Doing .gov work on non-gov machines Ist verboten, Gewehr. At least in theory.
Something must've changed in the last two years, then.
When I was writing EPRs and OERs, it was considered kosher to do them on your off time, as long as it was on a machine running the issued Norton Corporate Edition Antivirus. Then your directorate security manager would scan the floppy or CD-ROM one more time before logging it into the SCIF - to check for classification issues, and to make sure it had the Norton tag. Granted, these were unclassified performance reports I'm talking about, but it also held true for unclassified Technical Instructions, Technical Orders, or other publications I worked on in my off hours or while TDY with a laptop. As Directorate Security Manager, my instructions were that as long as security wasn't compromised, either via classification or viruses, it was not only ok, but encouraged in this day and age of DoD's "Doing More With Less" mantra.