Yeah idk about that. I’ve worked in state govt for a very long time and our cybersecurity controls essentially mandates we use one. I’m also in our security audit team and have to talk to state offices about our NIST controls regularly. And the NIST DOD controls are even more stringent than ours. Something sounds off.
Not gonna get specific, but, I have access to a shitload of sensitive personal data. It’s more likely you ran into an agency policy rather than a federal policy.
Health records for veterans don’t require a security clearance to be managed. (Personnel records for active military only require a Secret level clearance) You’ll wanna take it up with whoever manages security for the VA about the ‘massive liability’ involved.
Federal and State jobs you can’t use password managers.
I literally work for a state government and I use password managers for both work and personal.
EDIT: For clarity, the data is hosted on-prem. I don’t send govt credentials to the cloud like a moron.
Yeah idk about that. I’ve worked in state govt for a very long time and our cybersecurity controls essentially mandates we use one. I’m also in our security audit team and have to talk to state offices about our NIST controls regularly. And the NIST DOD controls are even more stringent than ours. Something sounds off.
My federal job came with one pre-installed.
Depends on your clearance level/what you have access to.
Not gonna get specific, but, I have access to a shitload of sensitive personal data. It’s more likely you ran into an agency policy rather than a federal policy.
No it is literally determined by clearance level. It is mandated.
Yeah. My agency doesn’t use clearance level to determine security requirements. It’s likely your password manager policy is agency-specific.
are you trolling or do you not realize this is massive liability?
I think they believe getting their fingerprints and having a background check means they have a security clearance or something.
Health records for veterans don’t require a security clearance to be managed. (Personnel records for active military only require a Secret level clearance) You’ll wanna take it up with whoever manages security for the VA about the ‘massive liability’ involved.
https://www.va.gov/securityinvestigationscenter/frequently_asked_questions.asp#q006
Lol so you do not have a security clearance.
Got it.
FYI if you had a security clearance, posting that you have one in your personal Lemmy account would absolutely be grounds for it to be revoked.
This is how you get in my block list.
Okay so remember the one or two ones you need there (try a passphrase!)
For everything else - password manager.
Federal I had about 15 passwords. The State job I had about half that.
Yep.
I use pass phrases filtered through a mess of cyber chef.