-
Notifications
You must be signed in to change notification settings - Fork 70
/
Copy pathpolicies.yml
154 lines (139 loc) · 11.5 KB
/
policies.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
# GSA: IDManagement.gov
# Polices for _university/policies.md
# Jekyll access: site.data.policies
# Format: YAML
#
# Legend:
# name: name of policy
# pubdate: the year(YYYY) or full name of month and Year(M YYYY)
# url: address on the document or site
# target: options(_blank|_self) _blank = new browser window, _self = replace current page content
# summary: description of the policy
# source: web address of website, name of site, governing orgainzation, or regulatory body
# expanded: options(true|false) default is false, which means the accordion is closed in it's initial state
#
# See: Blank Policy Template at the end of this file to create a new entry
# General Rule: if the desired default display state of the accordion is `expanded`, set the expanded property to `true` (default is `false`) to keep the page condensed.
# Note: default setting are listed last, not to get in the way of data entry
#
- name: "Office of Personnel Management Memorandum: Temporary Procedures for Personnel Vetting and Appointment of New Employees during Maximum Telework Period due to Coronavirus COVID-19."
summary: This memorandum sets forth _temporary procedures_ for the vetting and appointment of federal personnel, collection of biometrics for federal employment, and employment authorization and eligibility.
pubdate: March 2020
url: https://www.opm.gov/policy-data-oversight/covid-19/temporary-procedures-for-personnel-vetting-and-appointment-of-new-employees-during-maximum-telework-period-due-to-coronavirus-covid-19/
source: Office of Personnel Management Memorandum
target: _blank
expanded: false
doctype: Website
- name: "M 20-19: Harnessing Technology to Support Mission Continuity"
summary: This memorandum directs that agencies utilize technology to the greatest extent practicable to support mission continuity during the national emergency. By aggressively embracing technology to support business processes, the federal government is better positioned to maintain the safety and well-being of the federal workforce and the American public while supporting the continued delivery of vital mission services. The set of _frequently asked questions_ are intended to provide additional guidance and further assist the IT workforce as it addresses impacts.
pubdate: March 2020
url: https://www.whitehouse.gov/wp-content/uploads/2020/03/M-20-19.pdf
source: The Whitehouse
target: _blank
expanded: false
doctype: PDF
- name: "M-19-17: Enabling Mission Delivery through Improved Identity, Credential, and Access Management (ICAM)"
summary: This memorandum sets forth the federal government’s ICAM policy. To ensure secure and efficient operations, agencies of the federal government must be able to identify, credential, monitor, and manage subjects that access federal resources. This includes information, information systems, facilities, and secured areas across their respective enterprises. In particular, how agencies conduct identity proofing, establish enterprise digital identities, and adopt sound processes for authentication and access control significantly affects the security and delivery of their services as well as individuals’ privacy.
pubdate: May 2019
url: https://www.whitehouse.gov/wp-content/uploads/2019/05/M-19-17.pdf
source: The Whitehouse
target: _blank
expanded: false
doctype: PDF
- name: "M-19-03: Strengthening the Cybersecurity of Federal Agencies by enhancing the High Value Asset (HVA) Program"
summary: "With the creation of the HVA initiative in 2015, the federal government's CFO Act agencies took a pivotal step toward the identification of its most critical assets. DHS, in coordination with OMB, established a capability to assess agency HVAs, resulting in the identification of critical areas of weakness and plans to remediate those areas of weakness. It established three possible categories for designating federal information or a federal information system as an HVA: Informational Value, Mission Essential, or Federal Civilian Enterprise Essential (FCEE). It also updates the required approach for agencies to report, assess, and remediate HVAs to protect against cyberattacks."
pubdate: December 2018
url: https://www.whitehouse.gov/wp-content/uploads/2018/12/M-19-03.pdf
source: The Whitehouse
target: _blank
expanded: false
doctype: PDF
- name: "Executive Order 13833: Enhancing the Effectiveness of Agency Chief Information Officers (CIOs)"
summary: This executive order authorizes federal agency CIOs to ensure that agency IT systems are as modern, secure, and well-managed as possible to reduce costs, mitigate cybersecurity risks, and deliver improved services to the American people.
pubdate: May 2018
url: https://www.federalregister.gov/documents/2018/05/18/2018-10855/enhancing-the-effectiveness-of-agency-chief-information-officers
source: https://www.federalregister.gov
target: _blank
expanded: false
doctype: Website
- name: "Executive Order 13800: Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure"
summary: This executive order places an emphasis on modernizing and securing federal networks and critical infrastructure from the ever-growing threat of cyberattacks.
pubdate: May 2017
url: https://www.federalregister.gov/documents/2017/05/16/2017-10004/strengthening-the-cybersecurity-of-federal-networks-and-critical-infrastructure
source: Federal Register
target: _blank
expanded: false
doctype: Website
- name: OMB Circular A-108, Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act
summary: This circular describes agency responsibilities for implementing the review, reporting, and publication requirements of the Privacy Act of 1974 and related OMB policies.
