Policy Title
Procurement and Secure Use of Laptop Computers and Handheld
Computing Devices
Purpose
Laptop computers and handheld devices offer employees the
benefits of enhanced productivity and convenience, and are particularly suited
to the worklife of ITA’s mobile and travelling workforce. At the same time, the portability of these
devices increases the risk of loss or compromise of data and information. This document promulgates a new ITA policy
for mitigating this risk and improving the accountability of ITA staff for
these mobile assets.
Revision history
|
Version number
|
Version date
|
|
Version 1.0
|
March 23, 2007
|
Who is affected
This policy applies to all persons engaged in carrying out
the mission of ITA, including employees, contractors, foreign service
nationals, interns, and temporary staff at all ITA locations.
Policy Statement
All government-furnished mobile computing equipment must be
configured and secured so that the risk of inappropriate access to its stored
information is minimized.
The following four steps must precede the use of mobile
computing equipment:
- Selection
of mobile equipment devices is made from a list of standard specifications
developed, published, and maintained by ITA’s Chief Information Officer.
- Purchases
of mobile equipment devices follow U.S. government and ITA purchasing
policies, and are made in accordance with ITA operating unit purchasing
procedures.
- Configuration
and encryption of mobile computing equipment is coordinated with ITA’s
Chief Information Officer and performed according to OCIO standards.
- Asset
management of mobile computing equipment is coordinated by the ITA
operating unit Property Custodian,
and includes application of asset tags to the equipment, recording the
asset information in the official ITA inventory system, and correctly
processing all documentation related to eventual disposition or loss of
the equipment.
Definitions
The following definitions are provided to aid in the proper
interpretation of this policy:
- Government-furnished
equipment (GFE) – computing equipment procured using U.S. government
funding and subject to asset management controls.
- Mobile
computing equipment includes any computing device that can be made
portable and be used by an employee at multiple locations. Typical mobile computing equipment
includes laptop computers and handheld devices (such as
Blackberry devices).
- Encryption
– conversion of data into a form that cannot be easily understood by
unauthorized users. Encryption of
mobile computing devices is achieved with products that meet National Institute of Standards (NIST) standards.
Responsibilities
- Device
owner – follows all ITA policies related to mobile equipment devices
throughout the life cycle of the device in coordination with the Property Custodian.
- Supervisor
– ensures that the device owner complies with ITA policies regarding
mobile computing devices.
- ITA
Chief Information Officer – develops standards for mobile computing
devices based upon ITA operating unit needs and DOC and ITA information
technology policies, and configures and encrypts mobile computing devices.
- Purchaser
– arranges for the purchase of mobile computing devices in accordance with
ITA and Department of Commerce purchasing policies and guidelines.
- Property
Custodian – ensures that mobile computing devices are labeled with
proper asset management coding and ensures that devices are properly
recorded and tracked in ITA’s inventory management system. In addition,
serves as the central point of accountability in an ITA operating unit for
mobile computing devices, and provides guidance on proper procedures for
recording lost equipment.
- Property
Review Board – reviews compliance by ITA operating units with ITA
asset management policies, and determines penalties for failure to comply
with these policies.
Procedures
Specific implementation
guidelines for this policy will be established and disseminated by each ITA
operating unit.