DHS Sensitive Systems Policy Directive 4300A

Citation: DHS Sensitive Systems Policy Directive 4300A: Information Technology Security Program (Sept. 30, 2007).

Overview
This DHS Sensitive Systems Policy Directive 4300A articulates the Department of Homeland Security (DHS) Information Technology (IT) Security Program policies for sensitive systems. Procedures for implementing these policies are outlined in a companion publication: DHS 4300A Sensitive Systems Handbook. The handbook serves as a foundation for DHS Components to develop and implement their IT security programs.

IT Security Program Policy
The DHS IT Security Program provides a baseline of policies, standards, and guidelines for DHS Components. This document provides direction to managers and senior executives for managing and protecting sensitive systems. It also outlines policies relating to management, operational, and technical controls necessary for ensuring confidentiality, integrity, availability, authenticity, and nonrepudiation within the DHS IT infrastructure and operations.

The policies and direction contained in the Directive apply to all DHS Components. IT security policies and implementing procedures for National Security Systems are covered in DHS National Security Systems Policy Directive 4300B and DHS 4300B National Security Systems Handbook.

The DHS IT Security Program does not apply to systems that process, store, or transmit National Intelligence Information.