Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    • Environmental Topics
    • Air
    • Bed Bugs
    • Chemicals and Toxics
    • Climate Change
    • Emergency Response
    • Environmental Information by Location
    • Environmental Justice
    • Greener Living
    • Health
    • Land, Waste, and Cleanup
    • Lead
    • Mold
    • Pesticides
    • Radon
    • Science Topics
    • Water Topics
    • A-Z Topic Index
    • Laws & Regulations
    • By Business Sector
    • By Topic
    • Compliance
    • Enforcement
    • Guidance
    • Laws and Executive Orders
    • Regulations
    • Report a Violation
    • Environmental Violations
    • Fraud, Waste or Abuse
    • About EPA
    • EPA Administrator
    • Organization Chart
    • Staff Directory
    • Planning, Budget, and Results
    • Jobs and Internships
    • Headquarters Offices
    • Regional Offices
    • Lab and Research Centers
Developer Central
Contact Us

Security Requirements

EPA systems/applications must comply with federal information security requirements and standards including, but not limited to the Federal Information Security Modernization Act (FISMA) of 2014 (pdf), Federal Information Processing Standards (FIPS), and National Institute of Standards and Technology (NIST) Special Publications and EPA Security Information Directives.

EPA begins security planning and system categorization activities from the beginning of the system development lifecycle and continues security assessment and monitoring activities through implementation and operations and maintenance. Before EPA systems/applications can be deployed, they must be reviewed and approved through Agency Assessment and Authorization processes. Ensuring compliance with EPA security policies/procedures is usually the responsibility of the federal project lead. Refer to EPA's Information Security – Security Assessment and Authorization Procedures for more information. EPA's Security-related policies and procedures are available on the IT/IM Information Directives site.

  • Developer Central
  • Guiding Principles for Application Development
  • Requirements and Development Considerations
    • Application Development/Hosting Environments
    • Electronic Signature Requirements
    • Data and Data Products
    • Information Collection Requirements
    • Open-Source Software and EPA Code Repository Requirements
    • Privacy Requirements
    • Section 508/Accessibility Requirements
    • Security Requirements
    • Web Application Development Requirements
Contact Us to ask a question, provide feedback, or report a problem.
United States Environmental Protection Agency

Discover.

  • Accessibility
  • Budget & Performance
  • Contracting
  • EPA www Web Snapshot
  • Grants
  • No FEAR Act Data
  • Plain Writing
  • Privacy
  • Privacy and Security Notice

Connect.

  • Data.gov
  • Inspector General
  • Jobs
  • Newsroom
  • Open Government
  • Regulations.gov
  • Subscribe
  • USA.gov
  • White House

Ask.

  • Contact EPA
  • EPA Disclaimers
  • Hotlines
  • FOIA Requests
  • Frequent Questions

Follow.

Last updated on April 12, 2022