Security *

As in the main office, security measures should cover not only information systems and technology, but all aspects of the information systems used by the employee, including paper files, other media, storage devices, and telecommunications equipment (e.g., laptops, PDAs, and cell phones). Employees who telework from home need to keep government property and information safe, secure, and separated from their personal property and information.

• Guidance
• Manager Responsibilities
• Teleworker Responsibilities

Telework Security Guidance

In Special Publication 800-46, "Security for Telecommuting and Broadband Communications ," NIST helps Federal agencies address security issues by providing recommendations on securing a variety of applications, protocols, and networking architectures to be used by teleworkers. NIST recommendations encompass the following five security principles:

• All home networks connected to the Internet via a broadband connection should have some firewall device installed.
• Web browsers should be configured to limit vulnerability to intrusion.
• Operating system configuration options should be selected to increase security.
• Selection of wireless and other home networking technologies should be in accordance with security goals.
• Federal agencies should provide teleworking users with guidance on selecting appropriate technologies, software, and tools consistent with the agency network and with agency security policies.

Manager Security Responsibilities

• Thoroughly review all telework agreements to ensure they are in compliance with agency information security policies.
• Ensure employees receive agency information systems security training.
• Work with employees to ensure they fully understand and have the technical expertise to comply with agency requirements.
• Invest in technology and equipment that can support success.
• Work with employees to develop secure systems for potentially sensitive documents and other materials.
• Track removal and return of potentially sensitive materials, such as personnel records.
• Enforce personal privacy requirements for records.

Teleworker Security Responsibilities

• Participate in agency information systems security training.
• Achieve sufficient technical proficiency to implement the required measures.
• Provide a high level of security to any personal or private information accessed at the telework site or transported between locations.
• Remain sensitive to individual rights to personal privacy.
• Comply with agency policies and with any additional requirements spelled out in the telework agreement.

* Adapted from A Guide to Telework in the Federal Government [103 KB]