Home / Program Offices / Office of the Assistant Secretary for Administration / Privacy Act at HUD / PIA / Privacy Impact Assessment - IT Security
Preliminary Privacy Impact Assessment

The Office of Management and Budget mandates that we publish our lists of Privacy Impact Assessments (PIA's) on our web site. Learn more about PIA's.

TITLE: IT Security Policy Compliance and Operations

September, 2003

UPI # 025-00-02-00-01-1020-00-404-140

PCAS # 309680

Is this a new or substantially revised electronic information system? If revised, describe revisions.

This is a non system project.

If any question does not apply, state not applicable (N/A) for each question and explain why.

I. Describe the information to be collected (e.g., nature and source). Be sure to include any information in an identifiable form, e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc).

This project does not involve the collection of identifiable information. The Information Technology (IT) Security Policy Compliance Operations exists to provide the basis for the IT Security Program at HUD. The project ensures that the Department is in compliance with the following legislation requirements related to IT Security: The Computer Security Act of 1987, the Federal Information Security Management Act (FISMA) of 2002 (also known as GISRA--the Government Information Security Reform Act), the Presidential Decision Directive 63 and OMB Circular A-130, Appendix III.

II. Why is the information being collected (e.g., to determine eligibility)?

Information is collected to ensure HUD's compliance with the Computer Security Act of 1987, the Federal Information Security Management Act (FISMA) of 2002 (also known as GISRA--the Government Information Security Reform Act), the Presidential Decision Directive 63 and OMB Circular A-130, Appendix III.

III. How will the information be used (e.g., to verify existing data)?

This project supports HUD's mission and strategic goals and objectives by maintaining the security of HUD's infrastructure and application systems as an ongoing entity.

IV. Will you share the information with others (e.g., another agency for a programmatic purpose)? If yes, list the entities.

This program includes sharing corrective actions and problem resolution with the Federal Computer Incident Response Program under the Department of Homeland Security.

V. Describe what opportunities individuals have been given to decline to provide information or to consent to particular use of the information (e.g., whether individual may withhold permission for a particular use).

N/A.

VI. How will the information be secured (e.g., administrative and technological controls)?

N/A. Security compliance is an ongoing entity that consists of a body of requirements of the law (Computer Security Act of 1987). HUD's requirement for the protection of sensitive and mission critical data as well as the implementation of basic areas of protection (confidentiality, integrity and availability) is addressed as part of this project.

VII. How will the data be retrieved (e.g., will it be retrieved by a personal identifier such as name, social security number, address, telephone number or some other identifier that is unique to an individual)?

N/A.