Government releases sensitive information checklist for agencies
In an effort to properly safeguard information assets while using information technology, the President’s Office of Management and Budget is asking all federal agencies to comply with a new checklist developed by The National Institute of Standards and Technology (NIST) for protection of remote information.
“The intent of implementing the checklist is to compensate for the lack of physical security controls when information is removed from, or accessed from outside the agency location,” Deputy Director for Management Clay Johnson says in a statement.
In addition to using the NIST checklist, Johnson recommends all departments and agencies take the following actions:
1. Encrypt all data on mobile computers/devices which carry agency data unless the data is determined to be non-sensitive, in writing;
2. Allow remote access only with two-factor authentication where one of the factors is provided by a device separate from the computer gaining access;
3. Use a “time-out” function for remote access and mobile devices requiring user re-authentication after 30 minutes inactivity; and
4. Log all computer-readable data extracts from databases holding sensitive information and verify each extract including sensitive data has been erased within 90 days or its use is still required.
For the NIST checklist, Click here (PDF format)