Mobility

Feds make good on mobile deliverables

Cover of Digital Government

A key component of the Obama administration’s one-year-old Digital Government Strategy charged several federal agencies with developing baseline standards of security requirements for mobile computing and mobile security reference architecture that incorporated security and privacy by design.

On May 23, the government made good on the strategy’s mobility deliverables, releasing standards for the Federal Mobile Security Baseline, Mobile Security Decision Framework, and Mobile Security Reference Architecture.

Defining what works and what doesn’t in mobility makes sense, given that the number of Internet-connected mobile devices already outnumbers PCs and will soon outnumber the worldwide human population. The future of government is mobile, Federal CIO Steven VanRoekel told reporters in a May 23 conference, and these deliverables will help government address that fast-approaching reality.

“The future for us really holds a future where mobile is the default computing platform,” VanRoekel said, discussing how separate security guidelines apply for on-premise computers, laptops, desktops and mobile devices.

“We’re not far from mobile being the default computing environment and the fact that we treat them differently is a disconnect,” VanRoekel said. “This guideline, along with the mobile app development guideline and the mobile device management guidelines, are the three pieces on how you build a comprehensive story of how to properly manage mobile inside the government environment."

The Federal Mobile Security Baseline provides federal agencies a minimum set of security controls for mobile devices. It was tasked to the Department of Homeland Security, Department of Defense and the National Institute of Standards and Technology, and the resulting standards were ultimately a collaborative effort with experts from the Department of Justice, General Services Administration and other members of the Mobile Technology Tiger Team.

The standards address major access-, application-, data-, device- and identity-management challenges, as well as mitigation techniques agencies should use to deal with threats at the application, device and network levels.

The standards also identify five high-level user communities for digital services, outlining use cases from non-sensitive public data to top-secret data accessed on national security systems.

mobile network

“We ... had DHS, DOD, NIST, DOJ and others scrubbed in and working on this project to define to the industry what are the security baselines we’d like to see on a government-owned phone on a government network,” VanRoekel said.

The Mobile Security Decision Framework, meanwhile, is designed to assist in determining what mobile capabilities most effectively support an agency's mission. At its core, it is a decision-making process feds can use to select the right mobile computing solution for their agency, and divides the process into four stages: mission requirements, decision balancing, risk-based tailoring and results.

The majority of the decision-making process centers around the risk-based tailoring aspect, wherein frameworks like NIST Special Publications 800-37 and 800-39 help agencies weight risk across seven categories.

The Mobile Security Reference Architecture details the components necessary to implement secure mobile services throughout their enterprise architectures, and was produced by the Federal CIO Council and DHS’ National Protection and Program Directorate Office of Cybersecurity and Communications Federal Network Resilience.

The document describes MSRA as a “living, flexible” guide, adaptable enough for any department that provides in-depth reference architecture that includes:

• Components of a mobile computing reference architecture;

• Categories for users of a mobile computing architecture;

• Sample implementations of a mobile computing architecture;

• Management and security functions of a mobile computing architecture;

• A discussion of the threats to mobile computing devices and infrastructures, and potential mitigations for those threats;

• Information assurance controls that apply to the mobile infrastructure components, and their relation to NIST Special Publication 800-53 rev4;

• A set of considerations for High Risk environments; and

• A discussion of the policy considerations necessary for the secure adoption of a mobile solution.

About the Author

Frank Konkel is a former staff writer for FCW.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • FCW @ 30 GPS

    FCW @ 30

    Since 1996, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

  • Shutterstock image.

    Merged IT modernization bill punts on funding

    A House panel approved a new IT modernization bill that appears poised to pass, but key funding questions are left for appropriators.

  • General Frost

    Army wants cyber capability everywhere

    The Army's cyber director said cyber, electronic warfare and information operations must be integrated into warfighters' doctrine and training.

  • Rising Star 2013

    Meet the 2016 Rising Stars

    FCW honors 30 early-career leaders in federal IT.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group