The IT Law Wiki

OMB Memorandum M-06-16

32,081pages on
this wiki
Add New Page
Add New Page Talk0

Citation Edit

Office of Management and Budget, Protection of Sensitive Agency Information (OMB Memorandum M-06-16) (June 23, 2006) (full-text).

Overview Edit

This Memorandum addresses the protection of federal agency information that is either "accessed remotely or physically transported outside of the agency's secured, physical perimeter." Physical removal includes both removable media as well as media within mobile devices (i.e., laptop hard drive).

This memorandum recommends that four actions be taken by all agencies to protect sensitive agency data: (1) encrypt all data on mobile devices, (2) allow remote access only with 2 separate mechanisms of authentication, (3) use a 30-minute inactivity timeout function for remote access, and (4) log all computer data extracts from databases and ensure data are erased after 90 calendar days unless the data are still needed.

The memorandum also provides a checklist for protecting remote information for agencies to complete within 45 calendar days of the issuance of the memorandum.

Also on Fandom

Random Wiki