You are here

Frequently Asked Questions - Information Services - Removable Media

Yes, there is a waiver process that can be used to grant an exception on a case by case basis; however, precautions should be taken to avoid abuse of this process that can result in such devices being used for other purposes for the sake of convenience.

Yes, if they are/will be connected to state infrastructure and include the ability to receive and store state information in memory.

Distributed media should be recalled and collected within a reasonable timeframe after establishing a strategy to complete the transition to a controlled environment – the objective is to protect information from disclosure due to theft or loss, not to unacceptably delay or inhibit business processes.

The LANDesk software provides inventory and asset management of devices and is capable of registering and recognizing or rejecting unregistered devices, such as USB flash drives by serial number; Symantec's Endpoint Encryption installs a software encryption module on removable media, which encrypts and manages access to the device/media while in use. OSF is currently evaluating a product from Good Technology that provides mobile device management (including encryption) comparable to the Blackberry Enterprise Server (BES), for Smartphones and Tablets not provided by RIM/Blackberry.

OMES has tested and is in the process of implementing Symantec's Endpoint Encryption (version 8) with LANDesk (to prevent the use of unapproved USB devices) for software encryption.

Yes, to ensure that the encryption process is enforced, can be monitored and audited; if business requirements preclude or make this operationally or financially cost prohibitive, there is a waiver process that can be used to grant an exception on a case by case basis
The only other "hardware alternative" currently tested is the Dell laptop hardware encrypted disk drive(s); other forms of media encryption will need to be addressed through software.
See the Additional Guidance (#2. a. and b.) portion of the Removable Media Acceptable Use Procedures - Clarification and Guidance and the statewide Information Security Policy, Procedures and Guidelines, page 81 #1 and #3.