Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

This is not the current EPA website. To navigate to the current EPA website, please go to www.epa.gov. This website is historical material reflecting the EPA website as it existed on January 19, 2025. This website is no longer updated and links to external websites and some internal pages may not work. More information »

JavaScript appears to be disabled on this computer. Please click here to see any active alerts.

Office of Mission Support Policies: Security & Privacy

CIO Number	Title	Related Documents
CIO 2150.6	Information Security Policy	Procedures Information Security – Access Control Procedures Information Security – Awareness and Training Procedures Information Security – Audit and Accountability Procedures Information Security – Assessment, Authorization and Monitoring (CA) Procedure Information Security – Configuration Management (CM) Procedure Information Security – Contingency Planning (CP) Procedure Information Security – Identification and Authentication (IA) Procedure Information Security – Incident Response (IR) Procedures Information Security – Maintenance (MA) Procedure Information Security – Media Protection (MP) Procedure Information Security – Physical and Environmental Protection (PE) Procedure Information Security – Planning (PL) Procedure Information Security – Personnel Security (PS) Procedure Information Security – Risk Assessment (RA) Procedure Information Security – System and Services Acquisition (SA) Procedure Information Security – System and Communications Protection (SC) Procedure Information Security – System and Information Integrity (SI) Procedure Information Security – Roles and Responsibilities Procedures Spillage of Classified Information onto Unclassified Systems Procedure Information Security – Privacy Procedures Information Security – Program Management (PM) Procedure Information Security - Data Loss Prevention Procedure Information Security – Supply Chain Risk Management (SR) Procedure Information Security – Detecting Counterfeit Information and Communications Technology Products Procedure Standards Information Security – EPA National Rules of Behavior Guidance Information Security – Guidance for Manually Completing the Information Security Awareness Training
CIO 2151.1	Privacy Policy	Procedures Responding to Personally Identifiable Information (PII) Breach Procedure Systems of Records Notices (SORN) Privacy Act Procedure Procedures for Preparing Privacy Impact Assessments Procedures for Preparing Privacy Act Statements Personally Identifiable Information (PII) Incident Handling & Response Procedure Conducting Privacy On-Site Reviews Procedure Processing Privacy Act Requests Procedure Computer Matching Agreement Procedure Protecting Sensitive Personally Identifiable Information (SPII)
CIO 2154.4	Mobile Computing Policy	Procedures International Travel Procedures for Mobile Devices Mobile Computing Management Procedure
CIO 2158.2	Controlled Unclassified Information (CUI) Policy	Procedures Controlled Unclassified Information (CUI) Procedure