Treasury Department Publication 71.10

Treasury Directive 71-10

Treasury Directive 71-10
Date: August 23, 1999
Sunset Review: August 23, 2003
SUBJECT: Department of the Treasury Security Manual
1. PURPOSE. This directive authorizes the issuance of the Department of the Treasury Security Manual.
2. SCOPE. This directive applies to all bureaus, the Departmental Offices (DO), the Office of Inspector
General (OIG) and the Treasury Inspector General for Tax Administration (TIGTA). Those authorities
reserved to the Special Assistant to the Secretary (National Security) concerning U.S. intelligence
activities are not affected by this directive.
3. BACKGROUND. Treasury Directive (TD) 27-01, "Organization and Functions - Office of the
Assistant Secretary of the Treasury (Management)," describes the responsibilities of the Deputy
Assistant Secretary for Information Systems and the Director, Office of Security, pertaining to the
direction and operation of certain security functions of the Department (which includes personnel and
physical security, which includes industrial and information security, emergency preparedness,
telecommunications and information systems security functions).
4. SECURITY MANUAL. This directive authorizes the Deputy Assistant Secretary for Information
Systems/CIO and the Director, Office of Security to jointly prescribe and publish the Department of the
Treasury Security Manual (Treasury Department Publication [TD P] 71-10), which shall be issued as a
separate regulation and shall be binding on all Treasury bureaus. Any reference to TD 71-10 shall be
deemed to include this directive and the Security Manual. The Security Manual:
a. provides uniform policies, standards and general procedures to be used by the bureaus to carry out
their respective responsibilities in the areas of personnel, physical, telecommunications and information
systems security, and emergency preparedness in accordance with the standards and guidelines issued by
the Department, Department of Energy, office of Personnel Management (OPM), Federal Emergency
Management Agency, National Security Agency, Department of Defense (DOD), Office of Management
and Budget, General Services Administration, General Accounting Office, National Institute of
Standards and Technology and the Security Policy Board;
b. implements and supplements, where necessary, Executive Orders, National Security directives, and
other Government regulations by providing guidance when such regulations are not sufficiently detailed,
or details are left to Departmental discretion; and
c. supersedes existing Treasury directives in the areas of personnel, physical, telecommunications and
http://www.treasury.gov/regs/td71-10.htm (1 of 4)8/10/2006 9:34:13 AM

Treasury Directive 71-10

information systems security, and emergency preparedness, except that delegations of authority from the
Assistant Secretary (Management) with respect to Office of Security programs will remain in effect.
Existing Treasury directives in the Departmental directives system will stay in effect until a
corresponding security manual chapter is issued and notice is given that a specific directive is canceled.
5. DEFINITION. The term "bureau" for purposes of this directive includes all bureaus, DO, the OIG and
the TIGTA.
6. APPLICABILITY. The Security Manual is binding on all Treasury bureaus. It sets forth the minimum
standards or requirements for the security functions of each bureau. The policies and procedures
contained in the manual do not preclude a bureau from applying more stringent internal requirements
where necessary to accomplish its mission, so long as additional standards or procedures adopted are
consistent with those in the Security Manual.
7. RESPONSIBILITIES.
a. The Deputy Assistant Secretary (Administration), Heads of Bureaus, the Inspector General, and the
Treasury Inspector General for Tax Administration, as it relates to their respective bureaus and offices,
shall:
(1) carry out the policies and procedures set forth in the Security Manual; and
(2) submit the following new or revised bureau issuances to the Deputy Assistant Secretary for
Information Systems/CIO or the Director, Office of Security, for review and approval PRIOR to
publication:
(a) bureau security directives, regulations, handbooks or publications which implement or supplement
the Security Manual;
(b) personnel security forms or questionnaires concerning applicants, employees or contractor personnel,
except those published by the Office of Security, OPM, or for the industrial security program, DOD;
(c) forms which authorize the release of information or the release of financial information for use in
personnel security matters, other than forms published by the Director, Office of Security or OPM; and
(d) any other forms which pertain to personnel, physical, telecommunications, information systems
security or emergency preparedness.
No issuance listed above shall be published, implemented, adopted or used until approved by the Deputy
Assistant Secretary for Information Systems/CIO or the Director, Office of Security. Bureau issuances
which are currently in use, or which have been approved need not be submitted to the Deputy Assistant
Secretary for Information Systems/CIO or the Director and may continue to be used unless approval is
http://www.treasury.gov/regs/td71-10.htm (2 of 4)8/10/2006 9:34:13 AM

Treasury Directive 71-10

withdrawn Such existing issuances must be submitted to the Deputy Assistant Secretary for Information
Systems/CIO or the Director whenever revised or rewritten.
b. The Director, Office of Security, shall:
(1) publish security policy and procedures in Chapters 1-V, VII-VIII of the Security Manual TD P 71-10
and formally coordinate the Security Manual with the bureaus, for review and comment prior to
issuance; and,
(2) review and approve bureau issuances which implement and supplement Chapters 1-V, VII-VIII of
the Security Manual.
c. The Deputy Assistant Secretary for Information Systems/CIO, shall:
(1) publish security policy, standards and procedures in Chapter VI of the Security Manual, "Systems
Security," and formally coordinate the Security Manual with the bureaus for review and comment prior
to issuance.
(2) review and approve bureau issuances which implement and supplement Chapter VI of the Security
Manual.
d. The Bureau Chief Information Officers, shall designate a point of contact to coordinate all policy
issues related to information systems security (including computer security, telecommunications
security, operational security (threats/vulnerability assessments), emissions security (TEMPEST),
certificate management, electronic authentication, disaster recovery and continuity of operations for
systems, and critical infrastructure protection related to cyber threats).
8. SUPPLY OF MANUAL. The Security Manual and its amendments may be obtained from either the
Office of the Deputy Assistant Secretary for Information Systems/CIO or the Office of Security.
9. AUTHORITIES.
a. TD 12-32, "Delegation of Authority Concerning Personnel Security."
b. TD 71-08, "Delegation of Authority for Physical Security Programs."
c. Public Law 100-235, "The Computer Security Act of 1987."
10. CANCELLATION. Treasury Directive 71-10, "Department of the Treasury Security Manual", dated
January 16, 1992, is superseded.

http://www.treasury.gov/regs/td71-10.htm (3 of 4)8/10/2006 9:34:13 AM

Treasury Directive 71-10

11. OFFICE OF PRIMARY INTEREST. Office of the Deputy Assistant Secretary for Information
Systems/CIO and the Office of Security, Office of the Assistant Secretary (Management Operations).

/S/
Nancy Killefer
Assistant Secretary for Management
and Chief Financial Officer

http://www.treasury.gov/regs/td71-10.htm (4 of 4)8/10/2006 9:34:13 AM