A. Title 44, United States Code, Chapter 35, Coordination of Federal Information Policy



Similar documents
FSIS DIRECTIVE

DEPARTMENTAL REGULATION

Subject: Information Technology Configuration Management Manual

How To Write A Contract For Software Quality Assurance

CITY OF HOUSTON. Executive Order. Information Technology (IT) Governance

ITS Project Management

State of Minnesota. Enterprise Security Program Policy. Office of Enterprise Technology. Enterprise Security Office Policy. Version 1.

DATA STANDARDS POLICY

FISH AND WILDLIFE SERVICE INFORMATION RESOURCES MANAGEMENT. Chapter 7 Information Technology (IT) Security Program 270 FW 7 TABLE OF CONTENTS

U.S. DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT. Issued: September 6, 2002

A. This Directive applies throughout DHS, unless exempted by statutory authority.

December 8, Security Authorization of Information Systems in Cloud Computing Environments

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

EPA Classification No.: CIO P-01.1 CIO Approval Date: 06/10/2013 CIO Transmittal No.: Review Date: 06/10/2016

Department of Veterans Affairs VA Directive 6004 CONFIGURATION, CHANGE, AND RELEASE MANAGEMENT PROGRAMS

A. Title 5, United States Code (U.S.C.), Section 552a, Records Maintained On Individuals (The Privacy Act of 1974)

Information Resource Management Directive The USAP Security Assessment & Authorization Program

CMS Policy for Configuration Management

Manag. Roles. Novemb. ber 20122

Office of Inspector General

UNITED STATES DEPARTMENT OF THE INTERIOR BUREAU OF LAND MANAGEMENT MANUAL TRANSMITTAL SHEET

Briefing Outline. Overview of the CUI Program. CUI and IT Implementation

IT Charter and IT Governance Framework

Positive Train Control (PTC) Program Management Plan

COMPLIANCE IS MANDATORY

FY14 Q2 Chief Information Officer Federal Information Security Management Act Reporting Metrics v1.0

COMDTINST JUL 2013 COAST GUARD C4I DATA MANAGEMENT (DM) POLICY

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT

Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education

HHS OCIO Policy for Information Technology (IT) Enterprise Performance Life Cycle (EPLC)

BPA Policy Cyber Security Program

Capital Planning and Investment Control Guide

Audit of the Board s Information Security Program

Overview. FedRAMP CONOPS

This directive applies to all DHS organizational elements with access to information designated Sensitive Compartmented Information.

GENERAL PLATFORM CRITERIA. General Platform Criterion Assessment Question

Program Overview and 2015 Outlook

INFORMATION SECURITY STRATEGIC PLAN

STATEMENT OF CHARLES EDWARDS DEPUTY INSPECTOR GENERAL U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE

General Platform Criterion Assessment Question

I. Purpose - 1 MD # 0005

The PMP Application Process

NOTICE: This publication is available at:

ANNUAL PRIVACY REPORT

DEPARTMENTAL DIRECTIVE

U.S. Department of Education Federal Student Aid

IT Compliance in Acquisition Checklist v3.5 Page 1 of 7

Deputy Chief Financial Officer Peggy Sherry. And. Chief Information Security Officer Robert West. U.S. Department of Homeland Security.

Information Security Program CHARTER

NASA OFFICE OF INSPECTOR GENERAL

CRR Supplemental Resource Guide. Volume 3. Configuration and Change Management. Version 1.1

Systems Development Life Cycle (SDLC)

COMMAND, CONTROL, COMMUNICATIONS, COMPUTERS AND INFORMATION TECHNOLOGY (C4&IT) INFRASTRUCTURE MANAGEMENT POLICY

IT GOVERNANCE POLICY

Department of Defense INSTRUCTION

Department of Homeland Security DHS Directives System Directive Number: Revision Number: 00 Issue Date: 07/25/2008 SAFETY AND HEALTH PROGRAMS

