Policy Documents

For an overview of the current status of eGovernment initiatives in the US federal government, see:

For some recent policy documents, see:

  • Presidential Executive Order 13589 that addresses efficient agency spending, and states: “To promote further efficiencies in IT, agencies should consider the implementation of appropriate agency-wide IT solutions that consolidate activities such as desktop services, email, and collaboration tools.”
  • OMB Memorandum M-11-29 which clarified the authority of Agency CIOs in four areas: IT Governance, Commodity IT Management, IT Program Management, and Information Security. “With responsibilities for these four areas, Agency CIOs will be held accountable for lowering operational costs, terminating and turning around troubled projects, and delivering meaningful functionality at a faster rate while enhancing the security of information systems.”
  • OMB Memorandum M-12-10 which directed Federal Agency Chief Operating Officers (COOs) to annually lead an agency-wide IT portfolio review, called a “PortfolioStat.” A PortfolioStat session is a face-to-face, evidence-based review of an agency’s IT portfolio that includes examining cost, schedule and performance data on commodity IT investments, and identifying potential duplications or investments that do not appear to be well aligned to agency missions or business functions, with an eye toward consolidating or eliminating those investments to free up agency funds for innovation and other requirements.

General policy references

American National Standards Institute (ANSI)

Committee on National Security Systems Instruction (CNSSI) CNSSI 4012: National Information Assurance Training Standard for Senior System Managers

Department of Homeland Security

Federal Chief Information Officers Council Federal CIO Council Charter

Federal Communications Commission (FCC)

Federal Continuity Directive (FCD)

Federal Information Processing Standards (FIPS) Publication (PUB)

Government Accountability Office (GAO) GAO Investment Guide

Homeland Security Presidential Directive (HSPD)

International Organization for Standardization (ISO)

  • ISO 9000 series: Quality Management
  • ISO 9001: Quality Management Systems
  • ISO/IEC 9126: Software Engineering – Product Quality
  • ISO/IEC 12207: Systems and Software Engineering – Software Lifecycle Processes
  • ISO 15489-1: Information and Documentation: Records Management
  • ISO/PAS 22399: Guideline for Incident Preparedness and Operational Continuity Management
  • ISO/IEC 27000: Information Security Management Systems Family of Standards
  • ISO/IEC 27002: Information Security: Code of Practice for Information Security Management
  • ISO/IEC 27005: Information Technology — Security Techniques — Information Security Risk Management
  • ISO 31000: Risk Management Family of Standards
  • ISO 38500: Corporate Governance of Information Technology

Intelligence Community Directive (ICD)

  • ICD 503: Intelligence Community Information Technology Systems Security Risk Management, Certification and Accreditation

National Communications System Directive (NCSD)

  • NCSD 3-10: Minimum Requirements for Continuity Communications Capabilities

National Institute of Standards and Technology (NIST) Special Publication (SP)

  • NIST SP 500-291: NIST Cloud Computing Standards Roadmap
  • NIST SP 800-30: Risk Management Guide for Information Technology Systems
  • NIST SP 800-34: Contingency Planning Guide for Federal Information Systems
  • NIST SP 800-37: Information Security: Guide for Applying the Risk Management Framework to Federal Information Systems
  • NIST SP 800-39: Managing Information Security Risk – Organization, Mission, and Information System View
  • NIST SP 800-42: Guideline on Network Security Testing
  • NIST SP 800-53: Recommended Security Controls for Federal Information Systems and Organizations
  • NIST SP 800-53A: Information Security: Guide for Assessing the Security Controls in Federal Information Systems
  • NIST SP 800-59: Guideline for Identifying an Information System as a National Security System
  • NIST SP 800-61: Computer Security Incident Handling Guide
  • NIST SP 800-65: Information Security: Integrating IT Security into the Capital Planning and Investment Control Process
  • NIST SP 800-100: Information Security Handbook: A Guide for Managers
  • NIST SP 800-122: Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
  • NIST SP 800-125: Guide to Security for Full Virtualization Technologies
  • NIST SP 800-128: Guide for Security-Focused Configuration Management of Information Systems
  • NIST SP 800-137: Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
  • NIST SP 800-144: Guidelines on Security and Privacy in Public Cloud Computing
  • NIST SP 800-145: The NIST Definition of Cloud Computing
  • NIST SP 800-146: Cloud Computing Synopsis and Recommendations
  • NIST SP 800-153: Guidelines for Securing Wireless Local Area Networks

