Laws, Regulations & Policies

Federal regulations, public laws, and other mandates form the foundation of the IHS information security program. The major regulations to which IHS must adhere are listed below. Please note that the list is not all inclusive.

• E-Government Act of 2002Exit Disclaimer: You Are Leaving www.ihs.gov : Establishes policies to support IT standards and guidelines and encouras collaboration and enhancws understanding of best practices.
• Federal Information Security Modernization Act of 2014 (FISMA)Exit Disclaimer: You Are Leaving www.ihs.gov : Codifies the Department of Homeland Security's role in administering the implementation of information security policies for federal Executive Branch civilian agencies, overseeing agencies' compliance with those policies, and assisting the Office of Management and Budget in developing those policies.
• Federal Information Processing Standards (FIPS)Exit Disclaimer: You Are Leaving www.ihs.gov : These standards establish US Government security requirements for data and its encryption.
• Health Insurance Portability and Accountability Act of 1996 (HIPAA)Exit Disclaimer: You Are Leaving www.ihs.gov : Designed to protect confidential healthcare information through improved security standards and federal privacy legislation.
• HIPAA Administration SimplificationExit Disclaimer: You Are Leaving www.ihs.gov : Required the Department of Health and Human Services (HHS) to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addressed the security and privacy of health data.
• NIST Special RegulationsExit Disclaimer: You Are Leaving www.ihs.gov : Also known as the "800 Series," these regulations provide a separate identity for information technology security publications.
• Homeland Security Presidential Directive/HSPD-12Exit Disclaimer: You Are Leaving www.ihs.gov : Policy for Common Identification Standard for Federal Employees and Contractors. This directive establishes a mandatory, government-wide standard for secure and reliable forms of identification issued by the federal government to its employees and contractors.
• Homeland Security Presidential Directive/HSPD-7Exit Disclaimer: You Are Leaving www.ihs.gov : Policy for Critical Infrastructure Identification, Prioritization, and Protection. This directive establishes a national policy for federal departments and agencies to identify and prioritize critical infrastructure and to protect them from terrorist attacks.
• OMB Circular, A-123, Management Accountability and ControlExit Disclaimer: You Are Leaving www.ihs.gov : Implements the Federal Managers Financial Integrity Act of 1982 by providing guidance to federal managers on improving accountability and effectiveness of federal programs and operations.
• Privacy Act of 1974Exit Disclaimer: You Are Leaving www.ihs.gov : Establishes a code of fair information practice that governs federal agencies’ collection, maintenance, use, and dissemination of individuals’ personally identifiable information.
• HHS Security and Privacy PoliciesExit Disclaimer: You Are Leaving www.ihs.gov : Establish department-wide information security policy for HHS and its operating divisions, including IHS.
• IHS Security and Privacy Policies: Establishes IHS-wide information security policies.

1. Area IT Service Desk
   Links to local IT support.
2. Training Resources
   Documents, infographics, websites, and videos created by DIS to help users learn more about cybersecurity.
3. ISSA Training Site
   A direct link to IHS's mandatory security training site.
4. NIST Glossary Exit Disclaimer: You Are Leaving www.ihs.gov 
   A link to a glossary of terms from NIST's cybersecurity- and privacy-related publications.