To make sure we are protecting GSA systems from hackers and other cyber attacks at all times, each of us plays an important part in this security effort. The policies linked on this page will help you understand these efforts.
GSA orders related to IT security
DevSecOps Model Separation of Duties - CIO IL-22-01 DevSecOps Model Separation of Duties [PDF - 50 KB] (03-10-2022)
This instructional letter (IL) is to provide the security practice instructions and procedure guidance for teams to achieve Separation of Duty (SOD) in a Development Operations/Development Security Operations (DevOps/DevSecOps) working model.
2183.1 CIO Order (10-19-2021)
Enterprise Identity, Credential, and Access Management (ICAM) Policy.
IT Security Policy - 2100.1Q GSA Information Technology (IT) Security Policy (Oct 16, 2024)
Newly updated IT Security Policy outlines all aspects of IT security required to keep GSA’s assets protected. Objectives of the policy are to ensure the confidentiality, integrity, and availability of all IT resources by employing security controls and managing risk.
GSA Information Technology (IT) Rules of Behavior - 2104.1C (November 5, 2024)
This order sets forth GSA’s policy on user responsibilities for the secure use of the agency’s IT assets. The General Rules of Behavior implement federal policies and GSA directives and are included in GSA mandatory training.
U.S. General Services Administration