National Security Directive (NSD)

  • NSD 42: National Policy for the Security of National Security Telecommunications and Information Systems

Office of Management and Budget (OMB) Circulars

  • Circular A-11: Preparation, Submission, and Executive of the Federal Budget
  • Circular A-94: Guidelines and Discount Rates for Benefit-Cost Analysis of Federal Programs
  • Circular A-123: Management’s Responsibility for Internal Control
  • Circular A-127: Financial Management Systems
  • Circular A-130: Management of Federal Information Resources
  • Circular A-135: Management of Federal Advisory Committees

OMB Guidance

  • Enterprise Architecture Assessment Framework (EAAF)
  • Federal Enterprise Architecture (FEA) Consolidated Reference Model
  • FEA Practice Guidance, November 2007
  • OMB Guidance on Exhibit 53: Information Technology and E-Government
  • OMB Guidance on Exhibit 300: Planning, Budgeting, Acquisition and Management of Information Technology Capital Assets

OMB Numbered Memoranda

  • M-99-18: Privacy Policies on Federal Web Sites
  • M-01-05: Guidance on Inter-Agency Sharing of Personal Data – Protecting Personal Privacy
  • M-03-22: OMB Guidance for Implementing the Privacy Provisions of th E-Government Act of 2002
  • M-05-04: Policies for Federal Agency Public Websites
  • M-05-08: Designation of Senior Agency Officials for Privacy
  • M-06-15: Safeguarding Personally Identifiable Information (PII)
  • M-06-16: Protection of Sensitive Agency Information
  • M-06-19: Reporting Incidents Involving Personally Identifiable Information and Incorporating the Cost for Security in Agency Information Technology Investments
  • M-07-11: Implementation of Commonly Accepted Security Configurations for Windows Operating Systems
  • M-07-16: Safeguarding Against and Responding to the Breach of Personally Identifiable Information
  • M-07-18: Ensuring New Acquisitions Include Common Security Configurations
  • M-09-02: Information Technology Management Structure and Governance Framework
  • M-09-12: President’s Memorandum on Transparency and Open Government – Interagency Collaboration
  • M-10-06: Open Government Directive
  • M-10-22: Guidance for Online Use of Web Measurement and Customization Technologies
  • M-10-23: Guidance for Agency Use of Third-Party Websites and Applications
  • M-10-27: Information Technology Investment Baseline Management Policy
  • M-10-28: Clarifying Cybersecurity Responsibilities and Activities of the Executive Office of the President and the Department of Homeland Security (DHS)
  • M-11-02: Sharing Data While Protecting Privacy
  • M-11-06: WikiLeaks – Mishandling of Classified Material
  • M-11-11: Continued Implementation of HSPD-12 – Policy for a Common Identification Standard for Federal Employees and Contractors
  • M-11-15: Final Guidance on Implementing the Plain Writing Act of 2010
  • M-11-17: Delivering on the Accountable Government Initiative and Implementing the GPRA Modernization Act of 2010
  • M-11-24: Implementing Executive Order 13571 on Streamlining Service Delivery and Improving Customer Service
  • M-11-26: New Fast Track Process for Collecting Service Delivery Feedback Under the Paperwork Reduction Act
  • M-11-29: Chief Information Officer Authorities
  • M-12-06: 2012 Discount Rates for OMB Circular No. A-94
  • M-12-09: President’s Memorandum on Transparency and Open Government – Interagency Collaboration
  • M-12-10: Implementing PortfolioStat
  • M-12-18: Managing Government Records Directive
  • M-12-20: FY 2012 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management

OMB Unnumbered Memoranda

  • April 7, 2010: Social Media, Web-Based Interactive Technologies, and the Paperwork Reduction Act
  • April 7, 2010: Information Collection under the Paperwork Reduction Act
  • July 19, 2010: Improving the Accessibility of Government Information
  • September 28, 2010: Transition to IPV6
  • July 13, 2011: Guidance for Specialized Information Technology Acquisition Cadres

OMB Reports/Strategies

  • June 2009: Improving Agency Performance Using Information and Information Technology (Enterprise Architecture Assessment Framework)
  • December 9, 2010: 25 Point Implementation Plan to Reform Federal Information Technology Management
  • February 8, 2011: Federal Cloud Computing Strategy

Office of Personnel Management (OPM) Executive Core Qualifications (ECQ)

