OMB Tells Agencies to Beef Up Telework Security

Each Agency to Name Technical Contact to Help Implement Law
OMB Tells Agencies to Beef Up Telework Security
A White House memo issued this past week instructs federal government agency heads to establish information security guidelines for telework.

"If not properly implemented, telework may introduce new information security vulnerabilities into agency systems and networks," Office and Management and Budget Director Jacob Lew said in a memo dated July 15.

President Obama last December signed the Telework Enhancement Act to encourage telework across the federal government (see Telework Law Next Step: Securing IT). As part of the program, each agency must ensure it employs adequate security protections for information and information systems while workers telework.

Chief information officers from each agency must identify a technical point of contact to aid with implementing telework security requirements. This individual will serve as a technical manager and must have operational and technical expertise to implement the act within the agency.

Under the new law, agencies must comply with the Federal Information Security Management Act and continue to follow OMB policies, National Institute of Standards and Technology guidelines and Department of Homeland Security security reporting requirements. Lew pointed out that NIST has issued standards and guidelines to assist with the protection of remote devices.

At a minimum, Lew said, agencies must:

  • Control access to agency information and information systems;
  • Protect agency information - including personally identifiable information - and information systems;
  • Limit the introduction of vulnerabilities;
  • Protect information systems not under the control of the agency that are used for teleworking;
  • Safeguard wireless and other telecommunications capabilities that are used for teleworking; and
  • Prevent inappropriate use of official time or resources that violates the Standards of Ethical Conduct for Employees of the Executive Branch by viewing, downloading or exchanging pornography, including child pornography.

"Telework is only as effective as the technologies used to support it, which is why it is critical for agencies to take immediate action to ensure that their employees are properly equipped," Lew said.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.