SFFAS) No. 10, Accounting for Internal Use Software\u003c/li\u003e\u003cli\u003eFASAB, Federal Finacial Accounting Technical Release 16, Implementation Guidance for Internal Use Software\u003c/li\u003e\u003cli\u003eGAO 14-413\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-16-12\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-19-13\u003c/li\u003e\u003cli\u003eHHS FITARA Implementation-Revised HHS IT Governance Framework\u003c/li\u003e\u003cli\u003eHHS FITAR Implementation Plan\u003c/li\u003e\u003cli\u003eGAO audit recommendations of HHSs Telecommunications inventory management and IT Strategic Planning\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eVulnerability Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-08-009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the baseline requirements for maintaining and effective vulnerability management program to implement and support activities pertaining to vulnerability scanning and remediation and to continually manage risks impacting HHS IT resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/19/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eSection International Organization for Standardization (ISO) 27002\u003c/li\u003e\u003cli\u003eNIST S.P. 800-40\u003c/li\u003e\u003cli\u003eNIST S.P. 800-51\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-126\u003c/li\u003e\u003cli\u003eNIST S.P. 800-128\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eCyber Supply Chain Risk Management (C-SCRM)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-08-010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the baseline requirements for securing the information and communications technology (ICT) products and services supply chain in order to protect HHS information systems and information from the risks involving ICT procurement supply chain\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/18/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eSECURE Technology Act\u003c/li\u003e\u003cli\u003eBuy American Act\u003c/li\u003e\u003cli\u003ePublic Law 115-232 § 889\u003c/li\u003e\u003cli\u003eFASCSA 2018\u003c/li\u003e\u003cli\u003eComprehensive National Cybersecurity Initiative (CNCI)\u003c/li\u003e\u003cli\u003eCISA National Risk Management Center\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eNIST S.P. 800-161\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eHHS ISP2\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSection 508 Compliance and Accessibility of Information and Communications Technology (ICT)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2020-07-007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Implement uniformity and conformity of accessibility compliance across all of HHS\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCommunications Act of 1934\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003e36 CFR § 1193-1194\u003c/li\u003e\u003cli\u003eOMB M-17-06\u003c/li\u003e\u003cli\u003eOMB M-13-13\u003c/li\u003e\u003cli\u003eOMB M-16-20\u003c/li\u003e\u003cli\u003eOMB Memorandum, Improving the Accessibility of Government Information\u003c/li\u003e\u003cli\u003eOMB Strategic Plan for Improving Management of Section 508 of the Rehabilitation Act\u003c/li\u003e\u003cli\u003eRehabilitation Act of 1973\u003c/li\u003e\u003cli\u003eWorkforce Innovation and Opportunities Act\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology Acquisition Reviews (ITAR)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2020-06-006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the HHS ITAR Program, which ensures HHS conducts its due diligence to manage and maintain oversight and governance over the procurement of IT therefore contributing to effective planning, budgeting, and execution of IT resources\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eNational Defense Authorization Act for Fiscal Year 2015\u003c/li\u003e\u003cli\u003eEO 13833\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-15-14\u003c/li\u003e\u003cli\u003eOMB M-16-12\u003c/li\u003e\u003cli\u003eHHS FITARA Implementation-Revised HHS IT Governance Framework\u003c/li\u003e\u003cli\u003eHHS FITARA HHS Implementation Plan\u003c/li\u003e\u003cli\u003eHHS Memorandum for Record, HHS Chief Information Officer Delegation of Authorities to Operating Divsiion Chief Information Officers\u003c/li\u003e\u003cli\u003eHHS CPIC\u003c/li\u003e\u003cli\u003eHHS EPLC\u003c/li\u003e\u003cli\u003eHHS Procedures, Guidance and Instructions (PGI)\u003c/li\u003e\u003cli\u003eInformation Technology Decision Criteria and Clause Matrix\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy language\u003c/li\u003e\u003cli\u003eHHS Standard for Encryption of computing Devices and Information\u003c/li\u003e\u003cli\u003eHHS Minumun Security Configuration Standards Guidance\u003c/li\u003e\u003cli\u003eHHS Software Development Secure Coding Practices\u003c/li\u003e\u003cli\u003eHHS Directive for Acquisition Strategy\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePreparing for and Responding to a Breach\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-PIM-2020-05-003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Addresses OMB M-17-22, Preparing for and Responding to a Breach of PII, and sets forth the approach of HHS in preparing for and responding to breaches of PII in any medium or form\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\"\u003eCyberGeek - Risk Management Handbook Chapter 8: Incident Response (IR)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-20-04\u003c/li\u003e\u003cli\u003eOMB M-16-14\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003ePPD-41\u003c/li\u003e\u003cli\u003eNIST S.P. 800-34\u003c/li\u003e\u003cli\u003eNIST S.P. 800-61\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eUS-CERT Federal Incident Notification Guidelines\u003c/li\u003e\u003cli\u003eNational Cybersecurity and Communications Integration Center (NCCIC) Cyber Incident Scoring System\u003c/li\u003e\u003cli\u003eIdentity Protection Services (IPS) Multiple Award Blanket Purchase Agreement (BPA)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSecuring Wireless Local Area Networks\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-01-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Updates the requirements and specification for securing all HHS WLANs in compliance with the NIST S.P. 800-153, Guidelines for Securing Wireless Local Area Networks (WLANs) and the Institute of Electrical and Electronic Engineers (IEEE) 802.11 WLANs standards\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/13/2020\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-153\u003c/li\u003e\u003cli\u003eNIST S.P. 800-97\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Memorandum, Addendum to the HHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEnterprise Data Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2020-02-002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the requirements for the efficient and secure management and protection of enterprise data\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/13/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-13-13\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eDomain Name System (DNS) and DNS Security Extensions (DNSSEC) Services\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2019-11-011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the minumum requirements for implementing the DNS and DNSEC services across the HHS and the OpDiv networks\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eDHS DNS Security Reference Architecture\u003c/li\u003e\u003cli\u003eNIST S.P. 800-81\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eDHS B.O.D. 19-01\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInternet and Email Security\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2019-10-009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the minimum requirements for securing the internet and email services throughout HHS, including OpDivs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-16-system-communications-protection\"\u003eCyberGeek - RMH Chapter 16: System \u0026amp; Communications Protection\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/email-encryption-requirements-cms\"\u003eCyberGeek - Email Encryption Requirements at