2100.1L CIO CHGE 1 GSA Information Technology (IT) Security Policy
- Posted Date: 07/15/2019
- Status: Validated
- Outdated on: 07/15/2026
GENERAL SERVICES ADMINISTRATION
Washington, DC 20405
CIO 2100.1L CHGE 1
July 15, 2019
1. Purpose. This Order outlines the General Services Administration’s (GSA) IT Security Policy.
2. Cancellation. This Order cancels and supersedes GSA Order CIO 2100.1L, GSA Information Technology (IT) Security Policy
3. Explanation of Change. Updates the information concerning password length, complexity and expiration.
a. This IT Security Policy applies to all GSA Federal employees, contractors, and vendors of GSA, who manage, maintain, operate, or protect GSA systems or data, all GSA IT systems, and any GSA data contained on or processed by IT systems owned and operated by or on the behalf of any of the Services or Staff Offices.
b. This policy applies to the Office of Inspector General (OIG) only to the extent that the OIG determines it is consistent with the OIG’s independent authority under the IG Act and it does not conflict with other OIG policies or the OIG mission.
c. This policy applies to the Civilian Board of Contract Appeals (CBCA) only to the extent that the CBCA determines it is consistent with the CBCA's independent authority under the Contract Disputes Act and other authorities and it does not conflict with the CBCA's policies or the CBCA mission.
Chief Information Officer
Office of GSA IT