Federal: White House OMB
White House OMB and NIST requirements for PII data protection
In June of 2006, The White House Office of Management and Budget (OMB) issued a Data Security Directive that instructed all federal agencies to comply with specific data security guidelines issued by the National Institute of Standards and Technology (NIST) within a 45-day period. Compliance with NIST guidelines and the OMB directive requires more than network security and/or broad-based encryption. Agencies must proactively secure the data itself and respond quickly if a breach does occur.
Download OMB datasheet
Key facts and data security requirements you should know
- The guidelines detail four specific steps to safeguard Personally Identifiable Information (PII) at remote locations:
- STEP 1: Confirm identification of PII protection needs
- STEP 2: Verify adequacy of organizational policy
- STEP 3: Implement protections for PII being transported and/or stored offsite
- STEP 4: Implement protections for remote access to PII
- The OMB subsequently strengthened the directive requiring agencies to report all security incidents involving PII within one hour of discovering an incident.
Download the Whitepaper: Vontu Allows Federal Agencies to Demonstrate White House OMB and NIST Compliance
Proven data loss prevention for PII protected under OMB and NIST guidelines
| Vontu solutions help federal agency protect PII in line with OMB guidelines |
|---|
|
A large federal agency had numerous issues to address to demonstrate compliance with OMB Guidelines: Identifying and removing sensitive data that has resided on laptops for more than 90 days; ascertaining when sensitive data is exiting the network via HTTPS and where it is going; and cleaning up and preventing data spillage (the leak of sensitive data from a classified network to an unclassified network). Only Vontu solutions can provide the breadth and scale this agency needed to identify where PII and other sensitive data may reside; to monitor this data as it leaves the network; and prevent data spillage from occurring by selectively blocking Web communications that contain sensitive data from leaving the network, or by routing it to an encryption gateway for secure delivery and encryption policy enforcement. |
View official NIST federal government data security checklist
How Vontu solutions demonstrate compliance with the OMB Data Security Directive
Vontu's Federal Risk Assessment Program and Data Loss Prevention software enables federal agencies to address NIST guidelines and each security checklist requirement, and significantly reduce the risk of sensitive data loss. Advantages include:
- Federal Risk Assessment Program based on NIST data security standards to identify unsecured PII and measure level of risk on laptops; on open file shares and servers; and exiting the network via e-mail, instant messaging, or other Internet protocols
- Pre-defined OMB 6-16 and FIPS 199 policy template to detect information classified as sensitive according to the guidelines established in the FIPS Publication 199 from the NIST
- Discover and protect sensitive data exposed on file servers, databases, Microsoft SharePoint®, Lotus Notes®, Documentum®, LiveLink®, web servers, Microsoft Exchange®, and other data repositories
- Monitor and prevent sensitive data loss on the network including email, IM, Web, Secure Web (HTTP over SSL), FTP, P2P, and generic TCP
- Discover sensitive data stored on the endpoint, such as desktops and laptops, and prevent this data from being inappropriately used, sent out, or copied to storage devices such as USB drives, CD/DVDs, or iPods
- Automatically enforce data security policies with a centralized platform for detection accuracy, policy management and automated incident response, notification, workflow, and compliance reporting
- Pre-defined role-based reports and dashboards that allow users to respond to incidents, benchmark departments, and report on risk reduction and compliance
- Role-Based Access Control enables specific agencies and departments to review and remediate only those OMB/NIST incidents relevant to their role and privileges.
Related Resources
Vontu federal solutions
Vontu Data Loss Prevention customers are among the most security conscious federal agencies.
Three steps to protect confidential data on laptops
Learn how to avoid being part of the one-third of security breaches that occur due to laptop theft.
Five keys to protect government information
Do you know what information is being sent outside your department or agency? Learn what every government executive should know about protecting confidential data.