In an effort to prevent Americans’ sensitive personal information from falling into the wrong hands, Senator Susan Collins, Ranking Member of the Senate Homeland Security Committee, and Senator Norm Coleman (R-MN) today sent a letter to all 24 federal agencies requesting a timeline of when they will meet the recommendations put in place by the Office of Management and Budget (OMB) for increased cyber-security.

Following the Department of Veterans’ Affairs breach last year that put millions of veteran’s personal information at risk, OMB directed federal agencies to implement five security protocols. Collins and Coleman, Ranking Member of the Permanent Subcommittee on Investigations, requested the Government Accountability Office (GAO) to conduct a government-wide review of current cyber-security policies and practices. GAO’s report today revealed that most of the agencies examined have not employed all of OMB’s recommendations.

“The federal government collects and stores large amounts of personal information that is a tempting target for identity thieves,” said Collins. “Agencies cannot act quickly enough to implement policies to help protect and secure this sensitive data.”

Specifically, the OMB directed the agencies to carry out the following cyber-security protocols:

• encrypt all data on mobile computers/devices that carry agency data;
• allow remote access only with two-factor authentication, where one factor is provided by a device separate from the computer gaining access;
• use a “time-out” function for remote access and mobile devices requiring user re-authentication after 30 minutes of inactivity;
• log all computer-readable data extracts from databases holding sensitive information and verify that each extract including sensitive data has been erased within 90 days; and
• use a NIST security checklist, included in the memo, that provides specific actions to be taken by agencies to protect private identifiable information that is either accessed remotely or physically transported outside an agency’s secured physical perimeter.