CMS\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13800\u003c/li\u003e\u003cli\u003eOMB M-15-13\u003c/li\u003e\u003cli\u003eDHS B.O.D 19-01\u003c/li\u003e\u003cli\u003eDHS B.O.D 18-01\u003c/li\u003e\u003cli\u003eNIST S.P. 800-177\u003c/li\u003e\u003cli\u003eNIST S.P. 800-119\u003c/li\u003e\u003cli\u003eFederal Trade Commission (FTC) Bureau of Consumer Protections, Businesses Can Help Stop Phishing and Protect their Brands Using Email Authentication\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior (ROB)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHigh Value Asset (HVA) Program\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2018-09-006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides HHS OpDivs and StaffDivs with the policy for governance of HHS HVAs along with the requirements for the identification, categorization, prioritization, reporting, assessment, and the remediation of finding of HVAs\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-16-04\u003c/li\u003e\u003cli\u003eOMB M-19-02\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-13-13\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eDHS B.O.D. 18-02\u003c/li\u003e\u003cli\u003eCybersecurity Strategy and Implementation Plan for the Federal Civilian Government (CSIP)\u003c/li\u003e\u003cli\u003eCybersecurity National Action Plan (CNAP)\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Continuity of Operation Program\u003c/li\u003e\u003cli\u003eHHS IT Procurements - Security and Privacy Language\u003c/li\u003e\u003cli\u003eSenior Accountable Official for Risk Management (SAORM) Designee for Department of Homeland Security B.O.D. 18-02 Securing HVAs\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMobile Devices and Removable Media\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OIS-2019-09-0005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Protects HHS information and information systems from risks related to the use of mobile devices for government businesses and the risks of using mobile devices to access HHS information systems remotely from outside of HHS facilities\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-5-configuration-management-cm\"\u003eCyberGeek - Risk Management Handbook Chapter 5: Configuration Management (CM)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-10-media-protection-mp\"\u003eCyberGeek - Risk Management Handbook Chapter 10: Media Protection (MP)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-access-control-handbook\"\u003eCyberGeek - CMS Access Control Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFederal Records Act of 1950\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-124\u003c/li\u003e\u003cli\u003eEO 13556\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior for Use of HHS Information and IT Resources Policy\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSoftware Development Secure Coding Practices\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-OES-2019-08-005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the minimum baseline secure coding practices that must be implemented to ensure secure code is “built in” in the early phases of the software development lifecycle in order to protect and secure all HHS information, IT systems, and networks\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMobile Applications Privacy Policy\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-PIM-2018-09-001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Sets forth HHS policy for protecting privacy in HHS Mobile Applications\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eCOPPA 1998\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eOMB M-17-06\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB A-108\u003c/li\u003e\u003cli\u003eDigital Government: Building a 21st Century Platform to Better Serve the American People\u003c/li\u003e\u003cli\u003eNIST 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-163\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-61\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eHHS Policy and Plan for Preparing for and Responding to Breaches of PII\u003c/li\u003e\u003cli\u003eHHS Privacy Impact Assessment Guidance\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Privacy Impact Assessments (PIA)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eInformation Technology (IT) Policy for Enterprise Performance Life Cycle (EPLC)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2008-004.002\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e All HHS IT projects shall be managed using the HHS EPLC Framework, including life cycle phases, reviews, deliverables, activities, responsibilities, and tailoring, regardless of the specific development methodology used\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://www.cms.gov/data-research/cms-information-technology/tlc\"\u003eCMS.gov - Target Life Cycle (TLC)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition\"\u003eCyberGeek - Risk Management Handbook Chapter 15: System \u0026amp; Services Acquisition\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-16-system-communications-protection\"\u003eCyberGeek - RMH Chapter 16: System \u0026amp; Communications Protection\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003eFederal Acquisition Certification-Program and Project Manager Program (FAC-P/PM)\u003c/li\u003e\u003cli\u003eHHS IT Capital Planning and Investment Control\u003c/li\u003e\u003cli\u003eHHS IRM Policy for Conducting IT Alternatives Analysis\u003c/li\u003e\u003cli\u003eHHS IT Performance Management (PfM)\u003c/li\u003e\u003cli\u003eHHS Enterprise Architecture (EA)\u003c/li\u003e\u003cli\u003eHHS IT System Inventory Management\u003c/li\u003e\u003cli\u003eHHS Records Mangement\u003c/li\u003e\u003cli\u003eHHS Implementing Email Records Management\u003c/li\u003e\u003cli\u003eHHS Section 508 and Accessibility of Technology and Communications Technology (ICT)\u003c/li\u003e\u003cli\u003eHHS Security Policies, Standards, Charters and Training Resources\u003c/li\u003e\u003cli\u003eHHS Incident Reporting, Policy and Incident Management Reference\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eGAO Cost Estimating and Assessment Guide\u003c/li\u003e\u003cli\u003eOMB M-05-23\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-127\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEnvironmental Practices of Electronics\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the framework for the implementation of sound environmental practices in the acquisition, operations and maintenance, and end-of-life management of HHS-purchased electronic products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/5/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Property Management\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13423\u003c/li\u003e\u003cli\u003eEO 13514\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eElectronic Stewardship\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2011-0002.001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides the framework for the implementation of sound environmental practices in the acquisition, operations and maintenance, and end-of-life management of HHS-purchased electronic products\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Property Management\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13423\u003c/li\u003e\u003cli\u003eEO 13514\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for FOIA Investigatory \u0026amp; Audit Matters\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides HHS staff with a policy for legal holds and to inform HHS staff about FOIA, investigatory, and audit matters that require holds on HHS records and other related documentary materials\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/26/2011\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Freedom of Information Group\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFOIA\u003c/li\u003e\u003cli\u003e44 U.S.C Chapter 31\u003c/li\u003e\u003cli\u003e44 U.S.C Chapter 33\u003c/li\u003e\u003cli\u003e5 U.S.C Chapter 552\u003c/li\u003e\u003cli\u003e36 CFR Chapter XII, subchapter B\u003c/li\u003e\u003cli\u003eFederal Rules of Civil Procedure (FRCP)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for Networks Program Designated Agency