DHS 4300A Sensitive Systems Handbook

Citation
DHS 4300A Sensitive Systems Handbook (Ver. 5.5 Sept. 30, 2007).(full-text)

Overview
This handbook serves as a foundation for Components within the Department of Homeland Security (DHS) to develop and implement their information technology (IT) security programs. The purpose of the handbook is to provide specific techniques and procedures for implementing the requirements of the DHS IT Security Program for Sensitive Systems. These baseline security requirements (BLSRs) are generated by the DHS IT security policies published in DHS Sensitive Systems Policy Directive 4300A. The BLSRs included in the handbook must be addressed in the IT security documents prepared by each Component.

This handbook incorporates many of the procedures in use by security personnel from the various organizations from which the DHS was formed. It is a compilation of the best practices used by DHS Components. In addition, it implements as requirements many of the guidelines contained in various National Institute of Standards and Technology (NIST) publications, Office of Management and Budget (OMB) direction, and Congressional as well as Executive Branch mandates.

This handbook is issued as implementation guidance under the authority of the Chief Information Officer through the Office of the Chief Information Security Officer. As such, it supersedes directives of the Departments to which the Components formerly reported. This handbook addresses IT security only. Documents addressing personnel, physical, information, and industrial security; investigations; emergency preparedness; and domestic counterterrorism will be issued separately by the agencies responsible for these programs. However, those aspects of personnel, physical, information, and industrial security; investigations; emergency preparedness; and counterterrorism that relate to IT security are addressed in this handbook.