| Audit Trails |
|
| Sample Generic Policy and High Level Procedures for Audit Trails |
08/02/00 |
| Authorize Processing (C&A) |
|
| Certification and Accreditation Documentation Performance Work Summary |
07/30/02 |
| Statement of Work: Certification and Accreditation Blanket Purchase Agreement - Department of Education |
02/12/02 |
| Sample Generic Policy and High Level Procedures for Certification/Accreditation |
10/29/01 |
| Certification and Accreditation - DLA * |
03/12/01 |
| C&A of Core Financial System - USAID |
02/05/01 |
| How to Accredit Information Systems for Operation - DOD/NSWC * |
02/01/01 |
| Contingency Planning |
|
| Contingency Planning Template Instructions - DOJ |
12/10/01 |
| Sample Generic Policy and High Level Procedures for Contingency Plans |
8/21/01 |
| Data Integrity |
|
| How to Protect Against Viruses Using Attachment Blocking - National Endowment for the Humanities |
02/05/02 |
| Sample Generic Policy and High Level Procedures for Data Integrity/Validation |
08/02/00 |
| Hardware and System Software Maintenance |
|
| Configuration Management Plan |
11/10/01 |
| Interim Policy Document on Configuration Management |
11/10/01 |
| Sample Generic Policy and High Level Procedures for Hardware and Application Software Security |
08/02/00 |
| Identification and Authentication |
|
| Password Cracking Information - National Labor Relations Board |
08/20/01 |
| Password Management Standard - National Labor Relations Board |
08/13/01 |
| Sample Generic Policy and High Level Procedures for Passwords and Access Forms |
08/02/00 |
| Incident Response Capability |
|
| Computer Incident Response Team Desk Reference - Federal Communications Commission |
07/30/02 |
| Identification & Authentication on FCC Systems |
07/30/02 |
| Computer Virus Incident Report Form |
01/10/02 |
| FCC Computer Incident Response Guide |
12/30/01 |
| Sample Generic Policy and High Level Procedures for Incident Response |
03/02/01 |
| Developing an Agency Incident Response Process - SSA * |
02/20/01 |
| Incident Handling - BMDO * |
05/22/00 |
| Life Cycle |
|
| Sample Generic Policy and High Level Procedures for Life Cycle Security |
01/02/01 |
| Integrating Security into Systems Development Life Cycle - SSA * |
12/20/00 |
| Logical Access Controls |
|
| Decision Paper on Use of Screen Warning Banner |
12/13/01 |
| Sample Warning Banner - National Labor Relations Board |
12/12/01 |
| Network Security |
|
| Network Perimeter Security Policy |
10/01/01 |
| Securing POP Mail on Windows Clients - NASA * |
06/13/01 |
| How to Deploy Firewalls - Carnegie Mellon * |
02/16/01 |
| Configuration of Technical Safeguards - USAID * |
01/23/01 |
| Network Security Management Policy |
01/08/01 |
| How To Secure a Domain Name Server (DNS) - GSA * |
05/11/00 |
| Personnel Security |
|
| Email Policy - FCC |
11/14/02 |
| Internet Use Policy - FCC |
11/14/02 |
| Limited Personnel Use of Government Equipment |
11/14/02 |
| Non-disclosure Form - FCC |
09/13/02 |
| Guidelines for Evaluating Information on Public Web Sites |
10/19/01 |
| Receipt of Proprietary Information |
10/01/01 |
| Sample Generic Policy and High Level Procedures for Personnel Security |
12/18/00 |
| Personal Use Policy - OPM * |
12/04/00 |
| Limited Personal - VA * |
10/03/00 |
| Physical and Environmental Protection |
|
| Sample Generic Policy and High Level Procedures for Facility Protection |
08/02/00 |
| Policy and Procedures |
|
| Security Handbook - Glossary |
11/15/02 |
| Security Handbook - Management Controls |
11/15/02 |
| Security Handbook - Operational Controls |
11/14/02 |
| Security Handbook - Technical Controls |
11/14/02 |
| Telecommuting and Mobile Computer Security Policy |
01/08/02 |
| Sample of XX Agency Large Service Application (LSA) Information Technology (IT) Security Program Policy |
08/02/00 |
| Production, Input/Output Controls |
|
| Disk Sanitization Procedures - NIH * |
06/01/01 |
| Remove all Data From Workstations & Servers - USAID * |
04/25/01 |
| Sample Generic Policy and High Level Procedures for Marking, Handling, Processing, Storage and Disposal of Data |
08/02/00 |
| Program Management |
|
| IT Security Cost Estimation Guide - Department of Education |
11/28/02 |
| A Summary Guide: Public Law, Executive Orders, and Policy Documents - Department of Treasury |
11/13/01 |
| Position Description for Computer System Security Officer, GS-334-13 |
10/01/01 |
| Position
Description for Information Security Officer, GS-334-15 |
10/01/01 |
| Position Description for Computer Specialist, GS-334-14 |
10/01/01 |
| Sample of an Information Technology (IT) Security Staffing Plan for a Large Service Application (LSA) |
11/15/99 |
| Review of Security Controls |
|
| Statement of Work for IT Security Review |
06/12/02 |
| Statement of Work - Information Technology (IT) Security Program Assessment Review |
10/21/01 |
| Overseas Computer Security Review - Department of State |
02/20/01 |
| Modem Scan Process - USAID * |
01/23/01 |
| Review of Information Technology (IT) Systems |
08/02/00 |
| Risk Management |
|
| General Support Systems and Major Applications Inventory Guide |
07/25/02 |
| Sample Levels of Sensitivity |
03/11/02 |
| Statement of Work: Risk Assessments - Department of Education |
02/12/02 |
| Mission Site Vulnerability Assessment - USAID * |
06/13/01 |
| Sample Generic Policy and High Level Procedures for Risk Assessment |
08/02/00 |
| Security Awareness, Training and Education |
|
| Short Security Awareness Briefing NIST |
12/10/01 |
| Building an IT Security Awareness Program - NIST |
11/01/01 |
| Certification of Information Security Awareness Training Form |
11/01/01 |
| Security Training at Missions - USAID * |
01/23/01 |
| Sample Generic Policy and High Level Procedures for Security Awareness, and Training |
08/02/00 |
| Statement of Work - Computer Security Awareness and Training |
04/14/00 |
| System Security Plan |
|
| General Support Systems and Major Applications Inventory Guide |
07/25/02 |
| Security Plan - USAID * |
01/23/01 |
| Sample Generic Policy and High Level Procedures for Security Plans |
04/14/00 |
