Content created by Office of the Chief Information Officer (OCIO)
In accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Rev. 4, HHS defines a computer security incident as “a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices.” If you suspect an information security or privacy related incident, please contact your OPDIV Chief Information Security Officer or the HHS Computer Security Incident Response Center (CSIRC). The HHS CSIRC can be reached at csirc@hhs.gov or 866-646-7514.
The following HHS OCIO Policies and Incident Management resources are listed for your convenience.
HHS OCIO Policies, Standards and Charters
National Institution of Standards and Technology (NIST)
- NIST SP 800-53 Rev. 4links to an external website, Security and Privacy Controls for Federal Information Systems and Organizations
- NIST SP 800-61 Rev. 2links to an external website, Computer Security Incident Handling Guide
- NIST SP 800-72links to an external website, Guidelines on PDA Forensics
- NIST SP 800-83links to an external website, Guide to Malware Incident Prevention and Handling
- NIST SP 800-86links to an external website, Guide to Integrating Forensic Techniques into Incident Response