Are there specific policies that govern the technology required for telework?
Yes. The Executive Office of Technology Services and Security published Enterprise Security Policies and Standards for all Executive Branch employees on October 5, 2018.
Of particular note is the “Acceptable Use of Information Technology Policy” and its sections on the handling of confidential information, the secure transfer of information, information protection requirements, and remote access.
Can I use my personal device at home, or do I have to use a state-issued laptop/device?
Yes, if proper security features are enabled. Use of personal devices is currently allowed when accessing email and other web-based applications while working remotely; provided that:
-
Regularly updated antivirus/anti-malware software is installed and running on all devices
-
Provided that all devices are password protected
- Provided that users adhere to the guidelines and operating system requirements outlined in the question below with respect to accessing sensitive and confidential information with a personal device
Can I access Commonwealth information deemed sensitive or confidential with a personal device?
Yes, under certain conditions. To access Commonwealth information systems, services, or applications that contain information deemed sensitive or confidential by an agency or secretariat – or information intended for internal agency use only – employees, contractors, and vendors must use a Commonwealth-approved VPN client or Remote Desktop to access their respective systems, services, or applications.
-
Exception: Due to Microsoft’s recent expiration of support for Windows 7, any end-users utilizing personal/non-state-issued devices to access Commonwealth resources via VPN connections (or other forms of remote access) must upgrade such devices to Windows 10.
-
Exception: Personal/non-state-issued devices running Windows 7 will no longer be allowed to access Commonwealth resources February 29, 2020
Can I download or copy files to my personal device? Can I print at home?
Nothing explicitly prohibits users from downloading/copying files directly to – or printing from – their personal devices; however, employees should follow their agency’s policies with respect to downloading/copying/printing confidential information or any information intended for internal agency use only.
Additionally, agencies are required to ensure that employees who handle confidential information or information intended for agency use only are properly trained on the handling of that information.
Can I use flash/external drives to transport files between my personal and state-issued devices?
While not encouraged, the use of thumb drives/external drives to copy, save, transport files is not explicitly prohibited. It is the responsibility of the individual user, as well as their organization, to protect the data from loss, theft, or misuse – and to ensure that all portable devices are (at a minimum) protected by password and encryption controls.
Will these policies change with the roll out of the Microsoft Modern Workplace Initiative?
EOTSS reviews these policies and standards on a regular basis. It is likely that they will continue to change as the technology available to Executive Branch employees evolves.
Except for certain business needs, the future standard set up for all Executive Branch employees will be a laptop, monitor, and docking station. Additionally, Office 365, OneDrive, and collaboration tools like Teams will replace the need for personal devices, as well as most VPN access and external drives