In a Nov 30, 2010 Federal Computer Week story, it was announced that the White House has instructed federal agencies to immediately evaluate their security practices. The objective: to determine if they have adequate restrictions in place on employees’ access to classified data and their ability to copy classified documents onto mobile devices.
Jacob Lew, director of the Office of Management and Budget, in a memo dated Nov. 28 (http://www.whitehouse.gov/sites/default/files/omb/memoranda/2011/m11-06.pdf), wrote that the White House will also conduct its own security review of agencies that handle classified information.
According to the memo, OMB, the Information Security Oversight Office and the Office of the Director of National Intelligence “will stand up processes to evaluate, and to assist agencies in their review of security practices with respect to the protection of classified information.”
The memo also reminds federal executives that unauthorized disclosure of classified information is a violation of law and compromises national security. It also instructs each federal department or agency that handles classified information to establish a security assessment team composed of counterintelligence, security and information assurance experts. The teams will review the agencies’ implementation of procedures for protection of classified information.
The required reviews are to include assessments of system configurations to ensure that users do not have broader access than needed for their jobs, and whether there are appropriate restrictions in place on the use of classified networks and the removal of data from those networks for storage on a mobile device.
Is it “shutting the barn door after the horses have gotten out?” Of course. But that doesn’t mean it isn’t necessary or that things haven’t changed.
Our goal, from the very beginning, has been stopping leaks before they happen. We provide organizations with solutions that combine continuous monitoring technical controls with management and operational control monitoring to present a more complete picture of risk.
Our customers count on TalaTek for unparalleled IT Security & Risk Management based on NIST, ITIL and ISO27001. And our exceptional team is experienced in compliance solutions implementing NIST standards to meet FISMA, HIPAA, privacy standards and other regulations for our customers.
If the new review requirements seem overwhelming, we can help.