Representatives\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2010-0005\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Identifies and provides supplemental information in the establishment of titles, roles and responsibilities of Designated Agency Representatives (DARs) for the move from the FTS-2001 contract to the Networx contract and its transition program\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/10/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eGeneral Services Administration (GSA) guidelines regarding Networx contracts, policies, and procedures\u003c/li\u003e\u003cli\u003eGSA DAR Guidelines for Network Services Contracts of the Office of ITS FAA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for Enterprise Architecture\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2008-0003.001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Outlines the roles and responsibilities for ensuring compliance with legislative and executive level guidance on Enterprise Architecture (EA)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 8/7/2008\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eGRPA 1993\u003c/li\u003e\u003cli\u003eFASA V 1994\u003c/li\u003e\u003cli\u003ePRA 1995\u003c/li\u003e\u003cli\u003eClinger-Cohen Act of 1996\u003c/li\u003e\u003cli\u003eGovernment Paperwork Elimination Act of 1998\u003c/li\u003e\u003cli\u003eGISRA 2000\u003c/li\u003e\u003cli\u003eFISMA 2002\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eEO 13011\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-109\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003cli\u003eOMB A-127\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-00-07\u003c/li\u003e\u003cli\u003eOMB M-97-02\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for eGov Forms\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2006-0003\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Ensures that HHS maintains accurate form content for those HHS forms that are in the E-Gov Forms Catalogue, managed by the Small Business Administration (SBA) and the General Services Administration (GSA) under the Business Gateway (BG) initiative\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/7/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFederal Property and Administrative Services Act of 1949\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eSection 508 Rehabilitation Act\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act of 1980\u003c/li\u003e\u003cli\u003eInformation Quality Act\u003c/li\u003e\u003cli\u003e5 U.S.C. 552a(e)(1)\u003c/li\u003e\u003cli\u003e44 U.S.C. 3508\u003c/li\u003e\u003cli\u003eSmall Business Paperwork Relief Act of 2002\u003c/li\u003e\u003cli\u003e36 CFR Parts 1220-1238\u003c/li\u003e\u003cli\u003e5 CFR part 1320\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for HHSMail Change Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO 2006-0002.001\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Establishes the policy for change management within the HHS HHSMail project\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2/2006\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eClinger-Cohen Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB A-11\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eHHS Standards\u003c/h3\u003e\u003ch4\u003eHHS Standard for Plan of Action and Milestones (POAM) Management and Reporting\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2019-0002.001S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides OpDivs with the baseline standards and guidelines for properly documenting and managing POA\u0026amp;Ms and support the OpDivs in their development and management of POA\u0026amp;Ms within their respective organizations\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/3/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-plan-action-and-milestones-poam-handbook\"\u003eCyberGeek - CMS Plan of Action and Milestones (POA\u0026amp;M) Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eEO 13800\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-14-04\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Standard for System Inventory Management\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2018-0001.002S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides guidance and the baseline standards for maintaining a comprehensive inventory of all systems throughout HHS and enable management to have continuous accounting of all information systems and information assets\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/27/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Memorandum, FY15 Cybersecurity IT Priorities\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMinimum Security Configuration Standards Guidance\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2017-0001.001S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides personnel involved in configuring or connecting servers, workstations, or network devices to the HHS infrastructure with minimum security configuration standards for each respective device\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/5/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eCyber Security Research and Development Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eCNSS Instruction No. 4009\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eNIST S.P. 800-37\u003c/li\u003e\u003cli\u003eNIST S.P. 800-52\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eNIST S.P. 800-60\u003c/li\u003e\u003cli\u003eNIST S.P. 800-70\u003c/li\u003e\u003cli\u003eNIST S.P. 800-115\u003c/li\u003e\u003cli\u003eNIST S.P. 800-128\u003c/li\u003e\u003cli\u003eNIST S.P. 800-152\u003c/li\u003e\u003cli\u003eNIST S.P. 800-175A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-179\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Minimum Security Configuration Standards for Palo Alto Networks\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eDoc Number:\u003c/strong\u003e HHS-OCIO-2017-0001-002S\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e Provides OpDivs with specific technical configuration guidance for implementing the Palo Alto Networks Uniform Resource Locator (URL) filtering and Transport Layer Security (TLS) decryption solution\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/31/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-privacy-impact-assessment-pia-handbook\"\u003eCyberGeek - CMS Privacy Impact Assessment (PIA) Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eNIST S.P. 800-66\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eHHS Memoranda\u003c/h3\u003e\u003ch4\u003eHHS Approved Physical Access and Logical Access Authentication Mechanisms\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/15/2024\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-access-control-handbook\"\u003eCyberGeek - CMS Access Control Handbook\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHSPD-12\u003c/li\u003e\u003cli\u003eOMB M-19-17\u003c/li\u003e\u003cli\u003eOMB M-22-09\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63-3\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63C\u003c/li\u003e\u003cli\u003eNIST S.P. 800-157\u003c/li\u003e\u003cli\u003eNIST S.P. 800-217\u003c/li\u003e\u003cli\u003eOMB A-123\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eReminder of Existing HHS IT User Policies Relevant for Third-Party Generative AI Tools\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/20/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e40 U.S.C § 11319(b)(1)(A)\u003c/li\u003e\u003cli\u003e40 U.S.C § 11319\u003c/li\u003e\u003cli\u003e40 U.S.C § 11315(c)(2)\u003c/li\u003e\u003cli\u003eHHS Securing AI Technology\u003c/li\u003e\u003cli\u003eHHS Rules of Behavior for Use of Information and IT Resources\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eMemorandum M-23-13 “No TikTok on Government Devices” Implementation\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/31/2023\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNo TikTok on Government Devices Act\u003c/li\u003e\u003cli\u003eOMB M-23-13\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eIS2P / NIST S.P. 800-53 Revision 5 - Compliance Timeline\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/20/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eHHS IS2P \u0026nbsp;\u003c/li\u003e\u003cli\u003eHHS