Information Security Guide For Government Executives. Pauline Bowen Elizabeth Chew Joan Hash

5 FAH-11 H-500 PERFORMANCE MEASURES FOR INFORMATION ASSURANCE

PREFACE TO SELECTED INFORMATION DIRECTIVES CHIEF INFORMATION OFFICER MEMORANDUM

MINNESOTA STATE POLICY

Final Audit Report FEDERAL INFORMATION SECURITY MANAGEMENT ACT AUDIT FY Report No. 4A-CI Date:

HOMELAND SECURITY ACQUISITIONS

5 FAM 860 HARDWARE AND SOFTWARE MAINTENANCE

Committee on National Security Systems

Legislative Language

ClOP CHAPTER Departmental Information Technology Governance Policy TABLE OF CONTENTS. Section 39.1

NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL

Office of Inspector General

Audit of Security Controls for DHS Information Technology Systems at San Francisco International Airport

Data Management Maturity Model. Overview

Appendix 2-A. Application and System Development Requirements

Integrated Governance, Risk and Compliance (igrc) Approach

Department of Defense INSTRUCTION

ID Task Name Time Pred

OPM System Development Life Cycle Policy and Standards. Table of Contents

Treasury Board of Canada Secretariat (TBS) IT Project Manager s Handbook. Version 1.1

United States Department of Health & Human Services Enterprise Architecture Program Management Office. HHS Enterprise Architecture Governance Plan

EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07

Transmittal Sheet #: Date: July 12, 2005

Service Support Kasse Initiatives, LLC. ITIL Configuration Management - 1. version 2.0

How To Integrate Software And Systems

National Information Assurance Certification and Accreditation Process (NIACAP)

FEDERAL HOUSING FINANCE AGENCY OFFICE OF INSPECTOR GENERAL

Department of Homeland Security Office of Inspector General. Audit of Application Controls for FEMA's Individual Assistance Payment Application

Performance Management Update. Government Performance and Finance Committee May 6, 2009

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL. Doug A. Ringler, C.P.A., C.I.A. AUDITOR GENERAL ENTERPRISE DATA WAREHOUSE

MNsure Compliance Program Strategic Plan. December 17, 2014

Configuration Management Plan

NOTICE: This publication is available at:

DIRECTIVE TRANSMITTAL

Section 37.1 Purpose Section 37.2 Background Section 37.3 Scope and Applicability Section 37.4 Policy... 5

Office of Inspector General

I. Purpose MD #

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

I. U.S. Government Privacy Laws

Utica College. Information Security Plan

CMS POLICY FOR THE INFORMATION SECURITY PROGRAM

State of West Virginia Office of Technology Policy: Change & Configuration Management Issued by the CTO

Department of Defense DIRECTIVE

U.S. Department of Education Federal Student Aid

Transcription:

I. Purpose Department of Homeland Security DHS Directives System Directive Number: 138-01 Revision Number: 00 Issue Date: 4/10/2014 ENTERPRISE INFORMATION TECHNOLOGY CONFIGURATION MANAGEMENT This Directive establishes the Department of Homeland Security (DHS) policy regarding enterprise information technology (IT) configuration management (CM). II. Scope A. This Directive applies throughout DHS and to enterprise data center CM program personnel that manage and control unclassified IT systems and subsystems. B. This document provides the minimum level of CM requirements. DHS Components and enterprise data center CM program personnel may supplement this Directive to protect their compartmental data and infrastructure. C. Enterprise IT CM used within this Directive refers to programs that are aligned with and support Departmental or inter-agency systems that may cross Component lines. D. Submit written requests to the Information Technology Services Office, Risk Management Division, Configuration and Change Management Branch for exemptions to this policy or portions therein. III. Authorities A. Title 44, United States Code, Chapter 35, Coordination of Federal Information Policy B. NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations C. DHS Delegation 04000, Delegation for Information Technology - 1 -

