VA to restrict use of mobile storage devices
- By Jason Miller
- Mar 18, 2007
VA CIO Robert Howard is taking security a step further.
In the next month, the Veterans Affairs Department will let employees plug into its network only those mobile storage devices issued by the CIO's office.
Robert Howard, VA CIO, said that, while his office already mandated that these mobile devices, known as thumb drives, be encrypted, he is taking security a step further. He is requiring employees to apply and demonstrate a need for a thumb drive, and have their supervisor sign off on that need before the CIO's office will issue the thumb drive. Howard is going even farther by issuing only 1GB and 2GB thumb drives and not allowing anything larger onto the network unless he approves it.
'This effort is to drive down the use of thumb drives,' he said, and 'help us eliminate future problems by shutting down an easy way to take data out of the office.'
The mobile storage devices also must be certified under the National Institute of Standards and Technology's Federal Information Processing Standard 140-2, he added.
Besides controlling thumb drives, Howard aims by the end of fiscal 2007 to have a standard configuration for smart phones and personal digital assistants, eliminate unencrypted messages that travel on VA's network and reduce the number of virtual private networks. VA also is relying more on public-key infrastructure and Microsoft Corp.'s rights management system in its Outlook e-mail system to better secure e-mail and documents.
'We had issued 30,000 digital certificates in the fall and now we have issued 85,000 PKI certs,' Howard said. 'RMS is easier to use than PKI. We will continue to do both.'