Information Assurance (IT Security & Privacy) Program


The Department of the Interior has ongoing efforts to protect its information and information system resources.  The first Departmental computer security policy was issued in May 1980. Since that time, information technology has undergone significant changes.  The Department's dependence on information technology to support its mission has led to extensive growth in the number and types of computer systems throughout the Department. As a result, the focus on information security in the Department has increased.

The Department created its first full-time computer security position on August 15, 1988, because of increased Departmental awareness of potential security threats.  The Department continuously works towards improving its information security program and policies.  

The Department’s Chief Information Officer (CIO) is responsible for providing policy, guidance, advice and oversight for information security and also serves as the Senior Agency Official for Privacy (SAOP).  The Department’s Chief Information Security Officer (CISO), who serves as the senior agency information security officer, supports the CIO in carrying out responsibilities specified by the Federal Information Security Management Act (FISMA) as delegated by the Secretary of the Interior.  Those responsibilities include developing and maintaining the Department’s overall information assurance (IT security and privacy) program and assisting in ensuring agency compliance with the requirements of FISMA, the Privacy Act, and related policies, procedures, standards, and guidelines.

Designated senior agency officials, serving as Authorizing Officials for information systems within each bureau and office, are responsible for the security and protection of information and information systems entrusted to their care.  Each bureau and office appoints a Bureau Chief Information Security Officer (BCISO) to serve as the focal point for information security matters and to coordinate information security program requirements with the Department.  The Department’s Privacy Officer, reports to the CISO, and supports the CIO in carrying our responsibilities specified by the Privacy Act.  Each bureau and office also appoints a Privacy Officer To serve as the focal point for Privacy program matters and to coordinate associated requirements with the Department.

Departmental policy requires managers and users, including contractors, at all levels to be responsible and accountable for protecting the information resources they utilize. Departmental policy also places emphasis on risk management, contingency planning, and awareness training.


DOI will safeguard its information systems through the implementation of the DOI Information Assurance Program, which will accomplish the following:

  • Establish a level of information security and privacy protections for all unclassified information and information systems commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of:
    • information collected or maintained by or on behalf of the agency; and
    • information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency

    Define, manage, and support the security planning process for all DOI information systems.
  • Establish a program to assess and authorize all information systems within DOI.
  • Define and manage the contingency planning process, including training and testing, to provide information systems with adequate continuity of operations upon disruption of normal operations.
  • Increase the understanding, across all levels of DOI, the critical role of information security and privacy practices necessary to support DOIís missions; and
    Periodically educate and train DOI employees and contractors through an information security awareness and training program.
  • Define and manage the DOI Computer Incident Response Capability (DOI-CIRC) program to help report, manage, respond to, track, and mitigate the effects of cyber security incidents that potentially adversely impact the Department.

Information Technology Security Team

The Department established the IT Security Team (ITST) in January 2002. The Team's mission is to help ensure the successful implementation of the Office of Management and Budget (OMB) Circular A-130, Appendix III. The ITST is chaired by the CISO with membership comprised of BCISOs and representatives from the Inspector Generalís office. The team works on issues relating to information security such as policy, procedures and reporting to oversight agencies.

Training and Awareness

Awareness training plays an important role in achieving the Department's goal for information security and privacy. Annual information security and privacy awareness training is provided to all DOI employees, and others who have access to DOI information systems. The training objectives are to enhance awareness of the threats to, and vulnerabilities of, information systems; and to encourage the use of good information security practices within the Department.



U.S. Department of the Interior
This is an Official Government Website
Office of the Chief Information Officer
Contact the DOI Webmaster
Last Updated on 09/15/10