Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Next-gen Apple devices cleared to join Defense IT networks
Friday - 5/17/2013, 7:22pm EDT
Federal News Radio
Apple iOS 6 mobile devices have the green light to join Defense Department networks.
The Defense Information Systems Agency approved the Apple operating system today just about two weeks after sanctioning the use of Samsung Knox, running the Android operating systems, and Blackberry 10 devices.
Every device needs a Security Technical Implementation Guide (STIG). A STIG outlines the security requirements for a device joining the department's IT network. Once a STIG is completed, the department can start soliciting vendors to buy the devices and help integrate them into the overall IT infrastructure.
DISA's approval of the Apple iOS 6 STIG is another piece of DoD's Commercial Mobile Device Implementation Plan. The department hopes to add about 100,000 multivendor devices, from mobile phone to tablets, to its network by February 2014.
Next step is mobile device management contract
Right now, DoD has more than 600,000 commercial mobile devices interacting with its networks, most of which are BlackBerry devices. DoD is testing about 41,000 Apple and 8,700 Android devices.
DISA will set up a mobility device management (MDM) system later this year. The contract is in source selection now, and DISA anticipates making an award in early summer.
The MDM is a key piece to ensuring the security of mobile devices. DISA said the MDM will provide a process for managing and distributing mobile applications and an enhanced cyber defense infrastructure.
"All of these pieces must be in place to allow the secure use of commercial mobile devices on department networks," said Mark Orndorff, DISA information assurance executive and program executive officer for mission assurance and network ops, in a release. "DISA is running a pilot program today where we bring this all together."
In the past, it was difficult for mobile devices to join Defense networks because of the dense logistics involved with approving security and technical requirements. DISA recently changed its approval policies to speed up the process. Part of the new policy lets DoD approve use of the devices even before they're commercially available to the public.
Specifically, DoD now uses Security Requirements Guides (SRG), a map of security requirements vendors need to follow for their devices and services to join defense networks. If they match the requirements, they complete their own STIGs. Before, the department had to produce its own STIG for each device.
DISA shifts workload to vendors
SRGs are the critical piece in DISA's accelerated approval process. By lining up the security requirements up front, the work involved with investigating and preparing a mobile device falls to the vendor.
"Most of the work is done from the vendor side; we just do a review," John Hickey, DISA's mobility program manager, told Federal News Radio earlier this week. "That's totally different than what we've done in the past, where we wait for a product to come out, then we start asking, 'Can you lock this down?' That's a long process. This is a success story and an example of how you do it in the future."
Back when DISA had to produce its own STIGs, the process was onerous. It could sometimes take so long, by the time a device was approved for the network it was technologically obsolete.
DoD is working towards shrinking its security approval process to 30 days.
None of the STIGs for any of the mobile devices allow personal devices to connect to DoD networks.