According to the Washtington Post (OMB Sets Guidelines for Federal Employee Laptop Security), the White House Office of Management and Budget has sent a memorandum to all heads of civilian agencies setting additional requirements for the safeguarding of personally identifiable information. The memo requires, among other things, that government departments:
1. Encrypt all data on mobile computers/devices which carry agency data unless the data is determined to be non-sensitive, in writing, by your Deputy Secretary or an individual he/she may designate in writing;
2. Allow remote access only with two-factor authentication where one of the factors is provided by a device separate from the computer gaining access;
3. Use a “time-out” function for remote access and mobile devices requiring user re-authentication after 30 minutes inactivity; and
4. Log all computer-readable data extracts from databases holding sensitive information and verify each extract including sensitive data has been erased within 90 days or its use is still required.