With federal agencies ramping up telework opportunities for employees it only follows that new security standards will need to be instituted. Seven months following the White House’s Telework Enhancement Act of 2010 was signed into law the Office of Management has issued security guidelines for agencies across government to follow in opening up telework opportunities.
The memorandum notes that while telework offers numerous benefits to the federal government, including saving money, improving job satisfaction and ensuring continuity of government when federal offices may be closed, it also noted the serious security risks imposed.
“[T]elework is only as effective as the technologies used to support it, which is why it is critical for agencies to take immediate action to ensure that their employees are properly equipped,” the memo stated.
Resources, best practices and guidance for “management, implementation and monitoring” have been established, and annual reviews will assess the success, and security, of federal telework programs. Agencies taking advantage of telework must still adhere to OMB security policies, including the Federal Information Management Act (FISMA) of 2002. Six specific FISMA requirements were singled out in the OMB policy as being absolute requirements. They focused on the protection of agency information, personally identifiable information, safeguarding systems and limiting exposure to vulnerabilities.
The Telework Enhancement Act required agencies to establish telework policies, but did not require agencies to allow workers to telecommute. As government agencies and defense contractors continue to be victims of spear phishing and data mining campaigns, security across government systems, and clearer policies concerning employee use and access, can be expected.