Please prepare three documents: Certification Memorandum, Web Site and Server Inventory Spreadsheet, and Non-Compliance Report. The memorandum and spreadsheet are required; the non-compliance report is required only if you have Web sites that are not compliant with Departmental Web policy, or Web servers that are not covered by an IT Security Plan.
Submit all completed memos, spreadsheets, and non-compliance reports to Linel Soto, lsoto@doc.gov, (202) 482-4990.
Signed Certification Memorandum from the Operating Unit CIO to the Commerce CIOÂ
Include the following information:
- Number of unique Web sites
- Number of unique Web server machines
- General assessment as to the reason for increases/decreases of both the number of Web sites and server machines
- Brief description of plans to increase/decrease either the number of Web sites or server machines
- Brief self-assessment of compliance with the Department’s Web policies
- NOAA should address these items at the line office level, where appropriate.
-
Completed Web Site and Server Inventory Spreadsheet
Each operating unit, except NOAA, should have one row of numbers to report. NOAA should have one row for each line office and headquarters.
Spreadsheet Format:
Attachment 2, the Web and Server Inventory spreadsheet has columns A-P (15 fields). For ease of reference, the Web site Compliance headings are links to Commerce’s Web policies. With the exception of column A, all responses should be whole numbers. Please note that for a Web site to be compliant with a Web policy, it must adhere to all aspects of the policy. Â
Web Sites and Servers to Include:
Web site and servers that meet the following criteria should be included in your inventory, including those commercially owned and operated for the Department:
- Web server machines that host public Web sites that can be reached from the Internet and have no access controls.
- Web server machines that host public internal Web sites that can be reached from the Internet but where access is subject to controls. The access controls may be implicit (and weak), such as an un-advertised address, or explicit, such as VPN, IP filtering (firewall), or ID and authentication (password).
- Backup or mirror machines for Web sites and servers that are in production.
Do Not Include the Following:
- Backend servers, e.g., database servers
- Distribution directories
- Routers
- Printers
- Non-operational servers
- Backup or mirror servers that do not support publicly accessible Web sites
- Development-only servers
- Directories
- Web-mail servers or Web sites
- E-mail servers
-
Non-Compliant Web Sites and Servers Report
For operating units with non-compliant Web sites or servers, Attachment 3, Web Site/Server Inventory and Annual Web Policy Certification Non-Compliance Report, should be used. Please include the following:
- For each Web policy area (e.g., privacy, link to DOC Home Page, etc.), list those Web sites that are not compliant along with a target date for compliance and an explanation for the non-compliance.
- For each server that is not covered by an IT Security Plan, list the server along with a target date for coverage by an IT Security Plan and an explanation for the non-compliance.
Point of Contact:
Please submit completed memos, spreadsheets, non-compliance reports, and any questions to Linel Soto, lsoto@doc.gov, or call (202) 482-4990.
Department of Commerce Web Advisory Council (WAC)
U.S. Department of Commerce
Send questions and comments about this page to WAC@doc.gov
Page last updated October 12, 2010
- Alicia R. Sowah
Deputy Director of Digital Engagement
Gregory Johnson
Co-Chair, Web Advisory Commmitee
-
Partnered By
