OMB to Fed. Computer Users: "Clean Up Your Act!"
In light of a number of boneheaded regrettable incidents involving laptop thefts that resulted in egregious security lapses the Executive Branch has sprung into action. Clay Johnson III, the Deputy Director for Management for the Office of Management and Budget has issued a strongly worded memorandum (link to the offical memo in .pdf format) for the edification of all heads of federal departments and agencies (that's Clay's picture to the left).
Clay has given the government 45 days to set up procedures to make sure that workers: "Encrypt all data on mobile computers/devices which carry agency data unless the data is determined to be non-sensitive, in writing, by your Deputy Secretary or an individual he/she may designate in writing; .... Allow remote access only with two-factor authentication where one of the factors is provided by a device separate from the computer gaining access; ... Use a “time-out” function for remote access and mobile devices requiring user reauthentication after 30 minutes inactivity; and ... Log all computer-readable data extracts from databases holding sensitive information and verify each extract including sensitive data has been erased within 90 days or its use is still required."
Comments