The Bush Administration is giving federal civilian agencies just 45
days to comply with new recommendations for laptop encryption and
two-factor authentication.
The memo follows a wave of high profile data thefts and major security
breeches involving remote access or the theft of government laptop
computers containing sensitive personal information. The official memo (PDF)
from the executive office of the U.S. president stipulates that all
mobile devices containing sensitive information must have their data
encrypted. The recommendations also say that two-factor authentication
must be used for remote access, that remote access must time out after
30 minutes of inactivity, and that all data extracts must be logged.
The memo does not detail any specific technology recommendations beyond
this broad outline, presumably leaving agencies to decide on their own
specific implementations.
SecurityFocus