U.S. Department of Health and Human Services
Two types of information security programs are in place at HHS:
HHS Information Security Program (known as Cybersecurity Program) The enterprise program is responsible for strengthening HHS’ security posture across all OPDIVs and facilitating Departmental security reporting. Information about HHS Cybersecurity Program, inclusive of Department security policy and standards, can be found on the Program’s intranet site at http://intranet.hhs.gov/it/cybersecurity/index.html
OPDIV Information Security Programs OPDIV programs are responsible for implementing a security baseline aligned with the OPDIV mission and the HHS Cybersecurity Program.
Page 3 of 6
Information Security Program Management Information Security Programs at HHS