TITLE: IT Security Policy Compliance and Operations
September, 2003
UPI # 025-00-02-00-01-1020-00-404-140
PCAS # 309680
Is this a new or substantially revised electronic information
system? If revised, describe revisions.
This is a non system project.
If any question does not apply, state not applicable (N/A) for
each question and explain why.
I. Describe the information to be collected (e.g., nature and
source). Be sure to include any information in an identifiable form,
e.g., name, address, social security number or other identifying
number or code, telephone number, email address, etc).
This project does not involve the collection of identifiable information.
The Information Technology (IT) Security Policy Compliance Operations
exists to provide the basis for the IT Security Program at HUD. The
project ensures that the Department is in compliance with the following
legislation requirements related to IT Security: The Computer Security
Act of 1987, the Federal Information Security Management Act (FISMA)
of 2002 (also known as GISRA--the Government Information Security
Reform Act), the Presidential Decision Directive 63 and OMB Circular
A-130, Appendix III.
II. Why is the information being collected (e.g., to determine
eligibility)?
Information is collected to ensure HUD's compliance with the Computer
Security Act of 1987, the Federal Information Security Management
Act (FISMA) of 2002 (also known as GISRA--the Government Information
Security Reform Act), the Presidential Decision Directive 63 and
OMB Circular A-130, Appendix III.
III. How will the information be used (e.g., to verify existing
data)?
This project supports HUD's mission and strategic goals and objectives
by maintaining the security of HUD's infrastructure and application
systems as an ongoing entity.
IV. Will you share the information with others (e.g., another
agency for a programmatic purpose)? If yes, list the entities.
This program includes sharing corrective actions and problem resolution
with the Federal Computer Incident Response Program under the Department
of Homeland Security.
V. Describe what opportunities individuals have been given to
decline to provide information or to consent to particular use of
the information (e.g., whether individual may withhold permission
for a particular use).
N/A.
VI. How will the information be secured (e.g., administrative
and technological controls)?
N/A. Security compliance is an ongoing entity that consists of a body
of requirements of the law (Computer Security Act of 1987). HUD's
requirement for the protection of sensitive and mission critical data
as well as the implementation of basic areas of protection (confidentiality,
integrity and availability) is addressed as part of this project.
VII. How will the data be retrieved (e.g., will it be retrieved
by a personal identifier such as name, social security number, address,
telephone number or some other identifier that is unique to an individual)?
N/A.
![[Logo: Homes and Communities: U.S. Department of Housing and Urban Development]](/images/common/hgv-bnr-logo2.gif){kind=logo}
![[Vea la versión en español de esta página]](/images/common/hgv-bnr-espanol2.gif)
![[Contact Us]](/images/common/hgv-bnr-contactus.gif)
![[Display the text version of this page]](/images/common/hgv-bnr-text.gif)
![[Search/Index]](/images/common/hgv-bnr-search.gif)
![[The U.S. government's official web portal]](/images/common/hgv-tpc-usagov.gif){kind=small}
![[logo: Fair Housing and Equal Opportunity]](/images/common/hgv-icn-fheo.gif){kind=small}
![[Logo: HUD seal]](/images/common/hgv-icn-seal.gif)