Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

JavaScript appears to be disabled on this computer. Please click here to see any active alerts.

Security Requirements

EPA systems/applications must comply with federal information security requirements and standards including, but not limited to the Federal Information Security Modernization Act (FISMA) of 2014 (pdf), Federal Information Processing Standards (FIPS), and National Institute of Standards and Technology (NIST) Special Publications and EPA Security Information Directives.

EPA begins security planning and system categorization activities from the beginning of the system development lifecycle and continues security assessment and monitoring activities through implementation and operations and maintenance. Before EPA systems/applications can be deployed, they must be reviewed and approved through Agency Assessment and Authorization processes. Ensuring compliance with EPA security policies/procedures is usually the responsibility of the federal project lead. EPA's Security-related policies and procedures are available on the IT/IM Information Directives site.

Security Requirements

Developer Central