4.2.13: Security
Ensure IT systems are secure Other Information:
All Federal agencies are required by law to ensure their IT systems are secure. DOI will consider all existing laws, regulations
and policies in regards to new approaches to open government to mitigate against the unintentional increase of risk without
due consideration of the impacts. Security aspects that should be considered while implementing an open government policy
include: 1. Ensure that new systems are certified and accredited and meet the regulations set forth by Federal Information
Security Management Act (FISMA) and National Institute of Standards and Technology (NIST) standards. 2. Any DOI-sponsored
application not hosted on a DOI-controlled server must be evaluated according to DOI Security Categorization instructions
to assess the ramifications of a potential security breach of that service. Non-DOI servers hosting DOI services may be required
to attain certification and authentication to verify that content is adequately protected. 3. bureaus should strive to host
all services and applications on ".gov" domains. 4. Applications must not allow the insertion of malicious code through attachments
of any kind. 5. Blog content submitted by individuals other than the blog author must be limited to text. Two-way blogs must
incorporate a character limit for comment forms to prevent text-dumping, and other security safeguards must be active to prevent
activities that might threaten Bureau IT resources. Blog commenters are not allowed to attach files of any kind to their comments.
Indicator(s):
|
