New WH memo outlines telework security guidelines
Agencies must control access to information systems, memo states
- By Alyah Khan
- Jul 18, 2011
A senior Obama administration official is reminding federal agencies that they must comply with security guidelines while implementing the Telework Enhancement Act of 2010.
Jack Lew, Office of Management and Budget director, sent a memo to agency leaders July 15 stating that agencies are responsible under the Federal Information Security Management Act of 2002 (FISMA) to “provide protection for information and information systems commensurate with risk.”
He said that agency CIOs must identify a technical manager to help carry out telework security requirements.
“If not properly implemented, telework may introduce new information security vulnerabilities into agency systems and networks,” Lew wrote.
Like home-work boundaries? Loosecubes to the rescue.
Agencies can ask teleworkers to work during hurricanes
He also said that agencies must continue to follow Office of Management and Budget policies, National Institute of Standards and Technology standards and guidelines, and the Homeland Security Department’s security reporting requirements.
At a minimum, Lew said agency policies must comply with FISMA requirements and deal with:
- Controlling access to agency information and information systems.
- Protecting agency information (including personally identifiable information) and information systems.
- Limiting introducing vulnerabilities.
- Protecting information systems not under the control of the agency that are used for teleworking.
- Safeguarding wireless and other telecommunications capabilities that are used for teleworking.
- Preventing inappropriate use of official time or resources that violates subpart G of the Standards of Ethical Conduct for Employees of the Executive Branch by viewing, downloading, or exchanging pornography, including child pornography.
In addition, Lew said telework provides federal employees the ability to continue working during inclement weather, emergencies or situations that might disrupt normal government operations.
“However, telework is only as effective as the technologies used to support it, which is why it is critical for agencies to take immediate action to ensure that their employees are properly equipped,” he wrote.
President Barack Obama signed the Telework Enhancement Act last December.
Alyah Khan is a staff writer covering IT policy.