telework.gov

This page can be found on the web at the following url:
http://www.telework.gov/Policies_and_Procedures/Telework_Security/index.aspx

Skip top navigation

Skip side navigation

Skip Navigation

Security *

As in the main office, security measures should cover not only information systems and technology, but all aspects of the information systems used by the employee, including paper files, other media, storage devices, and telecommunications equipment (e.g., laptops, PDAs, and cell phones). Employees who telework from home need to keep government property and information safe, secure, and separated from their personal property and information.

Guidance
Manager Responsibilities
Teleworker Responsibilities

Telework Security Guidance

SP 800-46 Revision 1, "Guide to Enterprise Telework and Remote Access Security", has been published as final. SP 800-46 Revision 1 is intended to help organizations understand and mitigate the risks associated with the technologies they use for telework. The guide emphasizes the importance of securing sensitive information stored on telework devices and transmitted across external networks, and it also provides recommendations for selecting, implementing, and maintaining the necessary security controls. Draft SP 800-46 Revision 1 is a comprehensive update to the original SP 800-46, which was published in 2002.

Manager Security Responsibilities

Thoroughly review all telework agreements to ensure they are in compliance with agency information security policies.
Ensure employees receive agency information systems security training.
Work with employees to ensure they fully understand and have the technical expertise to comply with agency requirements.
Invest in technology and equipment that can support success.
Work with employees to develop secure systems for potentially sensitive documents and other materials.
Track removal and return of potentially sensitive materials, such as personnel records.
Enforce personal privacy requirements for records.

Teleworker Security Responsibilities

Participate in agency information systems security training.
Achieve sufficient technical proficiency to implement the required measures.
Provide a high level of security to any personal or private information accessed at the telework site or transported between locations.
Remain sensitive to individual rights to personal privacy.
Comply with agency policies and with any additional requirements spelled out in the telework agreement.

* Adapted from Telework Guide [861 KB]