Commerce.gov is getting a facelift soon. See the new design.

Syndicate content

DOC Operating Status for January 27, 2015

Categories:

This message applies to Tuesday, January 27, 2015.

In accordance with the Office of Personnel Management’s Operating Status, Department of Commerce offices in the Washington, DC area are OPEN under 2 hours DELAYED ARRIVAL and employees have the OPTION FOR UNSCHEDULED LEAVE OR UNSCHEDULED TELEWORK. Employees should plan to arrive for work no more than 2 hours later than they would be expected to arrive.

Non-Emergency Employees who report to the office will be granted excused absence (administrative leave) for up to 2 hours past their expected arrival time. In accordance with their bureau/operating unit’s policies and procedures, subject to any applicable collective bargaining requirements (as consistent with law), non-emergency employees may notify their supervisor of their intent to use:

  1. earned annual leave, compensatory time off, credit hours, or sick leave, as appropriate;
  2. leave without pay;
  3. their alternative work schedule (AWS) day off or rearrange their work hours under flexible work schedules; or
  4. unscheduled telework (if telework-ready).

(Employees who request unscheduled leave will be charged leave for the entire workday.)

Telework-Ready Employees who are regularly scheduled to perform telework or who notify their supervisor of their intention to perform unscheduled telework must be prepared to telework for the entire workday, or take unscheduled leave, or a combination of both, for the entire workday in accordance with their bureau/operating unit’s agency's policies and procedures, subject to any applicable collective bargaining requirements (as consistent with law).

Pre-approved Leave. Employees on pre-approved leave for the entire workday or employees who requested unscheduled leave for the entire workday will be charged leave for the entire day.

Emergency Employees are expected to report to their worksite on time unless otherwise directed by their agencies.

More information and details on Operating Status can be viewed online at http://www.opm.gov/policy-data-oversight/snow-dismissal-procedures/current-status/,

Personnel may also contact the DOC Status Line at 202-482-7400 for recorded updates regarding changes in the Department of Commerce’s operating status.

U.S. Secretary of Commerce Penny Pritzker Joins President Obama in Calls for More Trade and Investment with India

U.S. Secretary of Commerce Penny Pritzker Joins President Obama in Calls for More Trade and Investment with India

As part of President Obama’s official delegation to India, U.S. Secretary of Commerce Penny Pritzker joined the President and Prime Minister of India Narendra Modi at the U.S.-India Business Summit where they addressed a large group from both the U.S. and Indian private sectors on ways to expand market access and increase opportunities for U.S. firms through improvements in India’s business climate. Secretary Pritzker specifically addressed how Commerce can play a role in helping U.S. companies gain access to the Indian market and announced the expansion of the U.S.-India Strategic Dialogue to now become the U.S.-India Strategic and Commercial Dialogue. Along with Secretary of State John Kerry, Pritzker will lead this new diplomatic effort with the Indian government designed to promote more trade and investment between the two countries. 

Today at the U.S.-India Business Summit, President Obama, Prime Minister Modi, and Secretary Pritzker spoke with more than 40 CEOs and officials during a roundtable meeting. They discussed the business and investment climate in India and ways to increase commercial and economic cooperation. During the roundtable, President Obama touted burgeoning U.S. exports to India and said the two countries are moving in the right direction, while calling for even more trade and investment. Obama also stressed the factthat U.S. companies want consistency and clarity in the regulatory and tax environment in India. Prime Minister Modi and President Obama expressed confidence that continued bilateral collaboration will increase opportunities for investment, improve bilateral trade and investment ties and lead to the creation of jobs and prosperity in both economies. Secretary Pritzker joined both the President and Prime Minister in discussing ways in which U.S. companies could improve India’s infrastructure. 

Recognizing the important role that both countries play in promoting peace and security in the Asia-Pacific Region, President Obama and Minister Modi announced a India-U.S. Delhi Declaration of Friendship. The declaration specifically calls on India’s Minister of Trade and Commerce and the U.S. Secretary of Commerce to work together towards strengthening commercial and economic ties to advance mutual prosperity, regional economic growth and stability. 

Earlier in the day, Secretary Pritzker joined the President and Prime Minister at India’sannual Republic Day Parade and in a wreath laying ceremony in memory of unknown soldiers. Following the day’s business summit and dialogue, Secretary Pritzker hosted a private reception with U.S. and Indian business leaders and discussed next steps for improving U.S. access to the Indian market.  

In July 2014, Secretary Pritzker participated in the U.S.-India Strategic Dialogue, along with Secretary of State John Kerry, the first U.S. Cabinet-level visit to India since Prime Minister Modi’s election. There, she led discussions on helping strengthen economic ties between the two nations. 

New Technologies Bring New Opportunities and New Risks: Vetting Mobile Apps

New Technologies Bring New Opportunities and New Risks: Vetting Mobile Apps

By Tom Karygiannis, Computer Security Researcher at the National Institute of Standards and Technology

Understanding what mobile apps do and how they have been implemented is the first step toward understanding their security and privacy impact on an agency’s data and IT infrastructure.

Just as consumers are enjoying productivity gains from the use of smart phones and the myriad of mobile apps available today, so are government employees enjoying the convenience of being able to use apps to check weather, increase office productivity, update social media and more while on the go and outside the confines of their office. These technologies introduce new capabilities and even new ways of conducting business, but they also may introduce new risks that must be carefully assessed by security and privacy professionals.

Today NIST published guidance to help government agencies perform security and privacy assessments on mobile apps. Special Publication 800-163 - Vetting the Security of Mobile Applications, while intended for a government audience, can also benefit private industry app developers and enterprise security professionals.

The document is designed to help organizations understand the process for vetting the security of mobile applications, plan for the implementation of an app vetting process, develop app security requirements, understand the types of app vulnerabilities and the testing methods used to detect them, and determine if an app is acceptable for deployment on the organization's mobile devices.

The guidelines describe vulnerabilities and poor programming practices for both Android and iOS devices. Many of these vulnerabilities can be addressed through other security technologies, but each agency may have a different risk tolerance level depending on its mission. Ultimately, each must establish its own mobile app security and privacy policies. The decision on whether an app is suitable for an organization’s employees begins by understanding the app—for example, what personal information it collects and with whom it is shared, or if the app can access the microphone, track the user’s location or access the user’s contact list. Once this is understood, security and privacy officers can take steps to mitigate these risks, educate their employees and make informed decisions.

The guidance was developed with input from government agencies, software assurance tool vendors, original equipment manufacturers, telecommunication carriers, universities and security practitioners. Not every agency or organization may have the in-house expertise to evaluate the security of each mobile app, which is why collaboration is so important and why guidance such as this is valuable.

Having guidelines on how to test mobile apps helps software assurance analysts avoid ad hoc manual testing, helps industry respond to government requirements, and helps the people responsible for keeping data safe understand the risks of using mobile apps.

When users download apps to their personal devices, they are usually willing to accept some risk, rarely read the app privacy policies and certainly cannot be expected to be software assurance experts. But government employees who are trusted with sensitive data must make sure that data they collect, share and store is protected against unauthorized disclosure. NIST SP-800-163 provides the guidelines that can help an agency make informed decisions to strike a balance between potential productivity gains and any new privacy or security risks that may result from the installation and use of the mobile app.