GSA IT Security Policies

To make sure we are protecting GSA systems from hackers and other cyber attacks at all times, each of us plays an important part in this security effort. The policies linked on this page will help you understand these efforts.

GSA Orders Related to Information Technology Security

IT Security Policy - 2100.1L CIO IT Security Policy [PDF - 775 KB] (July 15, 2019)
The newly updated IT Security Policy outlines all aspects of IT security that are required to keep GSA’s assets protected. Objectives of the policy are to ensure the confidentiality, integrity and availability of all IT resources by employing security controls and managing risk

GSA Information Technology (IT) Rules of Behavior - CIO 2104.1B [PDF - 247 KB] (April 2, 2019)
This Order sets forth GSA's policy on user responsibilities for the secure use of the agency's IT assets. The General Rules of Behavior implement federal policies and GSA Directives and are included in GSA mandatory training.

Last Reviewed: 2020-04-28