pubdate: December 2016
url: https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A108/omb_circular_a-108.pdf?msclkid=45a0e506c7f611ecad177ad1de1c33fa
source: The Whitehouse
target: _blank
expanded: false
doctype: Website
- name: "Circular A-130: Managing Federal Information as a Strategic Resource"
summary: Information and IT resources are critical to the U.S. social, political, and economic well-being. They enable the federal government to provide quality services to citizens, generate and disseminate knowledge, and facilitate greater productivity and advancement as a nation. It is important for the federal government to maximize the quality and security of federal information systems and to develop and implement uniform and consistent information resources management policies in order to inform the public and improve the productivity, efficiency, and effectiveness of agency programs. Additionally, as technology evolves, it is important that agencies manage information systems in a way that addresses and mitigates security and privacy risks associated with new IT resources and new information processing capabilities.
pubdate: July 2016
url: https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/OMB/circulars/a130/a130revised.pdf?msclkid=b1259175c7f211ec8144311a36ca5067
source: The Whitehouse Archives
target: _blank
expanded: false
doctype: Website
- name: "M-16-17: OMB Circular A-123: Management's Responsibility for Enterprise Risk Management (ERM) and Internal Control"
summary: The policy changes in this circular modernize existing efforts by requiring agencies to implement an ERM capability coordinated with the strategic planning and strategic review process established by the Government Performance and Results Act Modernization Act (GPRAMA) and the internal control processes required by the Federal Managers' Financial Integrity Act (FMFIA) and the Government Accountability Office (GAO)'s Green Book. This integrated governance structure will improve mission delivery, reduce costs, and focus corrective actions toward key risks.
pubdate: July 2016
url: https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2016/m-16-17.pdf?msclkid=89a7abddc7f811ec9e7f926ad72d3be3
source: The Whitehouse Archives
target: _blank
expanded: false
doctype: Website
- name: "M-15-13: Policy to Require Secure Connections Across Federal Websites and Web Services"
summary: OMB M-15-13 calls for <i>all publicly accessible Federal websites and web services</i> to only provide service through a secure connection (Hypertext Transfer Protocol Secure; HTTPS) and to use <a href="https://https.cio.gov/hsts/" target="_blank" rel="noopener noreferrer">HTTP Strict Transport Security (HSTS)</a> to ensure this. The requirement applies to all public domains and subdomains operated by the federal government, regardless of the domain suffix, as long as they are reachable over HTTP/HTTPS on the public internet. The <a href="https://https.cio.gov/guide/#are-federally-operated-certificate-revocation-services-crl-ocsp-also-required-to-move-to-https" target="_blank" rel="noopener noreferrer">Compliance Guide":" HTTPS-Only Standard</a> provides implementation guidance from the White House Office of Management and Budget for agencies as they manage their transition to HTTPS.
pubdate: June 2015
url: https://obamawhitehouse.archives.gov/sites/default/files/omb/memoranda/2015/m-15-13.pdf
source: The Whitehouse Archives
target: _blank
expanded: false
doctype: PDF
- name: "Executive Order 13681: Improving the Security of Consumer Financial Transactions"
summary: This executive order requires agencies to strengthen the security of consumer data and encourage the adoption of enhanced safeguards nationwide in a manner that protects privacy and confidentiality while maintaining an efficient and innovative financial system.
pubdate: October 2014
url: https://www.gpo.gov/fdsys/pkg/FR-2014-10-23/pdf/2014-25439.pdf
source: https://www.gpo.gov
target: _blank
expanded: false
doctype: PDF
- name: Final Credentialing Standards for Issuing Personal Identity Verification (PIV) Cards under HSPD-12
summary: This memorandum provides final government-wide credentialing standards to be used by all federal departments and agencies in determining whether to issue or revoke PIV credentials to their employees and contractor personnel, including those who are non-United States citizens.
pubdate: July 2008
url: https://www.opm.gov/investigations/suitability-executive-agent/policy/final-credentialing-standards.pdf
source: https://www.opm.gov
target: _blank
expanded: false
doctype: PDF
- name: "M-05-24: Implementation of HSPD-12 Policy for a Common Identification Standard for Federal Employees and Contractors"
summary: This memorandum provides implementation instructions for HSPD-12 and Federal Information Processing Standards (FIPS) 201.
pubdate: August 2005
url: https://georgewbush-whitehouse.archives.gov/omb/memoranda/fy2005/m05-24.pdf?msclkid=c536f001c7f811ecaed4fea27a3c8d47
source: The Whitehouse Archives
target: _blank
expanded: false
doctype: Website
- name: "HSPD-12: Policy for a Common Identification Standard for Federal Employees and Contractors"
summary: HSPD-12 calls for a mandatory, government-wide standard for secure and reliable forms of identification issued by the federal government to its employees and employees of federal contractors for access to federally controlled facilities and networks.
pubdate: August 2004
url: http://www.dhs.gov/homeland-security-presidential-directive-12
source: http://www.dhs.gov
target: _blank
expanded: false
doctype: Website
# Policies Blank Template
# - name:
# summary:
# pubdate:
# url:
# source:
# target: _blank
# expanded: false
# doctype: PDF