DOI IT Policy Archive

DOI.gov/elips/browseUnder the  ELIPS link, see Departmental Manual/Series 17 - chapters related to Information Resources Management 
https://www.doi.gov/privacy/policies-references

Privacy Policies that apply to the use of IT at DOI 

2025-03-06 Acquisition of Information Technology Cloud Services Policy This document updates requirements to procure and manage cloud hosting services in compliance with Office of Management and Budget Memorandum, M-24-15, Modernizing the Federal Risk and Authorization Management Program (FedRAMP) to reduce duplication of cybersecurity efforts while offering a consistent, reusable authorization framework.
2016-08-04 DOI-AAAP-0081 Implementation of HSPD-12 at DOI for Contractors and Recipients Policy DOI ICAM Policy (Item #1) – This document establishes the policy for Contract Officers and Contract Officer Representatives to use the DOIAccess system to initiate contract personnel on-boarding and off-boarding.
2016-006 OCIO Directive - Strong Authentication Exception Policy DOI ICAM Policy (Item #2) – This document establishes a limited set of scenarios and durations for accessing the network without using a PIV card or 2-Factor authentication.
Attachment A: Strong Authentication Exceptions for Unprivileged Employees, Contractors, and Associates DOI ICAM Policy (Item #2A) – This document is the attachment to the 2016-006 OCIO policy.  It documents the set of scenarios and durations allowed under the policy. 
2015-05-12 Enhancing and Strengthening the Federal Government’s Cybersecurity DOI ICAM Policy (Item #3) – This document outlines the CIO’s goals in 2015 to immediately improve DOI’s cybersecurity posture. This includes the mandate for using PIV 2-factor authentication for all regular and privileged users. 
2012-007 - Guidance for Short-Term State and Local Emergency Response Personnel Regarding Access to Department Networks and Resources DOI ICAM Policy (Item #4) – This document establishes the policy and procedures for granting short-term state and local emergency response personnel access to DOI’s general support systems.
2011-03-31 DOI Access PIV Card Issuance Management and Use Policy DOI ICAM Policy (Item #5) – This document is the 2011 policy to expedite full issuance, management and use of PIV Cards in DOI. It clarifies who is required to be issued a PIV card. 
2009-11-23 Bureau DOI Access Implementation and Operations Plan DOI ICAM Policy (Item #6) – This document established the position of the bureau/office HSPD-12 Executive and the 2009 monthly DOI Access Implementation and Operations Plan reporting requirement for DOI Bureaus and Offices. 
2009-11-20 OCIO Directive 2010-007 DOI Access Policy for Bureau Office Active Directory and Email Systems DOI ICAM Policy (Item #7) – This document establishes the policy and procedures to ensure AC and email data required by DOIAccess are current, accurate and available.
2009-06-01 Personnel Bulletin 09-06 Policy for the Issuance and Management of DOI Access Cards DOI ICAM Policy (Item #8) – This document established the initial requirement for issuance and management of PIV cards (DOI Access Cards) to DOI’s employees, contractors and associates.
2006-10-12 HSPD 12 Charter DOI ICAM Policy (Item #9) – This document charters the DOI HSPD-12 Executive Steering Committee, budget and HSPD-12 Program Office to implement HSPD-12 requirements within DOI.
DIRA Playbook_Final_v1.pdfDOI ICAM Risk Management  –  DOI follows the instructions for Risk Management found in OMB Memo M-19-17
OCIO Memo_Alternative Multi-Factor Authentication Service_Signed_04202021 DOI ICAM Risk Management – This memorandum rescinds the Office of the Chief Information Officer (OCIO) memorandum titled “Implementation of Alternative Multi-Factor Authentication Service”, dated April 27, 2020, and provides updated guidance regarding Microsoft (MS) Authenticator. MS Authenticator is the replacement tool for the enterprise-wide Alternative Multi-Factor Authentication (AMFA)service. 

DOI IT Policy Archive (zip file)

Was this page helpful?

Please provide a comment