I would recommend starting with the Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) and the Guide for Developing Security Plans for Federal Information Systems. There are others that apply tangentially, but these two should be the starting point in my view.
The DOD has a well organized page for security policies regarding web applications .
However, I would start with the Policy for Department of Defense Internet Interactive Activities memorandum.
The document is from 2007, so it's applicability to social media is dubious. The document does refer to the creation of a "Best Practices for Internet Interactive Activities" by USSOCOM in the near future.
I was unable to find this document during my research for this article however, so I assume it is still being developed in the bowels of the government.
On a brighter note, the DOD has an interesting Social Media Hub that should provide actual implementation data and humans to contact.
OMB offers ye olde Circular A-130 as its entry in the information security arena. Last updated in November of 2000, it should come with tips on the revulcanization of the tyres for your Model T.
It's good to be familiar with this document however since it will obviously be around for a long time to come.
The GAO has adopted FISMA as its internal standard. Since the GAO audits federal agencies for their compliance to federal guidelines, it is interesting to note how agencies are fairing in their efforts to become more secure.
These audit finding are valuable intelligence that will assist in closing any gaps an agency could have, so you don't end up in the same reports.
The DHS National Cyber Security Division has a interesting link that drops you into an application security site called Build Security In.
The site is similar NIST in regards to the large amount of security related articles to review. For a shortcut, take a look at the Ten Most Recently Modified Articles section for the latest.
The Federal CIO Council lists as its last and latest example of guidelines for Social Media as published by U.S. Air Force.
The US Air Force New Media Guide (2009) is an excellent document that is short, concise and provides valuable guidance on social media implementations.
A must read for any organization that is considering a foray into the Web 2.0 sphere.
On a side note, while researching this article, I came across the Information Assurance Support Environment, an entity sponsored by the Defense Information Systems Agency.
It is a clearinghouse for all things IT within the government umbrella. The site is overwhelming at first, due to the vast amounts of data that is presented. I would recommend that you start here for simplicity sake.
This site puts the herculean task that is faced by many CISO's and CIO's in a stark light when it comes to following the appropriate security policies for their federal agencies.
This overt display of absurd policy complexity show why the black hats will continue to gain ground on their targets.
They do not operate in a blizzard of paperwork and it behooves the security community to demand the same. That is a topic for another day however.
In my next article on the Federal Social Media Guidelines, we will look at the various types of security threats that are enhanced with Social Media and mentioned in the document.
Also, I will review the recommendations of the CIO Council in how to combat them and provide additional sources of information.
