An administration memo instructs agencies to satisfy certain requirements as they develop their telework cybersecurity policies.
Office of Management and Budget Director Jacob Lew issued the memo to agencies on July 15. It outlined the minimum security guidelines for telework under the Telework Enhancement Act of 2010.
The memo stated that agencies must address the following issues:
Protection and control of access to agency information as well as information systems and protection of other information systems that teleworkers use
Safeguarding the wireless and other telecommunications capabilities used for telework
Limiting the introduction of vulnerabilities
Preventing employees from accessing pornography
The memo further instructed agencies to follow security guidelines set out by OMB, the National Institute of Standards and Technology (NIST) and the Department of Homeland Security. It says agencies should work with DHS to implement cybersecurity requirements based on NIST standards.
Lew’s memo states telework programs can enable employees to work more efficiently outside the office while saving the government money on real estate and operating costs. But, Lew wrote, “if not properly implemented, telework may introduce new information security vulnerabilities into agency systems and networks.”
The Telework Enhancement Act of 2010 requires agencies to establish telework policies, determine which employees are eligible to work outside the office and notify those employees. However, agencies do not have to allow all workers to telecommute.