The document validates what many of us have been saying for some time now that the decision to use social media technologies should be a risk-based business decision and not an IT security decision. Further, it states that "The safe use of social media is fundamentally a behavioral issue, not a technology issue." Everybody say 'Amen! Not only do the "Guidelines" recommend developing organizational policy for the use of social media, but that the policy should focus on personal and professional user behavior when using government information. The "Guidelines" call for, among other things, augmented training requirements for employees and additional security monitoring and configuration controls. I can already see CISO's across the nation smiling.
Posted by rlssec