Les Jones

Tech > New Federal Guidelines on Laptop Security

Washington Post:

The Bush administration is giving federal civilian agencies 45 days to implement new measures to protect the security of personal information that agencies hold on millions of employees and citizens.

The new security guidelines, issued Friday by the White House Office of Management and Budget, cap a month marked by data thefts or disclosures at five different agencies that compromised Social Security numbers and other private data on millions of people.

To comply with the new policy, agencies will have to encrypt all data on laptop or handheld computers unless the data are classified as "non-sensitive" by an agency's deputy director. Agency employees also would need two-factor authentication -- a password plus a physical device such as a key card -- to reach a work database through a remote connection, which must be automatically severed after 30 minutes of inactivity.

The article goes on to quote several people who question how effective the order - which has no funding attached because it occurs inside the budget cycle - will be in the short term.