You are here

Policy Program and Archive

Office of the Chief Information Officer Policy Program Documents

  • 1351.1: IT Directives Management (May 21, 2009) This policy is DOT’s framework for developing, maintaining, posting, implementing, reviewing and updating IT policies and accompanying  guidance.
     
  • 1351.18: Departmental Privacy Risk Management Policy (September 30, 2014) This policy is DOT’s framework for identifying, assessing and mitigating privacy risk for information stored in DOT information systems.
     
  • 1351.19: PII Breach Notification Controls (May 14, 2009) This policy is DOT’s framework for responding appropriately to situations that involve the unauthorized dissemination of Personally Identifiable Information (PII) to mitigate the risk of harm should a breach occur.
     
  • 1351.21: U.S. Department of Transportation Enterprise License Agreements (ELAs) (June 30, 2009) This policy is DOT's framework for the management of Enterprise License Agreements (ELAs) for software, and for purchase and management of software licenses under those agreements.
     
  • 1351.22.1: Departmental Earned Value Management Policy (July 15, 2010) This policy is DOT's framework for establishing Earned Value Management as a fundamental element of Capital Planning and Investment Control (CPIC) and investment portfolio management oversight.
     
  • 1351.23: Electronic and Information Technology Accessibility Policy (September 11, 2013) This policy is DOT's framework to ensure equal accessibility to DOT's electronic and information technology to persons with disabilities.
     
  • 1351.24: Departmental Web Policy (September 27, 2010) This policy is DOT's framework for creating, managing and maintaining DOT's internal and external Web sites, including Web presences hosted on non“.gov” domains, for audiences both internal and external to DOT.
     
  • 1351.27: Enterprise Architecture Policy (April 19, 2013) This policy is DOT's framework to establish, develop, maintain and facilitate a sound and integrated IT enterprise architecture that provides a comprehensive overview of how DOT IT investments support the Department.
     
    • Open Source Management: This implementation instruction establishes requirements for managing custom software (source code) developed by the Department and its contractors. The instruction ensures that the Department can identify and leverage custom-developed software from all agency components as well as other Federal agencies.
       
  • 1351.28: Records Management (November 1, 2010) This policy is DOT's framework for managing DOT records, including collection, maintenance, use, and disposal.
     
  • 1351.29: Paperwork Reduction Act (PRA) and Information Collection (IC) This policy is DOT's framework for  minimizing the paperwork burden on the public.
     
  • 1351.33: Departmental Web-Based Interactive Technologies Policy (Social Media and Web 2.0) (November 23, 2010) This policy is DOT's framework for employee access, conduct, account management, acceptable use, approved sites, and other requirements when using Web-based interactive technologies during work hours.
     
  • 1351.34: Departmental Data Management Policy (July 13, 2017) This policy is DOT's framework for managing and standardizing the quality, objectivity, utility, and integrity of data disseminated to the public.
     
  • 1351.36: Departmental Forms Management Policy (November 8, 2011) This policy is DOT's framework for ensuring DOT maintains a uniform and accurate inventory and exercises management of the content of all DOT forms.
     
  • 1351.37: Departmental Cyber Security Policy (June 21, 2011) This policy is DOT's framework for providing security for all DOT information systems, information technology, networks, and data that support DOT operations.
     
  • 1351.38: Privacy Policy for Information Sharing Environment (ISE) (June 5, 2012) This policy is DOT's framework for collecting, using, storing, sharing and securing terrorism-related Protected Information (PI) shared through the Information Sharing Environment (ISE.)
     
  • 1351.39.A: Departmental IT Management Policy (August 3, 2017) This policy ensures IT management policies to align with the Federal Information Technology Acquisition Reform Act (FITARA) requirements that impose significant new responsibilities on Department-level CIOs for approving IT investments, budgets and acquisitions. At the same time, this policy also affirms the role of OA CIOs supporting FITARA requirements.
     
    • Investment Management Guidance: The Investment Management Guidance takes an integrated approach to the oversight and management of IT resources, and serves as the mechanism used by the Department to coordinate and manage the compliance of all things IT. The Guidance outlines the DOT’s strategy and process steps necessary to enhance the integration, streamlining and maturity of Capital Planning and Investment Control (CPIC) activities for the enterprise management of IT resources. The investment management process centers on the guiding principles of a data-driven, portfolio-based approach and CPIC methodology that allows for an expansive and thorough look across the enterprise of DOT IT assets and resources. This empowers the Department to make evidence-based decisions on the pre-selection, selection, control, and evaluation of new and ongoing IT investments. It also facilitates the identification and elimination of legacy systems no longer required to meet the Department’s goals and objectives.
       
    • Enterprise Program Management Review (EPMR): EPMR serves as the authoritative framework used to promote the integrated management oversight and life cycle review among the DOT stakeholder communities responsible for initiating, reviewing, approving, and monitoring DOT IT investments. EPMR provides users a common and executable understanding of program management processes and activities to navigate for the efficient and effective procurement and sustainment of information technologies. In addition, EPMR aids in the implementation of the Federal Information Technology Acquisition Reform Act’s (FITARA) new accountability and oversight responsibilities that have been designated for the Chief Information Officer (CIO) and Senior Agency Official (CXO) communities.
       
  • 1351.40: Common Operating Environment (COE) Shared Services Policy (March 5, 2015) This policy it DOT's framework for execution of IT Shared Services activities to rationalize investments, drive down costs and improve service.


Please contact OCIOITPolicy@dot.gov with any 508 Accessibility questions.

Updated: Monday, November 5, 2018
Submit Feedback >