Breadcrumb

Was this page helpful?

IT policy archive

DOC ICAM Policy:

The ICAM Policy defines the roles and responsibilities applicable to all DOC Mission Areas, Operating Units (OU), and staff offices, employees, appointees, contractors, and others who work for, or on behalf of, DOC. The policy extends to the processes, procedures, and technology for any information technology (IT) system that requires the management or authentication of an “identity.”, identity refers to the unique representation of a subject including a person, a device, a non-person entity (NPE), or an automated technology such as Robotic Process Automation (RPA), that is engaged in a transaction involving at least one Federal subject or a Federal resource, including data, information systems, or facilities. The ICAM policy encompasses Federal enterprise identity and Public identity.  Federal enterprise identity, or, simply, enterprise identity, refers to the unique representation of an employee, a contractor, an enterprise user, such as a mission or business partner, a device, or a technology that a Federal Agency manages to achieve its mission and business objectives.  Public identity refers to the unique representation of a subject that a Federal Agency interacts with, but does not directly manage, in order to achieve its mission and business objectives.  Public identity may also refer to a mechanism of trust used to render services to the American public.

Digital Identity Risk Management:

The ICAM Advisory Council oversees, governs and coordinates ICAM related functionality and services across the DOC enterprise. It coordinates the technical, enterprise architecture, business, budgetary, policies and procedures for incorporating digital identity Risk Management into existing selection of assurance levels based on the appropriate risk to protected resources.

2/28/18

FITARA Guidance – CIO defines IT processes and policies. The CIO defines the development processes, milestones, review gates, and the overall policies for all capital planning, enterprise architecture, and project management and reporting for IT resources. At a minimum, these processes shall ensure that the CIO certifies that IT resources are adequately implementing incremental development (as defined in the below definitions). The CIO should ensure that such processes and policies address each category of IT resources appropriately – for example, it may not be appropriate to apply the same process or policy to highly customized mission-specific applications and back office enterprise IT systems depending on the agency environment. These policies shall be posted publicly at agency.gov/digital strategy, included as a downloadable dataset in the agency’s Public Data Listing, and shared with OMB through the IDC. For more information, see OMB Circular A-130: Management of Information Resources.

Listed below are the Department of Commerce policies related to Information Technology, including governance, acquisition, use, configuration, security, and other related issues. This list will be continuously updated as new policies are issued or updated.

Commerce IT Review Board Policy

Commerce IT Review Board Policy – The CITRB is part of the department’s investment review process and is focused on new or re-competed acquisitions required to support major investments and non-major investments with life cycle costs at or above $10M. The CITRB ensures reviewed IT investments have an acceptable IT acquisition strategy, a viable technical approach, a risk plan, and an acceptable business case. A CITRB provides approval or disapproval by the CIO of requests for IT Investment Authority (ITIA) and the acquisition plan. ITIA approval is contingent upon the operating unit having budget approval. ITIA approval is required is required before an operating unit/Office may enter into a contract. A formal memo with the ITIA decision will be issued at completion of the review. The CITRB is part of the department’s investment review process and is focused on new or re-competed acquisitions required to support major investments and non-major investments with life cycle costs at or above $10M. The CITRB ensures reviewed IT investments have an acceptable IT acquisition strategy, a viable technical approach, a risk plan, and an acceptable business case. A CITRB provides approval or disapproval by the CIO of requests for IT Investment Authority (ITIA) and the acquisition plan. ITIA approval is contingent upon the operating unit having budget approval. ITIA approval is required is required before an operating unit/Office may enter into a contract. A formal memo with the ITIA decision will be issued at completion of the review.

Department Administrative Order (DAO) 208-16 – Acquisition Project Management

Commerce IT Acquisition Policy – This memorandum prescribes the policies, procedures, and responsibilities of implementing the Acquisition Framework on all programs and projects with particular emphasis on high-profile programs and projects.

Bureaus and Offices