Agency IT Policy Archive


Number Title and Link Description
1878.1 GSA Privacy Act Program This policy establishes the GSA Privacy Act Program Web site as the official vehicle for the privacy program, policy and procedures. The GSA Privacy Act Program addresses information privacy and security issues, establishes GSA's privacy policies and procedures, provides guidance and direction on implementing program requirements, defines privacy related contracting requirements, and assigns responsibilities to ensure compliance with the Privacy Act of 1974, as amended, and other applicable laws and regulations.
1878.2A Conducting Privacy Impact Assessments (PIAs) in GSA This directive establishes policy and procedures for addressing privacy issues in GSA Information Technology (IT) systems, online Web sites, and social media venues containing personal information about individuals. This policy and procedure establishes the Privacy Impact Assessment (PIA) as the required tool for conducting privacy evaluations, defines the privacy issues to be addressed, describes the steps for completing a PIA report, and provides the PIA report format. This policy and procedure assigns responsibilities to ensure compliance with applicable laws and regulations governing privacy and GSA policies and procedures for conducting PIAs.
2100.2B GSA Wireless Local Area Network (LAN) Security The objective of this policy is to ensure that GSA networks minimize the risk of unauthorized users gaining access to GSA information or information technology resources through wireless LAN connectivity.

Mandatory Information Technology (IT) Security Training Requirement for Agency and Contractor Employees with Significant Security Responsibilities


