Cybersecurity Programs & Policy

GSA manages many IT security programs, and helps agencies implement IT policy that enhances the safety and resiliency of the government’s systems and networks.

Programs

Identity, Credential, and Access Management (ICAM)

• Federal Identity, Credential and Access Management (FICAM) Program - Guidance to help federal agencies implement security disciplines that enable the right individual to access the right resource, at the right time, for the right reason.
  • FICAM Playbooks
  • Federal Public Key Infrastructure (FPKI)
  • IDManagement.gov
• USAccess Program - Shared service that provides civilian agencies with badging solutions.
• Login.gov - Simple, secure access to government services online.
• Identity, Credentials, and Access Management for GSA program offices.

Domains and Web Hosting

• .Gov Domain Services Program - Supports trusted internet transactions, communications, and the .gov top-level domain (TLD) used by government entities in the United States.
• DotGov Domain Registry - Learn about the dotgov domain registry.
• Federalist - A publishing platform that creates modern and compliant government websites.
• Pulse - How federal government domains are meeting web best practices.

Cloud

• Federal Risk and Authorization Management Program (FedRAMP) - Standardized government approach to security assessment, authorization, and continuous monitoring for cloud products and services.
• Cloud.gov - Expedite your agency’s path to a secure & compliant cloud.

Department of Homeland Security (DHS)

• Federal Information Security Modernization Act - Overview.
• Continuous Diagnostics and Mitigation (CDM) - Guidance on fortifying the cybersecurity of government networks and systems.
• Homeland Security Presidential Directive 12 (HSPD-12) - Overview.
• Cybersecurity Publications - Frequently requested publications supporting DHS’s cybersecurity priority and mission.
• Blueprint for a Secure Cyber Future - The Cybersecurity Strategy for the Homeland Security Enterprise[PDF]

National Institute of Standards and Technology (NIST)

• Risk Management - NIST Federal Information Security Modernization Act (FISMA) Implementation Project Overview.
• Security Content Automation Protocol (SCAP) Validated Products and Modules
• Glossary of Key Information Security Terms [PDF]

Governance

Cybersecurity policies and requirements for federal agencies.

Laws

• Federal Information Security Modernization Act of 2014 (FISMA 2014) - Public Law No: 113-283 (12/18/2014)

Policies

• White House Office of Management and Budget (OMB) Circulars
  • OMB Circular A-130 [PDF]
• OMB Memoranda
  • M-18-02, Fiscal Year 2017-2018 Guidance on Federal Information Security and Privacy Management [PDF] (June 15, 2017)
  • M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information [PDF] (Jan 3, 2017)
  • M-17-02, Precision Medicine Initiative Privacy and Security [PDF](Oct 21, 2016)
  • M-16-19, Data Center Optimization Initiative (DCOI) [PDF](August 1, 2016)
  • M-16-15, Federal Cybersecurity Workforce Strategy [PDF] (July 12, 2016)
  • M-16-04, Cybersecurity Strategy and Implementation Plan (CSIP) for the Federal Civilian Government [PDF] (October 30, 2015)
  • M-15-16, Multi-Agency Science and Technology Priorities for the FY 2017 Budget [PDF] (July 9, 2015)
  • M-10-28, Clarifying Cybersecurity Responsibilities and Activities of the Executive Office of the President and the Department of Homeland [PDF]
• Presidential Executive Orders (EO)
  • EO 13800 - Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
  • EO 13691 - Promoting Private Sector Cybersecurity Information Sharing
  • EO 13681 - Improving the Security of Consumer Financial Transactions
  • EO 13636 - Improving Critical Infrastructure Cybersecurity
  • EO 13556 - Controlled Unclassified Information
• Presidential Policy Directives (PPD)
  • PPD 41 - United States Cyber Incident Coordination
  • PPD 21 - Critical Infrastructure Security and Resilience
• Homeland Security Presidential Directives (HSPD)
  • HSPD 20 - National Continuity Policy [PDF]
  • HSPD 12 - Policy for a Common Identification Standard for Federal Employees and Contractors
  • DHS Presidential Directives
• Federal Emergency Management Agency (FEMA) Directives
  • Federal Continuity Directive 1 - Federal Executive Branch National Continuity Program and Requirements [PDF]

Standards

• NIST Computer Security Resource Center - Extensive collection of standards, guidelines, recommendations, and research on the security and privacy of information and information systems.
  • Federal Information Processing Standards (FIPS) - Security standards.
  • Special Publications (SP) 800 - Computer security.
  • Special Publications (SP) 1800 - Cybersecurity practice guides.