The policies contained in this document are applicable to all DOC IT resources at all levels of sensitivity, whether maintained in-house or commercially. These policies are mandatory on all organizational units, employees, contractors, and others having access to and/or using the IT resources of the Department.
These policies apply to all automated technology currently in existence and to any new automated technology acquired after the effective date of this policy document.
The IT security program focuses on assuring confidentiality, integrity and availability of all IT resources necessary for processing or transmitting the information. The IT security program consists of a number of different elements, including some that might normally come under other security programs. Those elements that are required by the "Computer Security Act of 1987" or OMB Circular A-130 are considered part of the IT security program and are included in this document.