TITLE: IT Security Policy Compliance and OperationsSeptember, 2003
UPI # 025-00-02-00-01-1020-00-404-140
PCAS # 309680
Is this a new or substantially revised electronic information system? If revised, describe revisions.
This is a non system project.
If any question does not apply, state not applicable (N/A) for each question and explain why.
I. Describe the information to be collected (e.g., nature and source). Be sure to include any information in an identifiable form, e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc).This project does not involve the collection of identifiable information. The Information Technology (IT) Security Policy Compliance Operations exists to provide the basis for the IT Security Program at HUD. The project ensures that the Department is in compliance with the following legislation requirements related to IT Security: The Computer Security Act of 1987, the Federal Information Security Management Act (FISMA) of 2002 (also known as GISRA--the Government Information Security Reform Act), the Presidential Decision Directive 63 and OMB Circular A-130, Appendix III.
II. Why is the information being collected (e.g., to determine eligibility)?
Information is collected to ensure HUD's compliance with the Computer Security Act of 1987, the Federal Information Security Management Act (FISMA) of 2002 (also known as GISRA--the Government Information Security Reform Act), the Presidential Decision Directive 63 and OMB Circular A-130, Appendix III.
III. How will the information be used (e.g., to verify existing data)?
This project supports HUD's mission and strategic goals and objectives by maintaining the security of HUD's infrastructure and application systems as an ongoing entity.
IV. Will you share the information with others (e.g., another agency for a programmatic purpose)? If yes, list the entities.This program includes sharing corrective actions and problem resolution with the Federal Computer Incident Response Program under the Department of Homeland Security.
V. Describe what opportunities individuals have been given to decline to provide information or to consent to particular use of the information (e.g., whether individual may withhold permission for a particular use).
VI. How will the information be secured (e.g., administrative and technological controls)?N/A. Security compliance is an ongoing entity that consists of a body of requirements of the law (Computer Security Act of 1987). HUD's requirement for the protection of sensitive and mission critical data as well as the implementation of basic areas of protection (confidentiality, integrity and availability) is addressed as part of this project.
VII. How will the data be retrieved (e.g., will it be retrieved by a personal identifier such as name, social security number, address, telephone number or some other identifier that is unique to an individual)?