The following are Information Technology (IT) Policy documents for the Department of Homeland Security.
All Files, ZIP - Provides the overall policy and structure for acquisition management within DHS, and establishes the Department's Acquisition Lifecycle Framework (ALF), Acquisition Review Process (ARP), and Acquisition Review Board (ARB).
Acquisition Management Directive - Provides the overall policy and structure for acquisition management within DHS, and establishes the Department's Acquisition Lifecycle Framework (ALF), Acquisition Review Process (ARP), and Acquisition Review Board (ARB).
Agile Development and Delivery for Information Technology - Provides the scope, definitions, roles and responsibilities, and procedures to establish an agile framework for the development of IT acquisitions within DHS.
Capital Planning and Investment Control - This directive establishes the Department of Homeland Security (DHS) policy for IT Capital Planning and Investment Control (CPIC) and Portfolio Management.
Digital Government Strategy - Establishes the policies and responsibilities for the governance of digital services within the DHS Digital Government Strategy.
DHS Digital Transformation- Establishes the Department of Homeland Security (DHS) policy regarding Digital Transformation, and formalizes the roles of the DHS Digital Service and the DHS Office of the Chief Technology Officer regarding Digital Transformation.
DHS Reusable and Open Source Software (OSS) Framework - This policy establishes the DHS policy on open source software development and publication and communicates responsibilities to the organization for compliance with M-16-21, the Office of Management and Budget’s (OMB) Federal Source Code Policy: Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software requirements.
Enterprise Architecture Management - This Directive establishes the Department of Homeland Security (DHS) policy on Enterprise Architecture (EA) and defines related roles and responsibilities for ensuring compliance with legislative and executive level guidance on EA.
Enterprise Data Management Policy - Provides for the management of Enterprise Data and how Enterprise Data is data created, managed, or maintained within DHS that shared among multiple DHS entities.
Enterprise Information Technology Configuration Management - This Directive applies throughout DHS and to enterprise data center CM program personnel that manage and control unclassified IT systems and subsystems. This document provides the minimum level of CM requirements. DHS Components and enterprise data center CM program personnel may supplement this Directive to protect their compartmental data and infrastructure.
Information Quality - This Directive establishes the Department of Homeland Security (DHS) policies and responsibilities for ensuring and maximizing the quality, utility, objectivity, and integrity of disseminated information.
Information Sharing Environment Technology Program - This Directive establishes the Department of Homeland Security (DHS) information technology (IT) program for the DHS Information Sharing Environment (DHS ISE).
Information Technology Asset Management and Refresh - This Directive establishes the Department of Homeland Security (DHS) policy regarding Information Technology (IT) management and recapitalization to ensure that IT infrastructure assets are secure, trustworthy, efficient, and resilient in support of missions and business operations.
Information Technology Integration and Management - Establishes the authorities, responsibilities, and policies of the DHS Chief Information Officer and Components’ Chief Information Officers regarding information technology integration and management.
Information Technology Security Program - Establishes policy regarding the Information Technology (IT) Security Program and assigns the responsibilities for the integration and management of the IT Security Program’s policies, methodologies, tools, and reviews.
Office of Accessible Systems and Technology - The Department of Homeland Security (DHS) considers accessibility to Electronic and Information Technology (EIT) for all employees and external customers, including those with disabilities, a priority. This Management Directive (MD) establishes the Section 508 Program Management Office (PMO) within the Office of the Chief Information Officer (CIO) and establishes policy regarding EIT accessibility.
Portfolio Management - Provides the responsibilities and policies for the management of information technology (IT) investments using portfolio management processes, methodologies, and techniques.
Systems Engineering Life Cycle - Provides a guidebook for implementation of the Systems Engineering Life Cycle. The SELC is applicable to all DHS programs and projects whose purpose is to deliver a DHS capability.
TechStat Accountability Sessions - Provides the policy for TechStat Accountability Sessions (TechStats).
Identity, Credential, and Access Management (ICAM) DHS is governed by the DHS 4300A Sensitive Systems Handbook that addresses requirements, controls, and policies for handling specific services, systems, or information and Digital Identity Risk Management.
DHS 4300A Sensitive Systems Handbook provides specific techniques and procedures for implementing the requirements of DHS Information Security Programs for DHS sensitive systems and systems.
- 4300A Handbook Attachment G – Rules of Behavior
- 4300A Handbook Attachment M – Tailoring NIST 800-53 Security Controls
- 4300A Handbook Attachment N – Interconnection Security Agreements
- 4300A Handbook Attachment R – Compliance Framework for CFO Designated Systems
- 4300A Handbook Attachment S – Compliance Framework for Privacy Systems
Common Identification Standard for DHS Employees, Contractors, Visitors, and Affiliates This Directive establishes the Department of Homeland Security (OHS) framework for enterprise policy, responsibilities, and requirements regarding governance and implementation of Homeland Security Presidential Directive 12 (HSPD-12) and authorized authoritative credentials.
Risk Management Fundamentals: Homeland Security Risk Management Doctrine This doctrine serves as an authoritative statement regarding the principles and process of homeland security risk management and what they mean to homeland security planning and execution.