Private Eye For Government
Even when working in a secure location, there is still a need to shield sensitive data at each workstation. Over the past few years, a wave of new federal security standards and increasingly sophisticated attacks have highlighted the need to protect sensitive and classified data at all times—while it is stored, transmitted, and viewed. Visual protection is essential when working in a trusted space with “need to know” information displayed on computer monitors. The ease of screen capture modern camera phone allow makes it imperative that federal agencies add security controls in order to reduce risk. Using a monitor with a privacy filter installed provides flexibility in positioning machines without exposing sensitive data.
Privacy Laws Government Agencies:
Payment Card Industry Data Security Standard (PCI DSS)
is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. At the core of the PCI DSS is a group of principals and accompanying requirements, organized around the below goals:
Goals |
PCI DSS Requirements |
Build and Maintain a Secure Network and Systems |
- 1. Install and maintain a firewall configuration to protect cardholder data.
- 2. Do not use vendor-supplied defaults for system passwords and other security parameters.
|
Protect Cardholder Data |
- 3. Protect stored cardholder data.
- 4. Encrypt transmission of cardholder data across open, public networks.
|
Maintain a Vulnerability Management Program |
- 5. Protect all systems against malware and regularly update anti-virus software or programs.
- 6. Develop and maintain secure systems and applications.
|
Implement Strong Access Control Measures |
- 7. Restrict access to cardholder data by business need-to-know.
- 8. Identify and authenticate access to system components.
- 9. Restrict physical access to cardholder data.
|
Regularly Monitor and Test Networks |
- 10. Track and monitor all access to network resources and cardholder data.
- 11. Regularly test security systems and processes.
|
Maintain an Information Security Policy |
- 12. Maintain a policy that addresses information security for all personnel.
|
References
Federal Information Security Management Act (FISMA) - http://csrc.nist.gov/groups/SMA/fisma/overview.html
National Institute of Standards & Technology (NIST) SP 800-53 - http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf
Payment Card Industry Data Security Standard (PCI DSS) - https://www.pcisecuritystandards.org/security_standards/index.php
State & Local Government Regulations
Sample Government Applications:
- When Handling Citizen’s Data
- National Security
- Military
- Classified Data
- IRS Tax Reviews