Control Catalog\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eUpdated Department Standard Warning Banner for HHS Systems\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 9/12/2022\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRescission of Outdated and Superseded Policy\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/9/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Control Catalog\u003c/li\u003e\u003cli\u003eHHS Minimum Security Configuration Standards Guidance\u003c/li\u003e\u003cli\u003eHHS Minimum Security Configuration Standards for Palo Alto Networks\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Social Security Number (SSN) Reduction and Elimination\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/10/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act of 1995\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eOMB M-07-16\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eEO 9397\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eHHS Sensitive PII Definition and Guidance\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eComplete Transition to IPv 6 Memorandum\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 4/29/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-21-07\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRoles \u0026amp; Repsonsibilities of OpDiv SOPs\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/3/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eE-Government Act of 2002\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eFAR\u003c/li\u003e\u003cli\u003eImplementing Recommendations of the 9/11 Commission Act of 2007\u003c/li\u003e\u003cli\u003eEO 13636\u003c/li\u003e\u003cli\u003eEO 9397\u003c/li\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-20-04\u003c/li\u003e\u003cli\u003eOMB M-16-24\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-10-22\u003c/li\u003e\u003cli\u003eOMB M-07-16\u003c/li\u003e\u003cli\u003eOMB M-03-22\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS IT Acquisition Reviews (ITAR)\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS High Value Asset (HVA) Program\u003c/li\u003e\u003cli\u003eHHS IT Procurements Security and Privacy Language\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003cli\u003eHHS Mobile Applications Privacy Policy\u003c/li\u003e\u003cli\u003eHHS POA\u0026amp;M Standard\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eHHS Sensitive PII Definition and Guidance\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eUse of Government Furnished Equipment (GFE) During Foreign Travel\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 2/10/21\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e CMS Counterintelligence and Insider Threat - Foreign Travel\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFIPS 140-2\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eRescission of Security and Privacy Outdated and Superseded Policies\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 11/25/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS IT Security and Privacy Incident Reporting and Response\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003cli\u003eHHS Minimum Security Configurations Standards Guidance\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eSensitive PII Definition and Guidance\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/4/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePaperwork Reduction Act\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eHHS Preparing for and Responding to a Breach of PII\u003c/li\u003e\u003cli\u003eHHS PIA\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003cli\u003eNIST S.P. 800-122\u003c/li\u003e\u003cli\u003eNIST S.P. 800-88\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eAddendum to the HHS IS2P\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/24/2018\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003ch4\u003eRequirement for Role-Based Training of Personnel with Significant Security Responsibilities\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/28/2017\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/role-based-training-rbt\"\u003eCyberGeek - Role Based Training (RBT)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFCWAA 2015\u003c/li\u003e\u003cli\u003e5 CFR 930.301\u003c/li\u003e\u003cli\u003eNIST S.P. 800-181\u003c/li\u003e\u003cli\u003eNIST S.P. 800-16\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Cloud Computing and Federal Risk and Authorization Management Program Guidance\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/15/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/fedramp\"\u003eCyberGeek - Federal Risk and Authorization Management Program (FedRAMP)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFedRAMP\u003c/li\u003e\u003cli\u003eNIST S.P. 800-144\u003c/li\u003e\u003cli\u003eNIST S.P. 800-137\u003c/li\u003e\u003cli\u003eHHS Cloud Computing Strategy\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eEnd-of-Life Operating Systems, Software and Applications Policy\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/19/2016\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-53\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eFY15 Cybersecurity IT Priorities\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/1/2015\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003cli\u003eFITARA\u003c/li\u003e\u003cli\u003eEO 13636\u003c/li\u003e\u003cli\u003eHHS Acquisition Regulation (HHSAR)\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Usage of Unauthorized External Information Systems to Conduct Department Business Memorandum\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/8/2014\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Security Data Warehouse Escalation Memorandum\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/15/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2014\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy for Monitoring Employee Use of HHS IT Resources (2013)\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 6/26/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIG Act 1978\u003c/li\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eHIPAA\u003c/li\u003e\u003cli\u003eWhistleblower Protection Act\u003c/li\u003e\u003cli\u003eFOIA\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eDetermining Non-Sensitive Data on Mobile Computers/Devices\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 1/11/2013\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-06-16\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eImplementation of OMB M-10-22 and M-10-23\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 12/21/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-10-22\u003c/li\u003e\u003cli\u003eOMB M-10-23\u003c/li\u003e\u003cli\u003eOMB M-07-16\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eResolving Security Audit Finding Disputes\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/13/2010\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eOMB M-08-21\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eUpdated Departmental Standard for the Definition of Sensitive Information\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 5/18/2009\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003ch4\u003eApplicability of FISMA to HHS Grantees\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 10/29/2007\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e IS2P2\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eFISMA 2002\u003c/li\u003e\u003cli\u003eOMB M-07-19\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eHHS Guides, Forms, and Templates\u003c/h3\u003e\u003ch4\u003eInformation Security \u0026amp; Privacy Certification Checklist\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/1/2021\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/risk-management-handbook-chapter-15-system-services-acquisition\"\u003eCyberGeek - Risk Management Handbook Chapter 15: System \u0026amp; Services Acquisition\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003ePrivacy Act of 1974\u003c/li\u003e\u003cli\u003eNIST S.P. 800-60\u003c/li\u003e\u003cli\u003eNIST S.P. 800-88\u003c/li\u003e\u003cli\u003eFIPS 199\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003ePolicy Exception-Risk Based Decision