Skip to main content

An official website of the United States government

Here’s how you know

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

GSA Logo U.S. General Services Administration
    • Explore buy through us
    • Category management
    • Government property for sale or lease
      Toggle submenu
      • Personal property (tangible goods)
      • Real property (real estate and buildings) for public use
      • Real property sales
      • Vehicle sales
    • Products and services
      Toggle submenu
      • Human capital
      • Industrial products and services
      • Office management
      • Professional services
      • Security and protection
      • Transportation and logistics services
    • Purchasing programs
      Toggle submenu
      • Assisted acquisition
      • Commercial platforms
      • Federal strategic sourcing initiative
      • Fleet management
      • HCaTS and HCaTS SB
      • OASIS and OASIS SB
      • Requisition programs
      • State and local programs
      • Emergency acquisition basic ordering agreements
    • Shared services
      Toggle submenu
      • Payroll services
      • Support services for CABs

    Featured Topics

    • Multiple Award Schedule Governmentwide contracts for products and services at volume discount pricing.
    • Auctions Federal assets available via auction to the general public.
    • Explore sell to government
    • Step 1: Learn about government contracting
      Toggle submenu
      • Ways you can sell to government
      • How to access contract opportunities
      • Conduct market research
    • Step 2: Compete for a contract
      Toggle submenu
      • Register your business
      • Certify as a small business
      • Become a schedule holder
      • Market your business
      • Research active solicitations
      • Respond to a solicitation
      • What to expect during the award process
    • Step 3: Manage your contract
      Toggle submenu
      • Comply with contractual requirements
      • Handle contract modifications
      • Monitor past performance evaluations

    Featured Topics

    • Contract opportunities on SAM.gov Search current federal contract opportunities and procurement notices.
    • Forecast of contracting opportunities Anticipated contracts offered by GSA.
    • Vendor support center Research the federal market, report sales, and upload contract information.
    • Explore real estate
    • Design and construction
      Toggle submenu
      • 3D-4D building information modeling
      • Computer-aided design standards
      • Engineering
      • Project management information system
      • Prospectus thresholds
    • Facilities management
      Toggle submenu
      • Security
      • Tenant services
      • Water quality management
    • Our properties
      Toggle submenu
      • Owned and leased properties
      • Regional buildings
      • Renting property
    • Real estate services
      Toggle submenu
      • GSA lease inventory
      • Real property disposal
      • Reimbursable services (RWA)
      • For businesses seeking opportunities
      • For workers in federal buildings
      • Voice of the customer
    • Workplace optimization
      Toggle submenu
      • Commercial coworking
      • Federal coworking
      • Space Match
    • Explore historic buildings

    Featured Topics - Real Estate

    • Historic preservation tools and resources Procedures for maintaining and repairing historic buildings.
    • Real property disposal Dispose or acquire excess federal real property including buildings or land.
    • Explore policy and regulations
    • Acquisition management policy
    • Aviation management policy
    • Information technology policy
    • Real property management policy
    • Relocation management policy
    • Travel management policy
    • Vehicle management policy
    • Regulations
      Toggle submenu
      • Federal acquisition regulations
      • Federal management regulations
      • Federal travel regulations

    Featured Topics

    • Forms Search for a government form.
    • Per diem FAQs Frequently asked questions about per diem rates and related topics.
    • Explore small business
    • Small business goals
    • Register your business
      Toggle submenu
      • Explore business models
      • Research the federal market
      • Subcontracting and other partnerships
    • Forecast of contracting opportunities
    • Small business resources
      Toggle submenu
      • Small business contacts
      • Small business events
      • Videos

    Featured Topics

    • Forecast tool Information on planned federal contracting opportunities.
    • Socio economic categories Check your eligibility for small-business set-asides.
    • Training resources Suggested training for doing business with us.
    • Explore travel
    • Plan a trip
      Toggle submenu
      • Per diem rates
      • Transportation (airfare rates, POV rates, etc.)
      • Lodging
      • Travel charge card
    • Travel and lodging services
      Toggle submenu
      • E-gov travel service (ETS)
      • Rideshare
      • Travel category schedule
    • Federal travel regulation

    Featured Topics

    • Per diem rates look-up Allowances for lodging, meal and incidental costs while on official government travel.
    • Mileage reimbursement rates Reimbursement rates for the use of your own vehicle while on official government travel.
    • Explore technology
    • Build websites and digital services
    • Purchasing programs
      Toggle submenu
      • Cloud computing services
      • Cybersecurity products and services
      • Governmentwide acquisition contracts
      • MAS information technology
      • USAccess
    • Government initiatives
      Toggle submenu
      • Artificial Intelligence
      • Cybersecurity
      • Emerging citizen technology
      • FedRAMP
      • Federal identity, credentials, and access management
      • Robotic process automation community
      • Technology modernization fund
    • Training

