In a memorandum issued earlier this month, the Office of Management and Budget (OMB) directed federal agencies to ensure that adequate information security protections for teleworkers are in place as they implement the Telework Enhancement Act.
The law, enacted on Dec. 9 last year, requires federal agencies to implement telework programs and provide resources for their employees to take advantage of teleworking.
“If not properly implemented, telework may introduce new information security vulnerabilities into agency systems and networks”, the OMB said. It directed agencies to provide protection for information and information systems “commensurate with risk”, as required by the Federal Information Security Management Act (FISMA) requirements.
At a minimum, agencies must address the following information security measures: controlling access to agency information and information systems; protecting agency information (including personally identifiable information) and information systems; limiting the introduction of vulnerabilities; protecting information systems not under the control of the agency that are used for teleworking; safeguarding wireless and other telecommunications capabilities that are used for teleworking; and preventing inappropriate use of official time or resources.
The OMB also instructed each agency's chief information officer to identify a technical point of contact to the Department of Homeland Security to aid with the implementation of telework security requirements.