Slashdot Mirror

← Back to Stories (view on slashdot.org)

White House Demands Encryption for Sensitive Data

Posted by ryuzaki0 on from the common-sense-after-the-fact dept.

An anonymous reader writes "Stung by a series of data losses or disclosures at federal agencies over the past month, the White House is requiring all agencies to follow new guidelines when allowing employees to carry sensitive data on laptops or access the information from afar, according to the Washington Post. From the article: 'To comply with the new policy, agencies will have to encrypt all data on laptop or handheld computers unless the data are classified as "non-sensitive" by an agency's deputy director. Agency employees also would need two-factor authentication -- a password plus a physical device such as a key card -- to reach a work database through a remote connection, which must be automatically severed after 30 minutes of inactivity. Finally, agencies would have to begin keeping detailed records of any information downloaded from databases that hold sensitive information, and verify that those records are deleted within 90 days unless their use is still required.'"

2 of 214 comments (clear)

  1. Re:Oh, lookie here by tonan · · Score: 5, Informative

    I don't know how other departments and agencies deal with their networks, but all P2P software is banned from our machines (Air Force), and all known P2P/BitTorrent ports are blocked through our firewall. All client computers are scanned for illegal software (which includes Google Earth and iTunes) on a regular basis, and the local Information Protection Office will let you know if you are in violation.

    The 3-foot rule is an old EMSEC (Emmissions Security) rule that seems a bit outdated. It's supposed to prevent signal emmissions of hard-wired machines from being interfered with or being collected by other devices. I know it sounds ridiculous, but the program is is old and outdated.

    Overall, that PDF slideshow is not a very good IA training tool. They probably don't even use that anymore, or it's only used by a small group of people. The link at the end of the document brings you to a course completion page that shows the date of the program as 2004. You guys might not be able to see the site if you are not on a .mil/.gov computer.

    IA training is mandatory for all users of DoD client machines, but the DoD networks have many other safeguards to protect information. As always, a security policy is only as strong as the people abiding by it, so IA training tries to lessen the risk of information leaking out due to poor information protection by the user.

  2. Re:Yes but what do you do about... by TubeSteak · · Score: 4, Informative

    No. It might have qualified as sedition, under the Alien and Sedition Acts of 1798 or the Sedition Act of 1918... ... But the first was overturned by the Supreme Court and the second was repealed by Congress.

    I find that most people who throw about the word "treason" don't actually comprehend what it encompasses, nor do they understand the historical & legal background.

    To commit treason someone has to overtly and willfully cooperate with an enemy, to overthrow the gov't. Anything else gets treated as espionage, since Sedition laws are nonexistant.

    You show me how leaks to American newspapers qualify as over and willfull cooperation with "the enemy" and we can talk treason, until then, please refrain from echoing the ignorant statements of others.

    --
    [Fuck Beta]
    o0t!