    Featured Topics

    • Challenge.gov Government sponsored challenges and prize competitions.
    • Data.gov Access U.S. government data.
    • Multiple award schedule IT category Information technology products, services and solutions.
    • Explore about us
    • Background and history
      Toggle submenu
      • Overview
      • Mission and strategic goals
      • Role in presidential transitions
    • Careers
      Toggle submenu
      • Get an internship
      • Launch your career
      • Elevate your professional career
      • Discover special hiring paths
      • Resources and related links
    • Events and training
      Toggle submenu
      • Events, training, and request a speaker
      • Our training programs
    • Newsroom
      Toggle submenu
      • Agency blog
      • Congressional testimony
      • GSA does that podcast
      • News releases
      • Speeches
      • Videos
    • Organization
      Toggle submenu
      • Leadership directory
      • Federal Acquisition Service
      • Public Buildings Service
      • Staff offices
    • Regions
      Toggle submenu
      • Region 1 | New England
      • Region 2 | Northeast and Caribbean
      • Region 3 | Mid-Atlantic
      • Region 4 | Southeast Sunbelt
      • Region 5 | Great Lakes
      • Region 6 | Heartland
      • Region 7 | Greater Southwest
      • Region 8 | Rocky Mountain
      • Region 9 | Pacific Rim
      • Region 10 | Northwest/Arctic
      • Region 11 | National Capital Region
    • Contact us

    Featured Topics

    • Blog Read the latest GSA news, updates and analysis.
    • Careers Learn what we have to offer.
  • Per diem lookup
Buy through us
Explore buy through us
Category management
Government property for sale or lease
Personal property (tangible goods)
Real property (real estate and buildings) for public use
Real property sales
Vehicle sales
Products and services
Human capital
Industrial products and services
Office management
Professional services
Security and protection
Transportation and logistics services
Purchasing programs
Assisted acquisition
Commercial platforms
Federal strategic sourcing initiative
Fleet management
HCaTS and HCaTS SB
OASIS and OASIS SB
Requisition programs
State and local programs
Emergency acquisition basic ordering agreements
Shared services
Payroll services
Support services for CABs
Sell to government
Explore sell to government
Step 1: Learn about government contracting
Ways you can sell to government
How to access contract opportunities
Conduct market research
Step 2: Compete for a contract
Register your business
Certify as a small business
Become a schedule holder
Market your business
Research active solicitations
Respond to a solicitation
What to expect during the award process
Step 3: Manage your contract
Comply with contractual requirements
Handle contract modifications
Monitor past performance evaluations
Real estate
Explore real estate
Design and construction
3D-4D building information modeling
Computer-aided design standards
Engineering
Project management information system
Prospectus thresholds
Facilities management
Security
Tenant services
Water quality management
Our properties
Owned and leased properties
Regional buildings
Renting property
Real estate services
GSA lease inventory
Real property disposal
Reimbursable services (RWA)
For businesses seeking opportunities
For workers in federal buildings
Voice of the customer
Workplace optimization
Commercial coworking
Federal coworking
Space Match
Explore historic buildings
Policy and regulations
Explore policy and regulations
Acquisition management policy
Aviation management policy
Information technology policy
Real property management policy
Relocation management policy
Travel management policy
Vehicle management policy
Regulations
Federal acquisition regulations
Federal management regulations
Federal travel regulations
Small business
Explore small business
Small business goals
Register your business
Explore business models
Research the federal market
Subcontracting and other partnerships
Forecast of contracting opportunities
Small business resources
Small business contacts
Small business events
Videos
Travel
Explore travel
Plan a trip
Per diem rates
Transportation (airfare rates, POV rates, etc.)
Lodging
Travel charge card
Travel and lodging services
E-gov travel service (ETS)
Rideshare
Travel category schedule
Federal travel regulation
Technology
Explore technology
Build websites and digital services
Purchasing programs
Cloud computing services
Cybersecurity products and services
Governmentwide acquisition contracts
MAS information technology
USAccess
Government initiatives
Artificial Intelligence
Cybersecurity
Emerging citizen technology
FedRAMP
Federal identity, credentials, and access management
Robotic process automation community
Technology modernization fund
Training
About us
Explore about us
Background and history
Overview
Mission and strategic goals
Role in presidential transitions
Careers
Get an internship
Launch your career
Elevate your professional career
Discover special hiring paths
Resources and related links
Events and training
Events, training, and request a speaker
Our training programs
Newsroom
Agency blog
Congressional testimony
GSA does that podcast
News releases
Speeches
Videos
Organization
Leadership directory
Federal Acquisition Service
Public Buildings Service
Staff offices
Regions
Region 1 | New England
Region 2 | Northeast and Caribbean
Region 3 | Mid-Atlantic
Region 4 | Southeast Sunbelt
Region 5 | Great Lakes
Region 6 | Heartland
Region 7 | Greater Southwest
Region 8 | Rocky Mountain
Region 9 | Pacific Rim
Region 10 | Northwest/Arctic
Region 11 | National Capital Region
Contact us
  1. Home
  2. Policy & regulations
  3. Policy
  4. Information technology policy
  5. IT Security Procedural Guides

