Skip to main content

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

survey icon Share your experience with the FAS IT-Playbook by taking this brief survey

Security Policies & Procedures

GSA-IT has outlined many Security Policies and Procedures. Below you will find several areas pertinent to FAS-IT related to new and currently operating systems, FAS Cloud Services, and overarching GSA-IT documentation and resources.

Authority to Operate

An ATO is a formal declaration by an Authorizing Official that authorizes the operation of an agency system or vendor-owned and/or operated system. Explore the process to obtain an ATO and levels of authorizaiton available.

Learn More
Identity Access Management

Review information as it pertains to IAM solutions, tools, and technologies utilized by FAS-IT. This information is intended for GSA users, external government customers, and vendors.

Learn More
Ongoing Authorization

GSA has established an Ongoing Authorization (OA) Program to achieve Ongoing Authorization to Operate (OATO) for GSA managed information systems. OA provides a more frequent view into the security posture of the onboarded systems.

Learn More
GSA-IT Resources: Policies & Procedures

GSA and FCS IT security policies for safeguarding IT assets and the potential consequences of breaching IT security policies.

Learn More

Quick Resources

GSA Insite: IT Policies and Procedures
Communication & Reporting
FCS Security Forms & Templates

Return to Security and Compliance

Return to Standards Alignment