Telework Exchange

A Public-Private Partnership Focused on Eliminating Telework Gridlock
Welcome, today is Saturday, February 4, 2012
The Telework Exchange Teleworker - September 2009



NIST Documents Its Official Telework Security Recommendations

Recognizing the potential risk that remote access work arrangements can present for Federal organizations, the National Institute of Standards and Technology (NIST) in June released a new set of guidelines to help agencies more effectively secure a variety of telework and remote access technologies.

NIST Special Publication 800-46, "Guide to Enterprise Telework and Remote Access Security," is intended to assist Federal agencies in mitigating the vulnerabilities and threats associated with enterprise technologies used for telework, including remote access services; telework client devices, such as laptops and storage devices; and remote access communications.

The publication recommends that agencies take a number of key steps, including the following:
  • Define within the telework security policy which forms of remote access the organization permits, which types of telework devices are permitted to use each form of remote access, what type of access each type of teleworker is granted, and how user account provisioning should be handled
  • Document the security aspects of telework and remote access solution design in the system security plan
  • Periodically reassess policies for telework devices (based on cost considerations and whether or not sensitive data is being used). Consider changing which types of client devices are permitted and what levels of access teleworkers using those devices may be granted
  • Regularly perform operational processes to maintain telework and remote access security, such as deploying updates, verifying clock synchronization, and detecting and documenting anomalies within the remote access infrastructure
  • Periodically perform assessments to confirm that the organization’s remote access policies, processes, and procedures are being followed properly
  • Put in place a policy that ensures that all telework client devices, remote access servers, and storage devices are scrubbed of all sensitive data
To download a copy of NIST Special Publication 800-46, visit http://csrc.nist.gov/publications/nistpubs/800-46-rev1/sp800-46r1.pdf.

September 2009 Articles

Telework Proponent Congressman Connolly Recognizes 2009 Tele-Vision Award Winners

Deploying the Safe Laptop

NIST Documents Its Official Telework Security Recommendations

Telework Adds Up for FinCEN

Home-Based Work Equals Career-Friendly Success for Military Spouses

Stepping Out of the Office:  Mobile Voice Systems Can Help

Telework How To’s:  The Benefits of a Telework Pilot Project

Telework News Update

Click here for a printable version of the September 2009 The Teleworker