  • ECQ 1 – Leading Change: This ECQ involves the ability to bring about strategic change, both within and outside the organization, to meet organizational goals. Inherent to this ECQ is the ability to establish an organizational vision and to implement it in a continuously changing environment. Included in this ECQ are the competencies of creativity and innovation, external awareness, flexibility, resilience, strategic thinking, and vision.
  • ECQ 2 – Leading People: This ECQ involves the ability to lead people toward meeting the organization’s vision, mission, and goals. Inherent to this ECQ is the ability to provide an inclusive workplace that fosters the development of others, facilitates cooperation and teamwork, and supports constructive resolution of conflicts. Included in this ECQ are the competencies of conflict management, leveraging diversity, developing others, and team building.
  • ECQ 3 – Results Driven: This ECQ involves the ability to meet organizational goals and customer expectations. Inherent to this ECQ is the ability to make decisions that produce high-quality results by applying technical knowledge, analyzing problems, and calculating risks. Included in this ECQ are the competencies of accountability, customer service, decisiveness, entrepreneurship, problem solving, and technical credibility.
  • ECQ 4 – Business Acumen: This ECQ involves the ability to manage human, financial, and information resources strategically. Included in this ECQ are the competencies of financial management, human capital management, and technology management.
  • ECQ 5 – Building Coalitions: This ECQ involves the ability to build coalitions internally and with other Federal agencies, State and local governments, nonprofit and private sector organizations, foreign governments, or international organizations to achieve common goals. Included in this ECQ are the competencies of partnering, political savvy, and influencing/negotiating.

Presidential Executive Orders (EO)

  • EO 13231: Critical Infrastructure Protection in the Information Age
  • EO 13388: Further Strengthening the Sharing of Terrorism Information to Protect Americans
  • EO 13526: Classified National Security Information
  • EO 13556: Controlled Unclassified Information
  • EO 13576: Delivering an Efficient, Effective, and Accountable Government
  • EO 13589: Promoting Efficient Spending

Presidential Memoranda

  • January 21, 2009: President Barack Obama, Memorandum on Transparency and Open Government
  • May 23, 2012: President Barack Obama, Memorandum Building a 21st Century Digital Government

Presidential Policy Directives (PPD)

  • PPD-1: Organization of the National Security Council System

White House Strategies

  • Digital Government: Building a 21st Century Platform to Better Serve the American People, May 23, 2012
  • National Strategy for Information Sharing: Success and Challenges in Improving Terrorism-Related Information Sharing, 2009
  • National Strategy for Trusted Identities in Cyberspace, April 2011

United States Code

  • 5 U.S.C. §552: The Freedom of Information Act, as amended by Public Law No. 104-231, 110 Stat. 3048
  • 5 U.S.C. §552a: Records Maintained on Individuals
  • 6 U.S.C. §485: Information Sharing
  • 29 U.S.C. §794d: Section 508 of the Rehabilitation Act of 1973, as amended
  • 31 U.S.C. Chapter 9: Chief Financial Officers Act of 1990
  • 40 U.S.C. Subtitle III: Information Technology Management (includes codified Clinger-Cohen Act)
  • 44 U.S.C. Chapter 31: Records Management by Federal Agencies
  • 44 U.S.C. Chapter 35: Coordination of Federal Information Policy (includes codified Paperwork Reduction Act)
  • 44 U.S.C. Chapter 36: Management and Promotion of Electronic Government Services

Other Statutes

  • E-Government Act of 2002
  • Federal Advisory Committee Act
  • Federal Acquisition Streamlining Act of 1994, (PL 103-355), Title V, Acquisition Management
  • Government Performance and Results (GPRA) Modernization Act of 2010
  • Statutory Pay-As-You-Go Act of 2010 (Title I of Public Law 111-139)


  • ARMA International Standards and Best Practices for Excellence in Managing Information and Records
  • Department of Defense Acquisition Risk Management Guide, 6th Edition, Version 1.0
  • Defense Information Systems Agency Security Technical Implementation Guide (DISA STIG)
  • National Security Agency (NSA) Security Configuration Guides
  • National Telecommunications and Information Administration (NTIA) Manual of Regulations and Procedures for the Federal Radio Frequency Management
  • Regulations of National Archives and Records Administration (NARA) (see Subchapter B of 36 Code of Federal Regulations Chapter XII)
  • U.S. Intelligence Community, Information Sharing Policy

Leave a Comment