This Order provides direction and guidance on training requirements for all General Services Administration and contractor employees with significant Information Technology (IT) security responsibilities, as set forth in the Federal Information Security Management Act (FISMA) and Office of Personnel Management (OPM) regulation.
2102.1 Information Technology (IT) Integration Policy To set forth policy for integrating key IT principles when planning and managing IT solutions developed for or operated by GSA. This policy has been developed to assure that solutions are compliant with GSA IT standards; these standards are addressed as early as possible during project and acquisition planning activities; and GSA IT is engaged throughout the project lifecycle.
2104.1A CHGE 1 GSA Information Technology (IT) General Rules of Behavior This order sets forth the General Services Administration's (GSA's) policy on IT General Rules of Behavior. The IT General Rules of Behavior implement the Federal policies and GSA Directives provided in the "References" section of this order.
2105.1C CHGE 1 GSA Section 508: Managing Information and Communications Technology (ICT) for Individuals with Disabilities The purpose of this order is to provide policy management of Section 508 initiatives of the Rehabilitation Act of 1973, as amended, throughout the General Services Administration (GSA).
2105.2 GSA Section 508 Procedures Handbook This Handbook amplifies CIO 2105.1C GSA Section 508: Managing Information and Communications Technology (ICT) for Individuals with Disabilities.
2106.1 GSA Social Media Policy This Order establishes policy for employee use of social media. this order and its accompanying guide will evolve, but in general terms, this order defines guiding principles for use of these technologies by GSA employees. The use of social media technology follows the same standards of professional practice and conduct associated with everything else we do. Common sense and sound judgment help avoid the most vexing issues.
2107.1 Implementation of the Online Resource Reservation Software This directive provides direction and guidance on agency-wide implementation of the standard GSA-wide online workspace, conference room, and shared resource reservation software.
2108.1 Software License Management GSA is consolidating software license management and establishing a software license management program. This Order establishes software license management roles, responsibilities, and procedures..
2110.3 GSA Enterprise Architecture Policy This directive prescribes agency-wide policy, principles, roles and responsibilities for the establishment and implementation of the GSA Enterprise Architecture (EA).
2130.2 Enterprise IT Governance This policy provides direction and guidance on GSA Enterprise IT Governance (EIG). EIG is a structured decision-making framework for identifying, selecting, prioritizing, and tracking all IT investments and initiatives for the GSA enterprise. EIG integrates new business-driven approaches to investment evaluation and selection with existing agency activities and programs (e.g., Spend Tracker and legacy PBS IT governance).
2135.2B GSA Information Technology (IT) Capital Planning and Investment Control This Order establishes agency-wide policies, roles and responsibilities for GSA’s IT Capital Planning and Investment Control process (CPIC). CPIC is an integrated management process for the continuous selection, control, and evaluation of IT investments over their life cycles and is focused on achieving desired outcomes in support of GSA’s missions, goals, and objectives. GSA’s CPIC process must be closely aligned to GSA IT enterprise architecture, IT security, IT acquisition, strategic planning, and capital budgeting processes. This order updates GSA’s CPIC policy, consistent with the Clinger-Cohen Act and Office of Management and Budget (OMB) guidance.
2140.4 Information Technology (IT) Solutions Life Cycle (SLC) Policy This Order sets forth policy for use of disciplined SDLC processes, practices, and procedures for planning and managing IT systems being developed or operated by and for GSA. This policy has been developed to assure SDLC discipline is used by Service and Staff Offices (SSO) and including Regional Offices that is consistent with the stated SDLC guiding principles and policy. The GSA SDLC has been updated. It is now titled the Solution Lifecycle (SLC) Guidance. It is currently pending final management review and approval and will, with the revised order, be released in time for use by FY2016.
2141.2 General Services Administration (GSA) Web Domain Names This Order sets forth GSA’s internal guidance to assist organizations desiring to obtain unique website identifications and provides domain name guidance for GSA staff organizations, including service, geographical, and operational areas.
2140.1 GSA Information and Data Quality Handbook The intent of this handbook is to develop a framework for consistent information and dataset management methods. Formally establishing information and data quality principles allows GSA to robustly leverage data for its own business use as well as sharing it with the public. Section 515 of the Treasury and General Government Appropriations Act of 2001 mandates that GSA maximizes the quality, objectivity, utility, and integrity of information it disseminates.
2160.1E General Services Administration (GSA) Information Technology (IT) Standards Profile To ensure acquisition and use of standard information technologies and proper maintenance of the IT Standards Profile; to ensure that all acquisitions that include information technologies or cloud services specify adherence to the IT Standards Profile and to ensure the correctness, completeness, and currency of the IT Standards Profile through the definition of roles, responsibilities, and processes for IT Standards Profile governance and maintenance.
2160.2B CHGE 1 GSA Electronic Messaging and Related Services This Order updates GSA's directive on electronic messaging due to the move from a server-based messaging system to cloud-based e-mail and collaboration tools and additional federal requirements for managing electronic mail records. This directive addresses security, appropriate use, and recordkeeping of the GSA Enterprise Messaging Services (GEMS) in a cloud-based environment.
2160.44A Provisioning of Information Technology (IT) Devices The purpose of this order is to provide direction and guidance on the deployment of computer workstations, wireless devices and printers for agency and designated contractor personnel.
2162.1 Digital Signatures This Order authorizes the use of digital signatures as the preferred means of providing signatures for GSA documents, forms, correspondence, and/or emails. By broadly adopting the use of digital signatures, GSA can improve its efficiency, reduce or eliminate paper and paper filing requirements, and facilitate signatures among parties who are in different locations due to geography or telework status.
2164.1 Internal Clearance Process for GSA Data Assets This Order provides the internal clearance process that GSA must follow before releasing GSA data assets. The established clearance process ensures that the privacy, security, and confidentiality of GSA’s critical data assets are protected from unauthorized access, release, and dissemination.
2165.2 GSA Telecommunications Policy This policy establishes the policy for General Services Administration (GSA) authorized users for utilization of GSA-provided telecommunications equipment, systems and services (hereafter, GSA telecommunications).
2180.1 Electronic Signatures to Contractually Obligate Funds This Order provides policy and direction for using electronic signatures to contractually obligate funds.
2180.1 GSA Rules of Behavior for Handling Personally Identifiable Information (PII) This directive provides GSA’s policy on how to properly handle PII and the consequences and corrective actions that will be taken when a breach has occurred.
2181.1 Homeland Security Presidential Directive-12 Personal Identity Verification and Credentialing This order issues and transmits the GSA HSPD-12 Personal Identity Verification and Credentialing Handbook which covers requirements and procedures for personnel investigations, credentialing requests, and the issuance of PIV cards. This Handbook supplements instructions contained in the following documents and takes precedence while these more authoritative documents are in the process of being revised to be compliant with HSPD-12 requirements:
2182.2 Mandatory Use of Personal Identity Verification (PIV) Credentials This order requires the acceptance of Federal Personal Identity Verification (PIV) smartcard credentials as the common means to authenticate federal employee and contractor access to the General Services Administration (GSA) facilities, networks, and information systems.
5440.628 ADM Position of Deputy Chief Information Officer is Established This Order establishes a Deputy position in the Office of the Chief Information Officer for the purpose of carrying out the functions needed within this organization to meet the agency’s mission and goals. The Deputy position shares fully in the duties, responsibilities, and authorities of the Chief position.
5440.639 ADM Changes in GSA Organization--CIO This order establishes changes to the organizational structure within CIO. As part of CIO’s continuous review of its organizational structure and effectiveness, CIO has determined that several organizations within CIO will be realigned and/or changed to improve organizational and operational efficiency and service delivery to its customer organizations.
5450.1 CIO CHGE 1 GSA Delegation of Authority Manual (GSA IT) This Order revises part of the GSA Delegations of Authority Manual to re-delegate certain authorities that were delegated by the Administrator to the Chief Information Officer (CIO) to the Deputy CIO and the Chief Information Security Officer.
7000.3 Information Technology Standards for Internal GSA Workplaces This Order is in support of GSA’s initiative to create model workplaces that support collaboration, improve productivity and utilization, and reduce costs. GSA has developed a set of standards to ensure that internal workplaces can function and be managed as a shared resource. These operating principles have been established to provide consistent and standardized workplace protocols and IT configurations.
9297.1 GSA Data Release Policy This Order provides GSA’s policy on releasing information relating to GSA employees, contractors, and others on whom GSA maintains information described in this document.
9297.2B GSA Information Breach Notification Policy This Order provides GSA’s policy on what actions should be taken when it is determined that Personally Identifiable Information (PII) has been compromised and employees and contractors need to be notified.
1000G GSA Telecommunications Guide This guide establishes the General Services Administration’s (GSA) guidance regarding the use of GSA-provided employee telecommunications equipment, systems and services to facilitate information sharing and communications inside and outside of the Agency for conducting Government business. This guide amplifies CIO 2165.2 GSA Telecommunications Policy.
IL-01 Policy for OAuth 2.0 Integration with Accounts This Instructional Letter (IL) establishes GSA policies for OAuth 2.0 integration of accounts with third party services including but not limited to Websites, Software as a Service (SaaS), mobile applications, and Google Apps Scripts.


A Zip file containing the IT policies listed above is available at: GSA IT Policy Archive Aug16 [ZIP - 8.03 MB], updated 8/08/16]

NOTE: All GSA policies can be found at

The shortcut to this webpage is




Last Reviewed 2016-08-08