Request\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 7/10/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003e44 U.S. C, Sec. 3502\u003c/li\u003e\u003cli\u003eOMB A-127\u003c/li\u003e\u003cli\u003eOMB A-130\u003c/li\u003e\u003cli\u003eOMB M-19-03\u003c/li\u003e\u003cli\u003eOMB M-17-12\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Guidance for Selection of e-Authentication Assurance Levels\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eEO 13681\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63-3\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63C\u003c/li\u003e\u003cli\u003eOMB M-04-04\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eHHS Guidance for e-Authentication RA Template\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e 3/2019\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eIS2P2\u003c/li\u003e\u003cli\u003eARS\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eNIST S.P. 800-63\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63-3\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63A\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63B\u003c/li\u003e\u003cli\u003eNIST S.P. 800-63C\u003c/li\u003e\u003cli\u003eHHS IS2P\u003c/li\u003e\u003c/ul\u003e\u003ch4\u003eCharter Establishing the EPLC Change Control Board\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e \u003ca href=\"https://www.cms.gov/data-research/cms-information-technology/tlc\"\u003eCMS.gov - Target Life Cycle\u003c/a\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e N/A\u003c/p\u003e\u003ch4\u003eNon-Disclosure Agreement\u003c/h4\u003e\u003cp\u003e\u003cstrong\u003eEffective Date:\u003c/strong\u003e N/A\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding CMS Publication:\u003c/strong\u003e Coming Soon\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eCorresponding Federal Publication:\u003c/strong\u003e N/A\u003c/p\u003e"])</script><script>self.__next_f.push([1,"1c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node_type/node_type/ab4b0312-f678-40b9-ae06-79025f52ff43\"}\n1b:{\"self\":\"$1c\"}\n1f:[\"menu_ui\",\"scheduler\"]\n1e:{\"module\":\"$1f\"}\n22:[]\n21:{\"available_menus\":\"$22\",\"parent\":\"\"}\n23:{\"expand_fieldset\":\"when_required\",\"fields_display_mode\":\"vertical_tab\",\"publish_enable\":false,\"publish_past_date\":\"error\",\"publish_past_date_created\":false,\"publish_required\":false,\"publish_revision\":false,\"publish_touch\":false,\"show_message_after_update\":true,\"unpublish_enable\":false,\"unpublish_required\":false,\"unpublish_revision\":false}\n20:{\"menu_ui\":\"$21\",\"scheduler\":\"$23\"}\n1d:{\"langcode\":\"en\",\"status\":true,\"dependencies\":\"$1e\",\"third_party_settings\":\"$20\",\"name\":\"Library page\",\"drupal_internal__type\":\"library\",\"description\":\"Use \u003ci\u003eLibrary pages\u003c/i\u003e to publish CMS Security and Privacy Handbooks or other long-form policy and guidance documents.\",\"help\":null,\"new_revision\":true,\"preview_mode\":1,\"display_submitted\":true}\n1a:{\"type\":\"node_type--node_type\",\"id\":\"ab4b0312-f678-40b9-ae06-79025f52ff43\",\"links\":\"$1b\",\"attributes\":\"$1d\"}\n26:{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/0a524d8d-c305-48cb-b7e8-ac3897f622d2\"}\n25:{\"self\":\"$26\"}\n27:{\"display_name\":\"jcorral\"}\n24:{\"type\":\"user--user\",\"id\":\"0a524d8d-c305-48cb-b7e8-ac3897f622d2\",\"links\":\"$25\",\"attributes\":\"$27\"}\n2a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/e352e203-fe9c-47ba-af75-2c7f8302fca8\"}\n29:{\"self\":\"$2a\"}\n2b:{\"display_name\":\"mburgess\"}\n28:{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"links\":\"$29\",\"attributes\":\"$2b\"}\n2e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e?resourceVersion=id%3A91\"}\n2d:{\"self\":\"$2e\"}\n30:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n2f:{\"drupal_internal__tid\":91,\"drupal_internal__revision_id\":91,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:10:37+00:00\",\"status\":true,\"name\":\"Handbooks\",\"description\":null,\"weight\":3,\"changed\":\"2023-03-10T19:04:03+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"pa"])</script><script>self.__next_f.push([1,"th\":\"$30\"}\n34:{\"drupal_internal__target_id\":\"resource_type\"}\n33:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"3a0127c4-ee06-41ed-8239-f796f6d78eb3\",\"meta\":\"$34\"}\n36:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/vid?resourceVersion=id%3A91\"}\n37:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/relationships/vid?resourceVersion=id%3A91\"}\n35:{\"related\":\"$36\",\"self\":\"$37\"}\n32:{\"data\":\"$33\",\"links\":\"$35\"}\n3a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/revision_user?resourceVersion=id%3A91\"}\n3b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/relationships/revision_user?resourceVersion=id%3A91\"}\n39:{\"related\":\"$3a\",\"self\":\"$3b\"}\n38:{\"data\":null,\"links\":\"$39\"}\n42:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n41:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$42\"}\n40:{\"help\":\"$41\"}\n3f:{\"links\":\"$40\"}\n3e:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"virtual\",\"meta\":\"$3f\"}\n3d:[\"$3e\"]\n44:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/parent?resourceVersion=id%3A91\"}\n45:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/relationships/parent?resourceVersion=id%3A91\"}\n43:{\"related\":\"$44\",\"self\":\"$45\"}\n3c:{\"data\":\"$3d\",\"links\":\"$43\"}\n31:{\"vid\":\"$32\",\"revision_user\":\"$38\",\"parent\":\"$3c\"}\n2c:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"e3394b9a-cbff-4bad-b68e-c6fad326132e\",\"links\":\"$2d\",\"attributes\":\"$2f\",\"relationships\":\"$31\"}\n48:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5?resourceVersion=id%3A66\"}\n47:{\"self\":\"$48\"}\n4a:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n49:{\"drupal_internal__tid\":66,\"drupal_internal__revision_id\":66,\"langcode\":\"en\",\"revision_"])</script><script>self.__next_f.push([1,"created\":\"2022-08-02T23:08:26+00:00\",\"status\":true,\"name\":\"Cyber Risk Advisor (CRA)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:26+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$4a\"}\n4e:{\"drupal_internal__target_id\":\"roles\"}\n4d:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$4e\"}\n50:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/vid?resourceVersion=id%3A66\"}\n51:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/vid?resourceVersion=id%3A66\"}\n4f:{\"related\":\"$50\",\"self\":\"$51\"}\n4c:{\"data\":\"$4d\",\"links\":\"$4f\"}\n54:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/revision_user?resourceVersion=id%3A66\"}\n55:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/revision_user?resourceVersion=id%3A66\"}\n53:{\"related\":\"$54\",\"self\":\"$55\"}\n52:{\"data\":null,\"links\":\"$53\"}\n5c:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n5b:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$5c\"}\n5a:{\"help\":\"$5b\"}\n59:{\"links\":\"$5a\"}\n58:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$59\"}\n57:[\"$58\"]\n5e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/parent?resourceVersion=id%3A66\"}\n5f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/parent?resourceVersion=id%3A66\"}\n5d:{\"related\":\"$5e\",\"self\":\"$5f\"}\n56:{\"data\":\"$57\",\"links\":\"$5d\"}\n4b:{\"vid\":\"$4c\",\"revision_user\":\"$52\",\"parent\":\"$56\"}\n46:{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"links\":\"$47\",\"attributes\":\"$49\",\"relationships\":\"$4b\"}\n62:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26?resourceVersion=id%3A81\"}\n61:{\"sel"])</script><script>self.