D. DHS Management Directive 4010.2, Section 508 Program Management Office & Electronic and Information Technology Accessibility E. DHS Directive 140-01, Information Technology Systems Security F. DHS Sensitive Systems Policy Directive 4300A G. American National Standards Institute / Electronic and Information Technology Association (ANSI/EIA) Standard-649B H. IT Services Governance Board (ITSGB) Charter I. DHS Infrastructure Change Control Board (ICCB) Charter J. DHS ICCB Change Management Handbook IV. Responsibilities A. DHS Chief Information Officer (CIO): 1. Oversees and sponsors the DHS Enterprise CM Program, administered by the Information Technology Services Office (ITSO); and 2. Directs, monitors, and enforces the implementation, maintenance, and compliance of the CM Program. B. Component Chief Information Officers: 1. Ensure compliance with all aspects of this Directive; and 2. Support the implementation, maintenance, and compliance of the CM Program. C. DHS Enterprise CM Program Personnel: 1. Establish a secure and sound CM framework while ensuring definition and maintenance of enterprise configuration baselines; 2. Identify, manage, and track associated hardware, software, and documentation configuration items for DHS enterprise systems; 3. Develop companion DHS CM publications on an as-needed basis; 4. Promote comprehensive and uniform CM practices across DHS; - 2 -

5. Manage and perform operational practices in support of the Infrastructure Change Control Board (ICCB); and 6. Manage and perform operational practices in support of the CM Integrated Project Team (IPT). D. Component and Enterprise Data Center CM Program Personnel: 1. Manage and practice appropriate levels of CM in support of the DHS Enterprise CM Program and in conformity with companion DHS CM publications; 2. Comply with the ICCB Charter; 3. Utilize enterprise CM tools for submitting and modifying enterprise configuration and change management artifacts; 4. Provide representation to the CM IPT; 5. Submit CM summary data as requested to the DHS Enterprise CM Program for tracking and reporting purposes; 6. Develop a change control board charter and obtain approval and sign-off from the Chief Information Officer or designated authority. The charter documents and aligns with the scope, roles, and responsibilities as outlined in the DHS ICCB Charter; 7. Develop, document, and implement quality management capability for CM artifacts consistent with those used by the DHS Enterprise CM Program; 8. Provide CM training to all personnel engaged in configuration and change management practices at Component and/or enterprise levels; and 9. Ensure that operational systems authorized security postures are not degraded. V. Policy and Requirements The DHS Enterprise CM Program: A. Serves as the foundation for DHS and enterprise data center CM program personnel to execute enterprise IT configuration management. - 3 -

B. Ensures that comprehensive and uniform practices are followed by the Department and enterprise data center CM program personnel. C. Monitors compliance with program requirements documented in this policy. D. Functions align with the ANSI/EIA-649B Standard as follows: 1. Configuration Management Planning and Management This function plans and manages the CM process and provides for monitoring and improvement of CM processes. This includes planning, coordinating, and managing all tasks necessary to implement CM principles and to conduct CM activities. CM planning and management occurs throughout all system lifecycle phases. 2. Configuration Identification This function establishes a structure for products and product configuration information; selects, defines, documents, and baselines product attributes and relationships; and assigns unique identifiers to each product and product configuration information. All configuration items are documented in a Configuration Management System (CMS). 3. Configuration Change Management This function ensures that changes to a configuration baseline are properly identified, prioritized, documented, coordinated, evaluated, and adjudicated. 4. Configuration Status Accounting This function manages the capture and maintenance of product configuration information necessary to account for the configuration of a product throughout its lifecycle. 5. Verification & Audit This function reviews processes, documentation, and products to verify compliance with requirements, and confirms that products have achieved their required attributes and conform to released product definition information. - 4 -

VI. Questions Address any questions or concerns regarding this Directive to the Office of the Chief Information Officer, Information Technology Services Office (ITSO), Risk Management Division at CCMBranch@hq.dhs.gov. - 5 -

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information