GSA IT Security Policies

To make sure we are protecting GSA systems from hackers and other cyber attacks at all times, each of us plays an important part in this security effort. The policies linked on this page will help you understand these efforts.

GSA Orders Related to Information Technology Security

DevSecOps Model Separation of Duties - CIO IL-22-01 DevSecOps_Model_Separation of Duties [PDF - 50 KB] (03-10-2022)
This instructional letter (IL) is to provide the security practice instructions and procedure guidance for teams to achieve Separation of Duty (SOD) in a Development Operations/Development Security Operations (DevOps/DevSecOps) working model.

IT Security Policy - 2100.1M CIO GSA Information Technology (IT) Security Policy [PDF - 793 KB] (March 26, 2021)
The newly updated IT Security Policy outlines all aspects of IT security that are required to keep GSA’s assets protected. Objectives of the policy are to ensure the confidentiality, integrity and availability of all IT resources by employing security controls and managing risk.

GSA Information Technology (IT) Rules of Behavior - CIO 2104.1B [PDF - 247 KB] (April 2, 2019)
This Order sets forth GSA's policy on user responsibilities for the secure use of the agency's IT assets. The General Rules of Behavior implement federal policies and GSA Directives and are included in GSA mandatory training.

Last Reviewed: 2022-03-22