Skip to main content

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Share your experience with the FAS IT-Playbook by taking this brief survey

Security Policies & Procedures

GSA-IT has outlined many Security Policies and Procedures. Below you will find several areas pertinent to FAS-IT related to new and currently operating systems, FAS Cloud Services, and overarching GSA-IT documentation and resources.

Authority to Operate

An ATO is a formal declaration by an Authorizing Official that authorizes the operation of an agency system or vendor-owned and/or operated system. Explore the process to obtain an ATO and levels of authorizaiton available.

Authority to Operate

Identith2cess Management (IAM)

Review information as it pertains to IAM solutions, tools, and technologies utilized by FAS-IT. This information is intended for GSA users, external government customers, and vendors.

Learn More About IAM

Ongoing Authorization

GSA has established an Ongoing Authorization (OA) Program to achieve Ongoing Authorization to Operate (OATO) for GSA managed information systems. OA provides a more frequent view into the security posture of the onboarded systems.

Learn More About OA

GSA-IT Resources: Policies & Procedures

GSA and FCS IT security policies for safeguarding IT assets and the potential consequences of breaching IT security policies.

GSA-IT Resources

Quick Resources

GSA Insite: IT Policies and Procedures
Communication & Reporting
FCS Security Forms & Templates