Office of the Chief Information Officer

United States Department of Agriculture

Departmental Regulation 3520-002

Office of the Chief Information Officer – Agriculture Security Operations Center

Configuration Management


a. This Departmental Regulation (DR) establishes the configuration management policy of the United States Department of Agriculture (USDA or “Department”) for meeting the applicable laws, regulations, and standards of the Federal Government.

b. This DR addresses guidance issued by the Office of Management and Budget (OMB), the National Institute of Standards and Technology (NIST), and the Federal Information Security Management Act of 2002 (FISMA); requiring federal agencies to include “policies and procedures that ensure compliance with minimally acceptable system configuration requirements, as determined by the agency” within its information security program, and Federal Information Processing Standards Publication (FIPS PUB) 200, Minimum Security Requirements for Federal Information and Information Systems.

c. It is the policy of USDA to comply with federal requirements to establish, implement, augment, and support configuration management to manage risk to USDA systems.

PDF icon PDF version of DR3520-002121.05 KB
HTML icon HTML version of DR3520-002596.54 KB