__next_f.push([1,"f\":\"$62\"}\n64:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n63:{\"drupal_internal__tid\":81,\"drupal_internal__revision_id\":81,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:09:11+00:00\",\"status\":true,\"name\":\"Data Guardian\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:09:11+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$64\"}\n68:{\"drupal_internal__target_id\":\"roles\"}\n67:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$68\"}\n6a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/vid?resourceVersion=id%3A81\"}\n6b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/relationships/vid?resourceVersion=id%3A81\"}\n69:{\"related\":\"$6a\",\"self\":\"$6b\"}\n66:{\"data\":\"$67\",\"links\":\"$69\"}\n6e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/revision_user?resourceVersion=id%3A81\"}\n6f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/relationships/revision_user?resourceVersion=id%3A81\"}\n6d:{\"related\":\"$6e\",\"self\":\"$6f\"}\n6c:{\"data\":null,\"links\":\"$6d\"}\n76:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n75:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$76\"}\n74:{\"help\":\"$75\"}\n73:{\"links\":\"$74\"}\n72:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$73\"}\n71:[\"$72\"]\n78:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/parent?resourceVersion=id%3A81\"}\n79:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/relationships/parent?resourceVersion=id%3A81\"}\n77:{\"related\":\"$78\",\"self\":\"$79\"}\n70:{\"data\":\"$71\",\"links\":\"$77\"}\n65:{\"vid\":\"$66\",\"revision_user\":\"$6c\",\"parent\":\"$70\"}\n60:{\"type\":\"taxonomy_term--roles\",\"id\":\"a2b33f6a-8172-4862-9c0e-6e5076b6cf26\",\"links\":\"$61\",\"attributes\":\"$63\",\"relationships\":\"$65\"}\n7c:"])</script><script>self.__next_f.push([1,"{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab?resourceVersion=id%3A61\"}\n7b:{\"self\":\"$7c\"}\n7e:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n7d:{\"drupal_internal__tid\":61,\"drupal_internal__revision_id\":61,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:12+00:00\",\"status\":true,\"name\":\"Information System Security Officer (ISSO)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:12+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$7e\"}\n82:{\"drupal_internal__target_id\":\"roles\"}\n81:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$82\"}\n84:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/vid?resourceVersion=id%3A61\"}\n85:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/vid?resourceVersion=id%3A61\"}\n83:{\"related\":\"$84\",\"self\":\"$85\"}\n80:{\"data\":\"$81\",\"links\":\"$83\"}\n88:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/revision_user?resourceVersion=id%3A61\"}\n89:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/revision_user?resourceVersion=id%3A61\"}\n87:{\"related\":\"$88\",\"self\":\"$89\"}\n86:{\"data\":null,\"links\":\"$87\"}\n90:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n8f:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$90\"}\n8e:{\"help\":\"$8f\"}\n8d:{\"links\":\"$8e\"}\n8c:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$8d\"}\n8b:[\"$8c\"]\n92:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/parent?resourceVersion=id%3A61\"}\n93:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/parent?resourceVersion=id%3A61\"}\n91:{\"related\":\"$92\",\"self\":\"$93\"}\n8a:{\"data\":\"$8b\",\"links\":\"$91\"}\n7f:{\"vid\":\"$80\",\"revision_us"])</script><script>self.__next_f.push([1,"er\":\"$86\",\"parent\":\"$8a\"}\n7a:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"links\":\"$7b\",\"attributes\":\"$7d\",\"relationships\":\"$7f\"}\n96:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34?resourceVersion=id%3A76\"}\n95:{\"self\":\"$96\"}\n98:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n97:{\"drupal_internal__tid\":76,\"drupal_internal__revision_id\":76,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:55+00:00\",\"status\":true,\"name\":\"System / Business Owner\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:55+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$98\"}\n9c:{\"drupal_internal__target_id\":\"roles\"}\n9b:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$9c\"}\n9e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/vid?resourceVersion=id%3A76\"}\n9f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/vid?resourceVersion=id%3A76\"}\n9d:{\"related\":\"$9e\",\"self\":\"$9f\"}\n9a:{\"data\":\"$9b\",\"links\":\"$9d\"}\na2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/revision_user?resourceVersion=id%3A76\"}\na3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/revision_user?resourceVersion=id%3A76\"}\na1:{\"related\":\"$a2\",\"self\":\"$a3\"}\na0:{\"data\":null,\"links\":\"$a1\"}\naa:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\na9:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$aa\"}\na8:{\"help\":\"$a9\"}\na7:{\"links\":\"$a8\"}\na6:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$a7\"}\na5:[\"$a6\"]\nac:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/parent?resourceVersion=id%3A76\"}\nad:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f"])</script><script>self.__next_f.push([1,"34/relationships/parent?resourceVersion=id%3A76\"}\nab:{\"related\":\"$ac\",\"self\":\"$ad\"}\na4:{\"data\":\"$a5\",\"links\":\"$ab\"}\n99:{\"vid\":\"$9a\",\"revision_user\":\"$a0\",\"parent\":\"$a4\"}\n94:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"links\":\"$95\",\"attributes\":\"$97\",\"relationships\":\"$99\"}\nb0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/c12221c3-2c7e-4eb0-903f-0470aad63bf0?resourceVersion=id%3A16\"}\naf:{\"self\":\"$b0\"}\nb2:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\nb1:{\"drupal_internal__tid\":16,\"drupal_internal__revision_id\":16,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:05:20+00:00\",\"status\":true,\"name\":\"CMS Policy \u0026 Guidance\",\"description\":null,\"weight\":2,\"changed\":\"2023-03-10T19:04:22+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$b2\"}\nb6:{\"drupal_internal__target_id\":\"topics\"}\nb5:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":\"$b6\"}\nb8:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/c12221c3-2c7e-4eb0-903f-0470aad63bf0/vid?resourceVersion=id%3A16\"}\nb9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/c12221c3-2c7e-4eb0-903f-0470aad63bf0/relationships/vid?resourceVersion=id%3A16\"}\nb7:{\"related\":\"$b8\",\"self\":\"$b9\"}\nb4:{\"data\":\"$b5\",\"links\":\"$b7\"}\nbc:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/c12221c3-2c7e-4eb0-903f-0470aad63bf0/revision_user?resourceVersion=id%3A16\"}\nbd:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/c12221c3-2c7e-4eb0-903f-0470aad63bf0/relationships/revision_user?resourceVersion=id%3A16\"}\nbb:{\"related\":\"$bc\",\"self\":\"$bd\"}\nba:{\"data\":null,\"links\":\"$bb\"}\nc4:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\nc3:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$c4\"}\nc2:{\"help\":\"$c3\"}\nc1:{\"links\":\"$c2\"}\nc0:{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":\"$c1\"}\nbf:[\"$c0\"]\nc6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/c12221c3-2c7e-4eb0-9"])</script><script>self.__next_f.push([1,"03f-0470aad63bf0/parent?resourceVersion=id%3A16\"}\nc7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/c12221c3-2c7e-4eb0-903f-0470aad63bf0/relationships/parent?resourceVersion=id%3A16\"}\nc5:{\"related\":\"$c6\",\"self\":\"$c7\"}\nbe:{\"data\":\"$bf\",\"links\":\"$c5\"}\nb3:{\"vid\":\"$b4\",\"revision_user\":\"$ba\",\"parent\":\"$be\"}\nae:{\"type\":\"taxonomy_term--topics\",\"id\":\"c12221c3-2c7e-4eb0-903f-0470aad63bf0\",\"links\":\"$af\",\"attributes\":\"$b1\",\"relationships\":\"$b3\"}\nca:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38?resourceVersion=id%3A21\"}\nc9:{\"self\":\"$ca\"}\ncc:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\ncb:{\"drupal_internal__tid\":21,\"drupal_internal__revision_id\":21,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:05:35+00:00\",\"status\":true,\"name\":\"Federal Policy \u0026 Guidance\",\"description\":null,\"weight\":3,\"changed\":\"2023-03-10T19:04:22+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$cc\"}\nd0:{\"drupal_internal__target_id\":\"topics\"}\ncf:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":\"$d0\"}\nd2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/vid?resourceVersion=id%3A21\"}\nd3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/relationships/vid?resourceVersion=id%3A21\"}\nd1:{\"related\":\"$d2\",\"self\":\"$d3\"}\nce:{\"data\":\"$cf\",\"links\":\"$d1\"}\nd6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/revision_user?resourceVersion=id%3A21\"}\nd7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/relationships/revision_user?resourceVersion=id%3A21\"}\nd5:{\"related\":\"$d6\",\"self\":\"$d7\"}\nd4:{\"data\":null,\"links\":\"$d5\"}\nde:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\ndd:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$de\"}\ndc:{\"help\":\"$dd\"}\ndb:{\"links\":\"$dc\"}\nda:{\"t"])</script><script>self.