Government releases sensitive information checklist for agencies
Jul 13, 2006 3:17 PM
In an effort to properly safeguard information assets while using information technology, the President's Office of Management and Budget is asking all federal agencies to comply with a new checklist developed by The National Institute of Standards and Technology (NIST) for protection of remote information.
"The intent of implementing the checklist is to compensate for the lack of physical security controls when information is removed from, or accessed from outside the agency location," Deputy Director for Management Clay Johnson says in a statement.
In addition to using the NIST checklist, Johnson recommends all departments and agencies take the following actions:
1. Encrypt all data on mobile computers/devices which carry agency data unless the data is determined to be non-sensitive, in writing;
2. Allow remote access only with two-factor authentication where one of the factors is provided by a device separate from the computer gaining access;
3. Use a "time-out" function for remote access and mobile devices requiring user re-authentication after 30 minutes inactivity; and
4. Log all computer-readable data extracts from databases holding sensitive information and verify each extract including sensitive data has been erased within 90 days or its use is still required.
For the NIST checklist, Click here (PDF format)
Want to use this article? Click here for options!
© 2010 Penton Media Inc.
Story Missing Your Link?
Is the above story missing a link? Is it missing a link to your company, or your website? If this is the case please e-mail us and we'll add the link as soon as possible. Thank you!
advertisement
