New WH memo outlines telework security guidelines

Agencies must control access to information systems, memo states

A senior Obama administration official is reminding federal agencies that they must comply with security guidelines while implementing the Telework Enhancement Act of 2010.

Jack Lew, Office of Management and Budget director, sent a memo to agency leaders July 15 stating that agencies are responsible under the Federal Information Security Management Act of 2002 (FISMA) to “provide protection for information and information systems commensurate with risk.”

He said that agency CIOs must identify a technical manager to help carry out telework security requirements.

“If not properly implemented, telework may introduce new information security vulnerabilities into agency systems and networks,” Lew wrote. 


Related stories:

Like home-work boundaries? Loosecubes to the rescue.

Agencies can ask teleworkers to work during hurricanes


He also said that agencies must continue to follow Office of Management and Budget policies, National Institute of Standards and Technology standards and guidelines, and the Homeland Security Department’s security reporting requirements.

At a minimum, Lew said agency policies must comply with FISMA requirements and deal with:

  • Controlling access to agency information and information systems.
  • Protecting agency information (including personally identifiable information) and information systems.
  • Limiting introducing vulnerabilities.
  • Protecting information systems not under the control of the agency that are used for teleworking.
  • Safeguarding wireless and other telecommunications capabilities that are used for teleworking. 
  • Preventing inappropriate use of official time or resources that violates subpart G of the Standards of Ethical Conduct for Employees of the Executive Branch by viewing, downloading, or exchanging pornography, including child pornography.

In addition, Lew said telework provides federal employees the ability to continue working during inclement weather, emergencies or situations that might disrupt normal government operations.

“However, telework is only as effective as the technologies used to support it, which is why it is critical for agencies to take immediate action to ensure that their employees are properly equipped,” he wrote.

President Barack Obama signed the Telework Enhancement Act last December. 


 

About the Author

Alyah Khan is a staff writer covering IT policy.

Featured

  • Cybersecurity
    malware detection (Alexander Yakimov/Shutterstock.com)

    Microsoft targets copycat influence websites

    Microsoft went to court to take down websites it believes to be part of a foreign intelligence operation targeting conservative think tanks and the U.S. Senate.

  • Cybersecurity
    secure network

    FAA explores shifting its network to FISMA high

    The Federal Aviation Administration is exploring an upgrade to the information security categorization of IT systems as part of air traffic control modernization.

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.