The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Govt Outlines Federal Agency Telework Policies

by Chris Brook on Thursday April 9, 2020

Contact Us
Free Demo
Chat

The federal government on Wednesday released guidance designed to inform agencies how to best support secure teleworking.

With much of the nation - and world for that matter - working from home for the foreseeable future, companies have had to adapt with the changing times.

Now, roughly a month into the pandemic, the Department of Homeland Security has issued security guidance to help federal agencies with newly remote employees better protect their networks and cloud environments.

The Cybersecurity and Infrastructure Security Agency (CISA) - the federal agency that helps state and local officials oversee cybersecurity strategy – this week released its TIC (Trusted Internet Connections) 3.0 Interim Telework Guidance. The 23-page document digs into how agencies can leverage security capabilities to support secure teleworking.

CISA says the guidance is technically short form - hence the inclusion of interim in the title - and that it is only for 2020 but that it will take bits and pieces of the guidance and feed it into TIC 3.0 Remote User Use Case.

Specifically, the document outlines several patterns teleworkers can follow when interacting with an agency-approved cloud service provider, see below:


It also contains guidance around what it calls universal security capabilities, basically principles like how workers should handle incident response, backup and recovery, authentication, and so on.

Data protection, as you might imagine, is a crucial way to ensure the confidentiality, integrity, and availability of data accessed by federal teleworkers.

“The surge in telework requires agencies to have processes and tools in place to protect agency data, prevent data exfiltration, and ensure the privacy and integrity of data, considering that data may be accessed from devices beyond the protections and perhaps administration of agencies,” the DHS document reads, “Data protection capabilities must be considered and may be adapted for data stored and accessed at sanctioned agency cloud services, on agency-owned devices, as well as on remote devices that are not owned by an agency.”

Access control, protecting data in transit, at rest, data access and use telemetry, and data loss prevention all factor into this.

The guidance still recommends agencies do their due diligence when it comes to evaluating whatever service they choose, however.

“To the extent practical, agencies should assess risks associated with broadening the use of cloud and collaboration services to ensure that due care as well as due diligence is applied to these changes in their respective information technology (IT) and user environments,” the document reads.

While it may seem like a fairly recent intiative, breaking down how remote federal employees connect to an agency's network and cloud was part of what the Trusted Internet Connections initiative said it would look into last fall. Further guidance from the group can be found on its page at the CISA website here.

Tags: Government

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.