[EHPweb] Fwd: All Employee Email ( All -- Transmitting Sensitive Information over the Internet )

Wald Lisa lisa at usgs.gov
Mon Jul 14 17:11:26 GMT 2008 

Hmm... do we need to take any action with regard to ENS account  
initiations and/or other automatic sign-ups?

- Lisa
------




Begin forwarded message:

From: Karen Siderelis <Karen_Siderelis%Please_Do_Not_Reply_To_This_Email at usgs.gov 
 >
Date: July 10, 2008 12:19:52 PM MDT
To: Lotus Mail Postmaster <lpostmaster at usgs.gov>
Subject: All Employee Email ( All -- Transmitting Sensitive  
Information over the Internet )





In Reply Refer To:
Mail Stop 108
                                                              July 10,  
2008
                                MEMORANDUM


To:         All USGS Employees, Contractors, Emeritus and Volunteers

From:       Karen Siderelis /signed/
            Associate Director for Geospatial Information and Chief
            Information Officer

            Karen D. Baker /signed/
            Associate Director for Administrative Policy and Services

            Pam Malam /signed/
            Associate Director for Human Capital

Subject:    Transmitting Sensitive Information over the Internet


Purpose:  This memorandum provides information and guidance for the
protection of Personally Identifiable Information (PII) and agency
Sensitive Information as it relates to the boundary of the Department of
the Interior (DOI) Enterprise Services Network (ESN).

Background:  The DOI ESN is the network boundary between the Internet  
and
the internal network of all Bureaus of the Interior.  The DOI, Office of
the Chief information Officer (OCIO) has communicated to bureaus and
offices that, through network discovery and traffic monitoring,  
Personally
Identifiable and Sensitive Information (PII/SI) is being sent from the  
USGS
to external (Internet) addresses via email and other forms of popular
internet social communication (Instant Messaging (IM)).

As many of these forms of communication are sent in clear text format,  
any
party with available software tools has the ability to scan Internet
traffic (exiting the ESN) and therefore may have the ability to view  
this
information.  Through network monitoring of USGS traffic, DOI has  
reported
the following examples of information obtained by the DOI scanners:
- Social Security Numbers
- Credit Card Numbers
- Usernames / Passwords
- Personnel Security Information
- Law Enforcement Information

This week, DOI has also informed USGS management that every discovery of
sensitive information, exiting our network boundary, is required by the
Office of Management and Budget (OMB) to be classified as a Security
Incident requiring investigation and bureau action.

Required Action:  The Geospatial Information Office (GIO) in partnership
with the Office of Administration Policy and Services (APS) has released
several security and privacy memorandums related to safeguarding this
information.  Those memorandums can be accessed at the following  
website:
http://internal.usgs.gov/gio/security/policy.html.

Please review this site and make the appropriate changes as it relates  
to
protecting PII and Sensitive Information.  Of particular importance are
protection of social security numbers, credit card numbers, medical
information, financial information, and sensitive business information.
Information of this type must be protected regardless of whether it is
stored digitally (e.g. on a computer or USB drive) or on paper (e.g. an
OPF, contract, or credit card invoice).

All Employees, Contractors, Emeritus and Volunteers are reminded to  
avoid
the use of Social Security Numbers (SSN), Credit Card Numbers, Usernames
and Passwords  in e-mails or any other electronic transmissions.    
Sending
this information via email or IM outside of the DOI ESN is a violation  
of
Departmental and OMB policy.

Your attention and awareness to safeguarding Personally Identifiable
Information and Sensitive Information is paramount to ensuring that we
comply with these requirements and protecting your identity.  Your  
support
is greatly appreciated.  Questions regarding this memorandum can be
directed to Paul E. Exter (peexter at usgs.gov), 443-498-5534.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://geohazards.usgs.gov/pipermail/ehpweb/attachments/20080714/4ff24426/attachment.html

More information about the EHPweb mailing list