IT Security Procedural Guides

The IT Security Guides support IT Security requirements for acquisition contracts involving externally hosted contractor information systems that do not connect to the GSA network. The guides also support information systems hosted in GSA facilities that directly connect to the GSA network, cloud information systems and mobile applications.

IT Security Guides for GSA IT Acquisition Contracts

Required Policies and Regulations for GSA Contracts

  • Access Control (AC) [CIO-IT-Security-01-07-Rev-7]-02-10-2025 [PDF - 1 MB]
    Implementing appropriate access controls for GSA IT.
  • Annual-FISMA-and-Financial-Statements-Audit-Guide-[CIO-IT-Security-22-121, Revision 1]-05-15-2023 [PDF - 754 KB]
    Guide provides guidance on how GSA prepares for, supports, and analyzes the results of annual FISMA and Financial audits.
  • Building Technologies Technical Reference Guide (BTTRG) Version 3.0 (REDACTED_Final) - May 1,2024 [PDF - 4 MB]
    Guidance on smart building implementations and industry best practices for building automation systems.
  • Conducting Penetration Test Exercises-[CIO-IT-Security-11-51-Rev-7]-03-26-2024 [PDF - 747 KB]
    Penetration test exercises.
  • Configuration-Management-(CM) [CIO-IT-Security-01-05-Rev-6]-03-03-2025 [PDF - 861 KB]
    CM process.
  • Contingency-Planning-(CP)-[CIO-IT-Security-06-29-Rev-6] - 09/16/2022 [PDF - 1 MB]
  • Provides guidance for the CP security controls identified in NIST SP 800-53 and contingency planning requirements specified in CIO 2100.1.
  • Cyber Supply Chain Risk Management (C-SCRM) Program-[CIO-IT-Security-21-117-Revsion-2]-03-07-24 [PDF - 654 KB]
    Provides an overview detailing the establishment of a C-SCRM in accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-161, “Supply Chain Risk”.
  • DevSecOps Program OCISO [CIO-IT-Security-19-102-Rev-2]-04-19-2023 [PDF - 750 KB]
    Establishes the OCISO DevSecOps Program (ODP), adding security as a third component into DevOps teams.
  • Drones Unmanned Aircraft Systems (UAS) Security [CIO-IT-Security-20-104-Rev-2]-03-18-2025 [PDF - 523 KB]
    Process by which small Unmanned Aircraft Systems (UAS) also known as drones that are registered and authorized for use.
  • External Information System Monitoring [19-101-Rev-6]-01-15-2025 [PDF - 879 KB]
    Process and procedures to ensure external information systems are monitored, required deliverables are provided timely, and meet GSA security requirements.
  • Firewall and Proxy Change Request Process-[CIO-IT-Security-06-31-Rev-10]-12-04-2023 [PDF - 752 KB]
    Change request process including request initiation, vulnerability and application security scanning, and authorizations.
  • FISMA-Implementation-Guide-[CIO-IT-Security-04-26-Rev3] - 08-10-2022 [PDF - 907 KB]
    Federal Information Security Modernization Act (FISMA) of 2014 provides specific procedures for completing FISMA actions.
  • GSA Pages Security Review and Approval Process-[CIO-IT-Security-20-106-Revision-2]-03-08-2024 [PDF - 674 KB]
    Review and approval process for Federalist site for hosting.
  • Identification and Authentication (IA)-[CIO-IT-Security-01-01-Rev-7]-09-21-2022 [PDF - 1 MB]
    Provides GSA staff with significant security responsibilities as identified in the GSA IT Security Policy CIO P 2100.1 and other IT personnel involved in implementing identification and authentication for specific processes and procedures for systems under their purview.
  • Information Security Continuous Monitoring Strategy-[CIO-IT-Security-12-66-Rev 4]-11-04-2022 [PDF - 1 MB]
    Strategy and implementation for performing continuous monitoring of information systems authorized to participate in ISCM.
  • IT Security Program Management Implementation Plan-(CIO-IT-Security-08-39-Rev-11]-11-13-2023 [PDF - 1 MB]
    Supports the implementation of key IT Security measures of progress to gauge performance in requirements from FISMA and other Federal and GSA policies and guidelines.
  • Key Management-[CIO-IT Security-09-43-Revision 5]-04—6-2023 [PDF - 804 KB]
  • Provides a framework to document Key Management processes required by GSA IT Security Policies, FISMA, and FIPS 140-3.
  • Lightweight Security Authorization Process [CIO-IT-Security-14-68-Rev-8] 09-13-2024 [PDF - 859 KB] 
    Defines a lightweight security authorization process for FIPS 199 Low and Moderate systems in GSA pursuing an agile development methodology and residing on infrastructures that have a GSA ATO concurred by the GSA CISO or a FedRAMP ATO.
  • Low Impact SaaS (LiSaaS) Solutions Authorization Process  [16-75-Rev-7]-11-07-2024 [PDF - 679 KB]
    Process for authority to operate (ATO) for LiSaaS solution security review.
