Written by the National Institute of Standards and Technology, the checklist provides specific actions to be taken by federal agencies for the protection of personally identifiable information of moderate or high impact that is either accessed remotely, or physically transported outside of the agency’s secured premises.
That includes information transported on removable media and on portable or mobile devices such as laptop computers and PDAs, according to M-06-16, available at www.omb.gov.
It said the checklist was developed from existing guidance with the expectation that information security is a mission requirement essential to achieving the operational benefits of IT without exposing the agency, its assets, or individuals to undue risk.
The controls and step-by-step assessment methods and procedures were taken from NIST special publication 800-53.
Generally straightforward, the process involves confirming that there is personal information that needs to be protected, identifying and reviewing organizational policy, revising it if necessary, and implementing protections. Following it to the letter could provide assurance to wary managers.
