- Briefing Room
U.S. Department of Transportation
Federal Highway Administration
1200 New Jersey Avenue, SE
Washington, DC 20590
FHWA Order 1370.12
This directive was canceled March 22, 2006
|Personal Digital Assistants|
|Classification Code||Date||Office of Primary Interest|
|1370.12||February 11, 2005||HAIM-40|
What is the purpose of this directive? This directive establishes the Federal Highway Administration (FHWA) policy for the purchase and use of Personal Digital Assistants (PDAs). PDA is a term for any small mobile hand-held device that provides electronic information storage and retrieval capabilities for personal or business use. PDAs are often used for storing and retrieving schedule, calendar, and address book information.
Does this directive revise an existing FHWA directive? No. There is no existing directive regarding PDAs.
What authorities govern this directive?
The U.S. Department of Transportation (DOT) standard for PDAs is specifically outlined in the DOT Personal Digital Assistant and Wireless Technology Security Implementation Standards, dated January 20, 2004.
The official information stored on PDAs can constitute Federal records and must be treated accordingly. Refer to Title 44, U.S. Code (U.S.C.), Section 3301 for a definition of Federal records and Title 36, Code of Federal Regulations (CFR), Part 1234 for information on electronic records management.
What is the PDA selection policy?
Each office that wishes to acquire and use PDAs will select a standard approved PDA (operating system and brand) for that office, as follows:
(1) Washington Headquarters offices. The Palm operating system running on the PalmOne brand of PDA is the only configuration approved for use in the Washington Headquarters offices.
(2) Federal Lands Highway Division offices. Federal Lands Highway Division offices may select any PDA operating systems and brand of PDA hardware deemed necessary. The operating systems and hardware brands may be mixed within a Federal Lands Highway Division office.
(3) Field offices other than Federal Lands Highway Division offices. Field offices other than Federal Lands Highway Division offices may select either the Palm operating system or the PocketPC operating system. Once the operating system has been selected, the field office can select one brand of PDA. All PDAs procured by that office in the future are required to use the selected operating system and the selected brand of PDA. If a field office does not have a preference for a PDA operating system, it should select the Palm operating system. If a field office selects the Palm operating system and does not have a preference for a specific PDA hardware brand, it should select PalmOne hardware.
In addition to the PDAs selected under the selection policy stated above, individuals who have been designated eligible by the Associate Administrator for Administration can use Blackberry wireless PDAs running the Blackberry operating system. Blackberry is the only PDA and operating system approved for wireless e-mail integration with Microsoft Exchange.
What is the selection policy for existing and privately owned PDAs?
The PDA selection policy does not apply to PDAs that are currently owned by FHWA employees. Each office can keep the PDAs they already have, including those currently owned PDAs that do not conform to the standard operating system and hardware brand for that office. The PDA selection policy applies only to newly procured PDAs. By June 30, 2005, existing PDAs will be required to undergo a security certification process (see paragraph 6b).
Privately owned PDAs should not be connected to any FHWA network or information system.
What are the security prerequisites for PDA selection?
A security certification is required prior to purchase of all PDAs anywhere in FHWA, including Federal Lands Highway Division offices. The certification is based on brand, model, and operating system; the manner in which the PDA will be used; the information stored, processed, or transmitted using the PDA; other software that will be used; and compliance with DOT policies. Each office that is considering the purchase of PDAs must submit a "PDA Certification Request" to the Information Technology Division (HAIM-40) and obtain a PDA Certification approval before purchase.
PDAs that are already in use must undergo the certification process by June 30, 2005, i.e., FHWA offices must submit a "PDA Certification Request" to HAIM-40.
What are the minimum requirements for PDAs used within the FHWA environment or used to store FHWA data?
(1) PDAs must be approved for use by the FHWA Information Systems Security Officer (ISSO) in HAIM-40.
(2) Anti-virus software must be installed on the PDAs.
(3) PDAs must require a power-on password.
(4) All PDAs must be physically labeled to show that they are FHWA property, and the label must include the appropriate contact information. The user or FHWA Information Technology (IT) representative can provide and apply the label to the PDA. The contact information should include a contact name or office and a contact telephone number, labeled such as the following:
Agency: Federal Highway Administration
(5) Each PDA must have an FHWA bar code attached. The bar code will be provided by the FHWA property management staff at the FHWA site. All PDAs are considered to be sensitive FHWA property items and must be bar coded regardless of their purchase cost.
(6) PDAs must be configured with screen-locking timeouts. After a few minutes of inactivity a password must be required to reactivate the PDA.
(7) Unless otherwise approved by the FHWA ISSO, any PDA wireless capabilities such as Wireless Fidelity (Wi-Fi) and beaming (infrared) or other infrared capabilities must be disabled during use.
(8) All PDA users must read and sign a PDA Terms and Conditions of Use Agreement, which will be provided by HAIM-40 upon security approval. The user signature on this document will constitute the user's agreement to abide by these terms and conditions.
(1) PDAs must be equipped with encryption software to encrypt sensitive data.
(2) PDAs must be configured with firewall software that blocks all incoming connection attempts.
How do I request approval for using a PDA within FHWA?
To request approval for using a PDA within FHWA, complete and submit the Requester Information Form FHWA-1568 located at the following address: http://intra.fhwa.dot.gov/informs/adobeforms/fhwa1568.pdf.
After the Requester Information Form is completed, submit it to the FHWA ISSO in HAIM-40. The form may be submitted via e-mail to ITSECUREFHWA@fhwa.dot.gov or by Fax to (202) 366-3999.
Michael J. Vecchietti