[EHPweb] Fwd: All Employee Email ( All -- Transmitting Sensitive Information over the Internet )

Eric Martinez emartinez at usgs.gov
Mon Jul 14 18:56:57 GMT 2008 

ENS has been moved to SSL, so all traffic is encrypted end-to-end.  In  
my opinion this does not effect us.  The only issue I could possibly  
see is that the recipient email address (on an ENS message) is sent in  
clear-text.  I don't think that is a real issue.

Thanks,
	~Eric.

On Jul 14, 2008, at 11:11 AM, Wald Lisa wrote:

> Hmm... do we need to take any action with regard to ENS account  
> initiations and/or other automatic sign-ups?
>
> - Lisa
> ------
>
>
>
>
> Begin forwarded message:
>
> From: Karen Siderelis <Karen_Siderelis%Please_Do_Not_Reply_To_This_Email at usgs.gov 
> >
> Date: July 10, 2008 12:19:52 PM MDT
> To: Lotus Mail Postmaster <lpostmaster at usgs.gov>
> Subject: All Employee Email ( All -- Transmitting Sensitive  
> Information over the Internet )
>
>
>
>
>
> In Reply Refer To:
> Mail Stop 108
>                                                              July  
> 10, 2008
>                                MEMORANDUM
>
>
> To:         All USGS Employees, Contractors, Emeritus and Volunteers
>
> From:       Karen Siderelis /signed/
>            Associate Director for Geospatial Information and Chief
>            Information Officer
>
>            Karen D. Baker /signed/
>            Associate Director for Administrative Policy and Services
>
>            Pam Malam /signed/
>            Associate Director for Human Capital
>
> Subject:    Transmitting Sensitive Information over the Internet
>
>
> Purpose:  This memorandum provides information and guidance for the
> protection of Personally Identifiable Information (PII) and agency
> Sensitive Information as it relates to the boundary of the  
> Department of
> the Interior (DOI) Enterprise Services Network (ESN).
>
> Background:  The DOI ESN is the network boundary between the  
> Internet and
> the internal network of all Bureaus of the Interior.  The DOI,  
> Office of
> the Chief information Officer (OCIO) has communicated to bureaus and
> offices that, through network discovery and traffic monitoring,  
> Personally
> Identifiable and Sensitive Information (PII/SI) is being sent from  
> the USGS
> to external (Internet) addresses via email and other forms of popular
> internet social communication (Instant Messaging (IM)).
>
> As many of these forms of communication are sent in clear text  
> format, any
> party with available software tools has the ability to scan Internet
> traffic (exiting the ESN) and therefore may have the ability to view  
> this
> information.  Through network monitoring of USGS traffic, DOI has  
> reported
> the following examples of information obtained by the DOI scanners:
> - Social Security Numbers
> - Credit Card Numbers
> - Usernames / Passwords
> - Personnel Security Information
> - Law Enforcement Information
>
> This week, DOI has also informed USGS management that every  
> discovery of
> sensitive information, exiting our network boundary, is required by  
> the
> Office of Management and Budget (OMB) to be classified as a Security
> Incident requiring investigation and bureau action.
>
> Required Action:  The Geospatial Information Office (GIO) in  
> partnership
> with the Office of Administration Policy and Services (APS) has  
> released
> several security and privacy memorandums related to safeguarding this
> information.  Those memorandums can be accessed at the following  
> website:
> http://internal.usgs.gov/gio/security/policy.html.
>
> Please review this site and make the appropriate changes as it  
> relates to
> protecting PII and Sensitive Information.  Of particular importance  
> are
> protection of social security numbers, credit card numbers, medical
> information, financial information, and sensitive business  
> information.
> Information of this type must be protected regardless of whether it is
> stored digitally (e.g. on a computer or USB drive) or on paper (e.g.  
> an
> OPF, contract, or credit card invoice).
>
> All Employees, Contractors, Emeritus and Volunteers are reminded to  
> avoid
> the use of Social Security Numbers (SSN), Credit Card Numbers,  
> Usernames
> and Passwords  in e-mails or any other electronic transmissions.    
> Sending
> this information via email or IM outside of the DOI ESN is a  
> violation of
> Departmental and OMB policy.
>
> Your attention and awareness to safeguarding Personally Identifiable
> Information and Sensitive Information is paramount to ensuring that we
> comply with these requirements and protecting your identity.  Your  
> support
> is greatly appreciated.  Questions regarding this memorandum can be
> directed to Paul E. Exter (peexter at usgs.gov), 443-498-5534.
>
>
> _______________________________________________
> EHPweb mailing list
> EHPweb at geohazards.usgs.gov
> https://geohazards.usgs.gov/mailman/listinfo/ehpweb

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://geohazards.usgs.gov/pipermail/ehpweb/attachments/20080714/9500e302/attachment.html

More information about the EHPweb mailing list