__next_f.push([1,"ype\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":\"$db\"}\nd9:[\"$da\"]\ne0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/parent?resourceVersion=id%3A21\"}\ne1:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/relationships/parent?resourceVersion=id%3A21\"}\ndf:{\"related\":\"$e0\",\"self\":\"$e1\"}\nd8:{\"data\":\"$d9\",\"links\":\"$df\"}\ncd:{\"vid\":\"$ce\",\"revision_user\":\"$d4\",\"parent\":\"$d8\"}\nc8:{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"links\":\"$c9\",\"attributes\":\"$cb\",\"relationships\":\"$cd\"}\n"])</script><script>self.__next_f.push([1,"5:[\"$\",\"$L17\",null,{\"content\":{\"data\":{\"type\":\"node--library\",\"id\":\"76ca103f-df48-4164-be97-c4a6902a3f94\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94?resourceVersion=id%3A5872\"}},\"attributes\":{\"drupal_internal__nid\":1171,\"drupal_internal__vid\":5872,\"langcode\":\"en\",\"revision_timestamp\":\"2024-08-20T13:08:41+00:00\",\"status\":true,\"title\":\"CMS Guide to Federal Laws, Regulations, and Policies\",\"created\":\"2024-02-16T17:33:29+00:00\",\"changed\":\"2024-08-07T15:53:44+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/policy-guidance/cms-guide-federal-laws-regulations-and-policies\",\"pid\":1172,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":{\"value\":\"$18\",\"format\":\"body_text\",\"processed\":\"$19\",\"summary\":\"\"},\"field_contact_email\":\"CISO@cms.hhs.gov\",\"field_contact_name\":\"CISO Team\",\"field_last_reviewed\":\"2024-02-16\",\"field_related_resources\":[{\"uri\":\"https://security.cms.gov/learn/cms-governance-risk-and-compliance-grc\",\"title\":\"CMS Governance, Risk, and Compliance (GRC)\",\"options\":[],\"url\":\"https://security.cms.gov/learn/cms-governance-risk-and-compliance-grc\"},{\"uri\":\"https://csrc.nist.gov/publications/sp\",\"title\":\"NIST Special Publications\",\"options\":[],\"url\":\"https://csrc.nist.gov/publications/sp\"},{\"uri\":\"https://csrc.nist.gov/publications/fips\",\"title\":\"Federal Information Processing Standards (FIPS)\",\"options\":[],\"url\":\"https://csrc.nist.gov/publications/fips\"}],\"field_short_description\":{\"value\":\"A comprehensive list of the federal laws, regulations, and policies that shape how information security and privacy are managed at CMS\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eA comprehensive list of the federal laws, regulations, and policies that shape how information security and privacy are managed at CMS\u003c/p\u003e\\n\"}},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"ab4b0312-f678-40b9-ae06-79025f52ff43\",\"meta\":{\"drupal_internal__target_id\":\"library\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/node_type?resourceVersion=id%3A5872\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/relationships/node_type?resourceVersion=id%3A5872\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"0a524d8d-c305-48cb-b7e8-ac3897f622d2\",\"meta\":{\"drupal_internal__target_id\":105}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/revision_uid?resourceVersion=id%3A5872\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/relationships/revision_uid?resourceVersion=id%3A5872\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":{\"drupal_internal__target_id\":6}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/uid?resourceVersion=id%3A5872\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/relationships/uid?resourceVersion=id%3A5872\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"e3394b9a-cbff-4bad-b68e-c6fad326132e\",\"meta\":{\"drupal_internal__target_id\":91}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/field_resource_type?resourceVersion=id%3A5872\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/relationships/field_resource_type?resourceVersion=id%3A5872\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":{\"drupal_internal__target_id\":66}},{\"type\":\"taxonomy_term--roles\",\"id\":\"a2b33f6a-8172-4862-9c0e-6e5076b6cf26\",\"meta\":{\"drupal_internal__target_id\":81}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/field_roles?resourceVersion=id%3A5872\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/relationships/field_roles?resourceVersion=id%3A5872\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"c12221c3-2c7e-4eb0-903f-0470aad63bf0\",\"meta\":{\"drupal_internal__target_id\":16}},{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"meta\":{\"drupal_internal__target_id\":21}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/field_topics?resourceVersion=id%3A5872\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/76ca103f-df48-4164-be97-c4a6902a3f94/relationships/field_topics?resourceVersion=id%3A5872\"}}}}},\"included\":[{\"type\":\"node_type--node_type\",\"id\":\"ab4b0312-f678-40b9-ae06-79025f52ff43\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node_type/node_type/ab4b0312-f678-40b9-ae06-79025f52ff43\"}},\"attributes\":{\"langcode\":\"en\",\"status\":true,\"dependencies\":{\"module\":[\"menu_ui\",\"scheduler\"]},\"third_party_settings\":{\"menu_ui\":{\"available_menus\":[],\"parent\":\"\"},\"scheduler\":{\"expand_fieldset\":\"when_required\",\"fields_display_mode\":\"vertical_tab\",\"publish_enable\":false,\"publish_past_date\":\"error\",\"publish_past_date_created\":false,\"publish_required\":false,\"publish_revision\":false,\"publish_touch\":false,\"show_message_after_update\":true,\"unpublish_enable\":false,\"unpublish_required\":false,\"unpublish_revision\":false}},\"name\":\"Library page\",\"drupal_internal__type\":\"library\",\"description\":\"Use \u003ci\u003eLibrary pages\u003c/i\u003e to publish CMS Security and Privacy Handbooks or other long-form policy and guidance documents.\",\"help\":null,\"new_revision\":true,\"preview_mode\":1,\"display_submitted\":true}},{\"type\":\"user--user\",\"id\":\"0a524d8d-c305-48cb-b7e8-ac3897f622d2\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/0a524d8d-c305-48cb-b7e8-ac3897f622d2\"}},\"attributes\":{\"display_name\":\"jcorral\"}},{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/e352e203-fe9c-47ba-af75-2c7f8302fca8\"}},\"attributes\":{\"display_name\":\"mburgess\"}},{\"type\":\"taxonomy_term--resource_type\",\"id\":\"e3394b9a-cbff-4bad-b68e-c6fad326132e\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e?resourceVersion=id%3A91\"}},\"attributes\":{\"drupal_internal__tid\":91,\"drupal_internal__revision_id\":91,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:10:37+00:00\",\"status\":true,\"name\":\"Handbooks\",\"description\":null,\"weight\":3,\"changed\":\"2023-03-10T19:04:03+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"3a0127c4-ee06-41ed-8239-f796f6d78eb3\",\"meta\":{\"drupal_internal__target_id\":\"resource_type\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/vid?resourceVersion=id%3A91\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/relationships/vid?resourceVersion=id%3A91\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/revision_user?resourceVersion=id%3A91\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/relationships/revision_user?resourceVersion=id%3A91\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--resource_type\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/parent?resourceVersion=id%3A91\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/relationships/parent?resourceVersion=id%3A91\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5?resourceVersion=id%3A66\"}},\"attributes\":{\"drupal_internal__tid\":66,\"drupal_internal__revision_id\":66,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:26+00:00\",\"status\":true,\"name\":\"Cyber Risk Advisor (CRA)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:26+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/vid?resourceVersion=id%3A66\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/vid?resourceVersion=id%3A66\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/revision_user?resourceVersion=id%3A66\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/revision_user?resourceVersion=id%3A66\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/parent?resourceVersion=id%3A66\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/parent?resourceVersion=id%3A66\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"a2b33f6a-8172-4862-9c0e-6e5076b6cf26\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26?resourceVersion=id%3A81\"}},\"attributes\":{\"drupal_internal__tid\":81,\"drupal_internal__revision_id\":81,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:09:11+00:00\",\"status\":true,\"name\":\"Data