  • Maintenance (MA) [CIO-IT-Security-10-50-Rev-5] - 11/05/2024 [PDF - 901 KB]
    (MA) System components (hardware and software) must be maintained in accordance with manufacturer’s recommendations, contractual requirements, and best business practices throughout the system’s life cycle.
  • Managing Enterprise Cybersecurity Risk-[CIO-IT-Security-06-30-Rev-25]-10-16-2024 [PDF - 1 MB]
    Key activities in managing enterprise-level risks through a system life cycle perspective, including system security authorization and continuous monitoring. 
  • Managing Information Exchange Agreements [CIO-IT Security-24-125-Initial Release]-10-25-2023 [PDF - 805 KB]
    Guide identifies the type of agreements required for General Service Administration (GSA) systems for various types of information exchanges and the process for establishing the agreements and obtaining approval for them.
  • Media-Protection-(MP) [06-32-Rev-7]-11-05-2024 [PDF - 1013 KB]
    Requirements as identified in GSA Order CIO P 2100, GSA Information Technology [IT] Security Policy and NIST SP 800-53 R3.
  • Moderate-Impact-SaaS-Security-Authorization-Process-[CIO-IT-Security-18-88-Rev-2] - 03-19-2025 [PDF - 636 KB]
    Security authorization process for FIPS 199 Moderate Impact Software-as-a-Service systems to be granted a one-year ATO. 
  • Physical and Environmental Protection (PE) [PDF - 854 KB] [CIO-IT-Security-12-64-Rev-4]-07-08-2022 [PDF - 854 KB]
    Physical and environmental protection security controls identified in NIST SP 800-53 and requirements specified in CIO 2100.1.
  • PII-Processing-and-Transparency-Controls-[CIO-IT-Privacy-24-01] - 12-01-2023 [PDF - 911 KB]
    Guidance regarding the implementation of the NIST SP 800-53 Personally Identifiable Information Processing and Transparency (PT) controls.
    Protecting-CUI-Nonfederal-Systems-[CIO-IT-Security-21-112-Initial-Release] - 05-27-2022 [PDF - 1 MB]
  • Guidance for implementing security requirements from NIST SP 800-171, 800-172, and selected privacy controls from 800-53, Revision 5.
  • Risk-Management-Strategy-(RMS)-[CIO-IT-Security-18-91-Rev-5]-08-02-2023 [PDF - 739 KB]
    Framework for proactively identifying, managing, and treating risk in achieving GSA’s strategic objectives and mission.
  • Salesforce Platform Security Implementation [CIO-IT-Security-11-62-Rev 3]-03-01-2023 [PDF - 1 MB]
    Assists GSA employees and contract personnel that have IT Security responsibilities, implement a standard Salesforce Assessment and Authorization.
  • Security and Privacy Awareness and Role Based Training Program-[CIO-IT-Security-05-29-Rev-9]-03-03-2025 [PDF - 790 KB]
    Training requirements for all GSA employees and contractors.
  • Security and Privacy Requirements for IT Acquisition Efforts-[CIO-IT-Security-09-48-Rev-9]-01-15-2025 [PDF - 1 MB]
    Defines and establishes consistent security and privacy requirements for GSA IT acquisition contracts of various types.
  • Security Engineering Architectural Reviews-[CIO-IT Security-19-95-Rev-1]-09-29-2022 [PDF - 972 KB]
    ISE proposed review strengthen information systems and supporting infrastructures by ensuring they are designed and built around respective protection needs, proven security architectures.
  • Supply-Chain-Risk-Management-(SR)-Controls-[CIO-IT-Security-22-120]-04-02-2025 [PDF - 765 KB]
    Guide provides guidance for the implementation of SR controls identified in NIST SP 800-53 and SCRM requirements specified in CIO 2100.1. 
  • System-and-Information-Integrity-(SI)-[CIO-IT-Security-12-63-Rev-3]-09-30-2022 [PDF - 883 KB]
    GSA Federal employees and contractors with significant security responsibilities, as identified in CIO 2100.1, and other IT personnel involved in implementing system and information integrity features and mechanisms with the procedures necessary to properly perform the tasks under their purview.
  • Termination-and-Transfer-[CIO-IT-Security-03-23-Rev-7] - 04-18-2025 [PDF - 769 KB]
    Provides guidance and processes to be followed when a person’s relationship with GSA is terminated or changed.
  • Web Server Log Review [CIO_IT_Security_08-41_Rev_5]- 09-07-2022 [PDF - 1 MB]
    Provides an overview of how to conduct periodic web server log reviews integral to web system operation and security oversight. It does not address the specific needs of Enterprise-wide log analysis systems that aggregate logs from many servers. The guide discusses summary and detailed views of log contents.
Print Page Email Page
Last updated: May 1, 2025
Top
    • Overview
    • Identity assurance and trusted access
    • IT accessibility/Section 508
    • IT modernization
    • Digital strategies
    • Emerging technology
    • IT Data Transparency
    • IT Security Procedural Guides
    • GSA IT Security policies

