Federal: White House OMB
White House OMB and NIST requirements for PII data protection
In June of 2006, The White House Office of Management and Budget (OMB) issued a Data Security Directive that instructed all federal agencies to comply with specific data security guidelines issued by the National Institute of Standards and Technology (NIST) within a 45-day period. Compliance with NIST guidelines and the OMB directive requires more than network security and/or broad-based encryption. Agencies must proactively secure the data itself and respond quickly if a breach does occur.
Download OMB datasheet
Key facts and data security requirements you should know
- The guidelines detail four specific steps to safeguard Personally Identifiable Information (PII) at remote locations:
- STEP 1: Confirm identification of PII protection needs
- STEP 2: Verify adequacy of organizational policy
- STEP 3: Implement protections for PII being transported and/or stored offsite
- STEP 4: Implement protections for remote access to PII
- In July, the OMB strengthened the directive requiring agencies to report all security incidents involving PII within one hour of discovering an incident.
Download the Whitepaper: Vontu Allows Federal Agencies to Demonstrate White House OMB and NIST Compliance
Proven data loss prevention for PII protected under OMB and NIST guidelines
| Vontu helps federal agency protect PII in line with OMB guidelines |
|---|
|
A large federal agency had numerous issues to address to demonstrate compliance with OMB Guidelines: Identifying and removing sensitive data that has resided on laptops for more than 90 days; ascertaining when sensitive data is exiting the network via HTTPS and where it is going; and cleaning up and preventing data spillage (the leak of sensitive data from a classified network to an unclassified network). Only Vontu Discover, Vontu Network Monitor, and Vontu Network Prevent can provide the breadth and scale this agency needed to identify where PII and other sensitive data may reside; to Monitor this data as it leaves the network; and Prevent data spillage from occurring by selectively blocking Web communications that contain sensitive data from leaving the network, or by routing it to an encryption gateway for secure delivery and encryption policy enforcement. |
View official NIST federal government data security checklist
How Vontu demonstrates compliance with the OMB Data Security Directive
Vontu's Federal Risk Assessment Program and Data Loss Prevention software enables federal agencies to address NIST guidelines and each security checklist requirement, and significantly reduce the risk of sensitive data loss. Advantages include:
- Federal Risk Assessment Program based on NIST data security standards to identify unsecured PII and measure level of risk on laptops; on open file shares and servers; and exiting the network via e-mail, instant messaging, or other Internet protocols
- Pre-defined OMB 6-16 and FIPS 199 policy template to detect information classified as sensitive according to the guidelines established in the FIPS Publication 199 from the NIST
- Discover exposed PII data at rest on laptops, desktops, shared file servers, and web servers, and Protect it through automatic policy enforcement by quarantining the file or moving it to an encrypted file share
- Monitor sensitive PII data in motion across all network protocols such as e-mail, web and secure web, and file transfers, and automatically enforce policies to Prevent sensitive data loss by tagging e-mails and routing to an encryption gateway
- Gain real-time control and visibility into PII data copied to the endpoint, including local drives and USB drives and other removable media, regardless of whether the employee is on or off the network
- Automated policy enforcement that calculates incident severity and enforces policies according to three levels - remediate, notify, and prevent
- Pre-defined role-based reports and dashboards that allow users to respond to incidents, benchmark departments, and report on risk reduction and compliance
- Role-Based Access Control enables specific agencies and departments to review and remediate only those OMB/NIST incidents relevant to their role and privileges
Related Resources
Vontu federal solutions
Vontu Data Loss Prevention customers are among the most security conscious federal agencies.
Three steps to protect confidential data on laptops
Learn how to avoid being part of the one-third of security breaches that occur due to laptop theft.
Five keys to protect government information
Do you know what information is being sent outside your department or agency? Learn what every government executive should know about protecting confidential data.