Guardian\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:09:11+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/vid?resourceVersion=id%3A81\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/relationships/vid?resourceVersion=id%3A81\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/revision_user?resourceVersion=id%3A81\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/relationships/revision_user?resourceVersion=id%3A81\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/parent?resourceVersion=id%3A81\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/relationships/parent?resourceVersion=id%3A81\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab?resourceVersion=id%3A61\"}},\"attributes\":{\"drupal_internal__tid\":61,\"drupal_internal__revision_id\":61,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:12+00:00\",\"status\":true,\"name\":\"Information System Security Officer (ISSO)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:12+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/vid?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/vid?resourceVersion=id%3A61\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/revision_user?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/revision_user?resourceVersion=id%3A61\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/parent?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/parent?resourceVersion=id%3A61\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34?resourceVersion=id%3A76\"}},\"attributes\":{\"drupal_internal__tid\":76,\"drupal_internal__revision_id\":76,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:55+00:00\",\"status\":true,\"name\":\"System / Business Owner\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:55+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/vid?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/vid?resourceVersion=id%3A76\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/revision_user?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/revision_user?resourceVersion=id%3A76\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/parent?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/parent?resourceVersion=id%3A76\"}}}}},{\"type\":\"taxonomy_term--topics\",\"id\":\"c12221c3-2c7e-4eb0-903f-0470aad63bf0\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/c12221c3-2c7e-4eb0-903f-0470aad63bf0?resourceVersion=id%3A16\"}},\"attributes\":{\"drupal_internal__tid\":16,\"drupal_internal__revision_id\":16,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:05:20+00:00\",\"status\":true,\"name\":\"CMS Policy \u0026 Guidance\",\"description\":null,\"weight\":2,\"changed\":\"2023-03-10T19:04:22+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":{\"drupal_internal__target_id\":\"topics\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/c12221c3-2c7e-4eb0-903f-0470aad63bf0/vid?resourceVersion=id%3A16\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/c12221c3-2c7e-4eb0-903f-0470aad63bf0/relationships/vid?resourceVersion=id%3A16\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/c12221c3-2c7e-4eb0-903f-0470aad63bf0/revision_user?resourceVersion=id%3A16\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/c12221c3-2c7e-4eb0-903f-0470aad63bf0/relationships/revision_user?resourceVersion=id%3A16\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/c12221c3-2c7e-4eb0-903f-0470aad63bf0/parent?resourceVersion=id%3A16\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/c12221c3-2c7e-4eb0-903f-0470aad63bf0/relationships/parent?resourceVersion=id%3A16\"}}}}},{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38?resourceVersion=id%3A21\"}},\"attributes\":{\"drupal_internal__tid\":21,\"drupal_internal__revision_id\":21,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:05:35+00:00\",\"status\":true,\"name\":\"Federal Policy \u0026 Guidance\",\"description\":null,\"weight\":3,\"changed\":\"2023-03-10T19:04:22+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":{\"drupal_internal__target_id\":\"topics\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/vid?resourceVersion=id%3A21\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/relationships/vid?resourceVersion=id%3A21\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/revision_user?resourceVersion=id%3A21\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/relationships/revision_user?resourceVersion=id%3A21\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/parent?resourceVersion=id%3A21\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/relationships/parent?resourceVersion=id%3A21\"}}}}}],\"includedMap\":{\"ab4b0312-f678-40b9-ae06-79025f52ff43\":\"$1a\",\"0a524d8d-c305-48cb-b7e8-ac3897f622d2\":\"$24\",\"e352e203-fe9c-47ba-af75-2c7f8302fca8\":\"$28\",\"e3394b9a-cbff-4bad-b68e-c6fad326132e\":\"$2c\",\"9d999ae3-b43c-45fb-973e-dffe50c27da5\":\"$46\",\"a2b33f6a-8172-4862-9c0e-6e5076b6cf26\":\"$60\",\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\":\"$7a\",\"f591f442-c0b0-4b8e-af66-7998a3329f34\":\"$94\",\"c12221c3-2c7e-4eb0-903f-0470aad63bf0\":\"$ae\",\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\":\"$c8\"}}}]\n"])</script><script>self.__next_f.push([1,"a:[[\"$\",\"meta\",\"0\",{\"name\":\"viewport\",\"content\":\"width=device-width, initial-scale=1\"}],[\"$\",\"meta\",\"1\",{\"charSet\":\"utf-8\"}],[\"$\",\"title\",\"2\",{\"children\":\"CMS Guide to Federal Laws, Regulations, and Policies | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"3\",{\"name\":\"description\",\"content\":\"A comprehensive list of the federal laws, regulations, and policies that shape how information security and privacy are managed at CMS\"}],[\"$\",\"link\",\"4\",{\"rel\":\"canonical\",\"href\":\"https://security.cms.gov/policy-guidance/cms-guide-federal-laws-regulations-and-policies\"}],[\"$\",\"meta\",\"5\",{\"name\":\"google-site-verification\",\"content\":\"GMZIwBDJgz_o_JYUB2GpJazkrs7P85BaWDsoCjxF32M\"}],[\"$\",\"meta\",\"6\",{\"property\":\"og:title\",\"content\":\"CMS Guide to Federal Laws, Regulations, and Policies | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"7\",{\"property\":\"og:description\",\"content\":\"A comprehensive list of the federal laws, regulations, and policies that shape how information security and privacy are managed at CMS\"}],[\"$\",\"meta\",\"8\",{\"property\":\"og:url\",\"content\":\"https://security.cms.gov/policy-guidance/cms-guide-federal-laws-regulations-and-policies\"}],[\"$\",\"meta\",\"9\",{\"property\":\"og:image:type\",\"content\":\"image/jpeg\"}],[\"$\",\"meta\",\"10\",{\"property\":\"og:image:width\",\"content\":\"1200\"}],[\"$\",\"meta\",\"11\",{\"property\":\"og:image:height\",\"content\":\"630\"}],[\"$\",\"meta\",\"12\",{\"property\":\"og:image\",\"content\":\"https://security.cms.gov/policy-guidance/cms-guide-federal-laws-regulations-and-policies/opengraph-image.jpg?a856d5522b751df7\"}],[\"$\",\"meta\",\"13\",{\"property\":\"og:type\",\"content\":\"website\"}],[\"$\",\"meta\",\"14\",{\"name\":\"twitter:card\",\"content\":\"summary_large_image\"}],[\"$\",\"meta\",\"15\",{\"name\":\"twitter:title\",\"content\":\"CMS Guide to Federal Laws, Regulations, and Policies | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"16\",{\"name\":\"twitter:description\",\"content\":\"A comprehensive list of the federal laws, regulations, and policies that shape how information security and privacy are managed at CMS\"}],[\"$\",\"meta\",\"17\",{\"name\":\"twitter:image:type\",\"content\":\"image/jpeg\"}],[\"$\",\"meta\",\"18\",{\"name\":\"twitter:image:width\",\"content\":\"1200\"}],[\"$\",\"meta\",\"19\",{\"name\":\"twitter:image:height\",\"content\":\"630\"}],[\"$\",\"meta\",\"20\",{\"name\":\"twitter:image\",\"content\":\"https://security.cms.gov/policy-guidance/cms-guide-federal-laws-regulations-and-policies/opengraph-image.jpg?a856d5522b751df7\"}],[\"$\",\"link\",\"21\",{\"rel\":\"icon\",\"href\":\"/favicon.ico\",\"type\":\"image/x-icon\",\"sizes\":\"48x48\"}]]\n"])</script><script>self.__next_f.push([1,"4:null\n"])</script></body></html>