Home

  • Resources for …
    • Americans with Disabilities
    • Citizens and Consumers
    • Federal Employees
    • GSA Employees
    • Native American affairs
    • Presidential & Congressional Commissions, Boards or Small Agencies
    • Small Business
  • Governmentwide Initiatives
    • Centers of Excellence
    • Digital experience
    • Emergency response
    • Federal Cybersecurity
    • ID, Credentials, and Access Management
    • Information Quality
    • Open Data
    • Technology Modernization Fund
  • Contact Us
  • Organization
    • Leadership Directory
    • Staff Directory
  • References
    • Annual reports
    • Plain Language
    • Budget and Performance
    • Catalogs
    • Orders & Directives
    • Forms
  • Website Information
    • A-Z Index
    • Report a website issue
    • Sitemap
  • Also of Interest
    • Data.gov
    • Whitehouse.gov
  • Tools
    • eBuy
    • eLibrary
    • Contracting forecast tool
    • GSA Advantage
    • GSA Auctions
GSA logo
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • instagram
  • Blog
  • email

JOIN THE CONVERSATION

GSA.gov

An official website of the U.S. General Services Administration

  • Accessibility statement
  • Website Policies
  • Reports
  • Office of the Inspector General
  • No FEAR Act
  • FOIA Requests
  • Board of Contract Appeals
Looking for U.S. government information and services?
Visit USA.gov

PER DIEM LOOK-UP

1 Choose a location

Error, The Per Diem API is not responding. Please try again later.

No results could be found for the location you've entered.

Get my location

OR

OR

Rates for Alaska, Hawaii, and U.S. territories and possessions are set by the Department of Defense.

Rates for foreign countries are set by the Department of State.

2 Choose a date


OR

Rates are available between 10/1/2022 and 09/30/2025.

The End Date of your trip can not occur before the Start Date.

 
 
Additional terms and conditions

Traveler reimbursement is based on the location of the work activities and not the accommodations, unless lodging is not available at the work activity, then the agency may authorize the rate where lodging is obtained.

Unless otherwise specified, the per diem locality is defined as "all locations within, or entirely surrounded by, the corporate limits of the key city, including independent entities located within those boundaries."

Per diem localities with county definitions shall include"all locations within, or entirely surrounded by, the corporate limits of the key city as well as the boundaries of the listed counties, including independent entities located within the boundaries of the key city and the listed counties (unless otherwise listed separately)."

When a military installation or Government - related facility(whether or not specifically named) is located partially within more than one city or county boundary, the applicable per diem rate for the entire installation or facility is the higher of the rates which apply to the cities and / or counties, even though part(s) of such activities may be located outside the defined per diem locality.