Office of Management and Budget Director Jack Lew recently sent a memo to agencies regarding security guidelines for implementation of telework.
Agencies are expected to implement security telework policies to best suit their unique needs. At a minimum, agency policies must comply with FISMA requirements and address the following:
- controlling access to agency information and information systems;
- protecting agency information (including personally identifiable information) and information systems;
- limiting the introduction of vulnerabilities;
- protecting information systems not under the control of the agency that are used for teleworking;
- safeguarding wireless and other telecommunications capabilities that are used for teleworking; and
- preventing inappropriate use of official time or resources that violates subpart G of the Standards of Ethical Conduct for Employees of the Executive Branch by viewing, downloading, or exchanging pornography, including child pornography.
Lew also added that agency chief information officers must identify a technical point of contact to DHS (FISMA.FNS@dhs.gov) to aid with the implementation of telework security requirements.