Incident Reporting, Policy and Incident Management Reference

In accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Rev. 4, HHS defines a computer security incident as “a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices.” If you suspect an information security or privacy related incident, please contact your OPDIV Chief Information Security Officer or the HHS Computer Security Incident Response Center (CSIRC). The HHS CSIRC can be reached at [email protected] or 866-646-7514.  

The following HHS OCIO Policies and Incident Management resources are listed for your convenience.

HHS OCIO Policies, Standards and Charters

National Institution of Standards and Technology (NIST)

Content created by Office of the Chief Information Officer (OCIO)
Content last reviewed