CRU-X: Issues with Your Information

Back to CRU-X Home

---

TITLE 5--ADMINISTRATIVE PERSONNEL CHAPTER I--OFFICE OF PERSONNEL MANAGEMENT PART 293--PERSONNEL RECORDS--Table of Contents Subpart A--Basic Policies on Maintenance of Personnel Records Sec. 293.107 Special safeguards for automated records. (a) In addition to following the security requirements of Sec. 293.106 of this part, managers of automated personnel records shall establish administrative, technical, physical, and security safeguards for data about individuals in automated records, including input and output documents, reports, punched cards, magnetic tapes, disks, and on-line computer storage. The safeguards must be in writing to comply with the standards on automated data processing physical security issued by the National Bureau of Standards, U.S. Department of Commerce, and, as a minimum, must be sufficient to:   (1) Prevent careless, accidental, or unintentional disclosure, modification, or destruction of identifiable personal data; (2) Minimize the risk that skilled technicians or knowledgeable persons could improperly obtain access to, modify, or destroy identifiable personnel data; (3) Prevent casual entry by unskilled persons who have no official reason for access to such data; (4) Minimize the risk of an unauthorized disclosure where use is made of identifiable personal data in testing of computer programs; (5) Control the flow of data into, through, and from agency computer operations; (6) Adequately protect identifiable data from environmental hazards and unneccessary exposure; and (7) Assure adequate internal audit procedures to comply with these procedures. (b) The disposal of identifiable personal data in automated files is to be accomplished in such a manner as to make the data unobtainable to unauthorized personnel. Unneeded personal data stored on reusable media such as magnetic tapes and disks must be erased prior to release of the media for reuse.

OTHER GOVERNMENT PUBLICATIONS

From the DOT Inspector General: IG Report on Labor Distribution Reporting (LDR), October 30, 2001 IG Report on DOT Information Security, September 7, 2001 IG Annual Accounting Audit of FAA, January 10, 2002

From the General Accounting Office: GAO Testimony on Government Computer Security, November 9, 2001

From the Subcomittee on Government Efficiency, Financial Management and Intergovernmental Relations: House Subcommittee Report Card on Agency Computer Security, November 9, 2001

From the White House: White House Executive Order on the Protection of Information Systems