Mayor Vincent C. Gray

Search
DC.gov   OCTO

 

accordian interface begins

About OCTO

Data

Maps & Apps

Agency Support

OCTO Logo

Office of the Chief Technology Officer


Office Hours
Monday through Friday, 8:30 am - 5:30 pm

How to Reach Us
200 I Street, SE
5th Floor
Washington, DC 20003
octo@dc.gov

Phone: (202) 727-2277
Fax: (202) 727-6857
TTY: 711

FOIA Information
Agency Performance

Website: http://octo.dc.gov

DC Digital Inclusion 


Rob Mancini
Chief Technology Officer

Ask the Agency

 
Text Size: A A A Print-Friendly Version Print   Share Share  

Information Security Frequently Asked Questions 

OCTO has established policies, guidelines and procedures for the proper use and management of IT equipment and tools for the District of Columbia. Learn more about information security within the District government.


 

What is the District firewall policy and how does it apply to agencies connected to the DC Wide Area Network (DCWAN)?

Each agency must provide a business justification to OCTO District Information Security Program (DCISP) and the Change Control Board (CCB) as to the purpose of an internal firewall at the DCWAN connection. If approved, a Memorandum of Understanding (MOU) will be generated to document the following process: the DCISP will assist the agency in specifying the firewall, the agency will procure the firewall, and the DCISP and OCTO will assist the agency in installing the required device. The DCISP will manage the firewall in accordance with OCTO and DCISP firewall policies, standards, and procedures.

 

 

What is the OCTO standard for encryption (is it OK to use PGP technology)?

Encryption is a technical security mechanism that can be employed when transmitting data over an open communications network. OCTO is developing an encryption standard to specify appropriately secure algorithms and define acceptable uses for encryption. This standard will be in accordance with federal encryption standards such as the Advanced Encryption Standard (AES) and NIST document SP 800-21, Guideline for Implementing Cryptography in the Federal Government. OCTO is also developing a Public Key Infrastructure (PKI) to address agency needs for encryption, digital signature, and secure remote access. PGP has been regarded as the most widely recognized and used encryption software in the IT industry, however the use of PGP for new encryption applications is now a significant risk. Although PGP is retained and continues to be the encryption engine within some commercial product lines, many PGP products are being put into maintenance mode that results in limited technical support availability and the end of the product life cycle.

 

 

What is Public Key Infrastructure (PKI)?

Public Key Infrastructure is a framework that defines authentication, data and message integrity, and non-repudiation processes through the use of shared public keys.

 

 

Does agency management reserve the right to access data stored on individual desktops during employee absences?

Yes, under the conditions of procedures documented for that agency or office.

 

 

What are the names of security solutions packages for laptop users?

Laptop security starts with hardening the operating system, the use of New Technology File Sharing (NTFS), setting strong BIOS passwords, disabling the guest account, and enabling File System (EFS) to provide a strong level of security if the system is hacked or stolen. Commercially available laptop security includes physical security devices, tracking software, and stronger algorithms. Additionally, OCTO Information Security is available to assist in security product evaluations and selection.

 

 

Do CIOs have the ability to defeat enforced security controls?

Their ability to defeat security controls depends on administrative privilege.

 

 

Is it possible to get a list of the IT duties and responsibilities assigned to OCTO (e.g. Virtual Private Networks (VPN), Exchange, etc)?

Yes. Please visit the OCTO programs section.

 

 

Is a theft recovery software standard being considered for laptops (e.g. computrace)?

Not at this time, however District Information Security personnel are available to participate in evaluation of products agencies may be considering.

 

 

Will information security policy affect contractors who bring in their own PCs and software?

OCTO is currently evaluating contractual clauses that stipulate that contractors must comply with all applicable OCTO and DCISP policies and standards PRIOR to having access granted to DCWAN and agency IT resources.

 

 

What encryption is available for wireless devices (e.g. handhelds)?

Blackberry and GoodLink messages have encryption already applied to them when used with the Citywide Messaging system.