Mobile Information Assurance

Idea#31

Stage: Active

Campaign: Ideas for the Mobility Strategy

The civilian side of the federal government currently has no common policies or guidelines in place on how to evaluate, validate, protect or secure mobile technologies - including mobile infrastructure, mobile devices, mobile apps, mobile data practices, etc.

I suggest that the government create reasonable security guidelines so that the important work of protecting the federal computing infrastructure is not duplicated in every agency or is not done at all. We can have both reduced expenses and increased security with a little strategy and execution.

Tags

Submitted by

Feedback Score

22 votes
Voting Disabled

Idea Details

Vote Activity (latest 20 votes)

  1. Agreed
  2. Agreed
  3. Disagreed
  4. Agreed
  5. Agreed
  6. Agreed
  7. Disagreed
  8. Agreed
  9. Disagreed
  10. Disagreed
  11. Agreed
  12. Agreed
  13. Agreed
  14. Agreed
  15. Agreed
  16. Agreed
  17. Agreed
  18. Agreed
  19. Agreed
  20. Agreed
(latest 20 votes)

Events

  1. The idea was posted

Assessment

Comments

  1. Comment
    tim.arnold

    Mobility efforts for Federal agencies' would also benefit from a strategic review of existing policies and audit findings that run counter to the effective of adoption this family of initiatives. The existing patchwork of guidance and regulations are interpreted in ways that turn smartphones into bricks and tablets into dumb terminals.

    Comments on this comment

    1. Comment
      Jerome.S.Frese

      At our agency we have very strict processes that review the compliance to federal laws and guidelines. These are implemented through our life cycle. We are currently in the porcess of developing a new "Mobile Apps" path through our life cycle that we feel will allow for the rapid developement of mobile apps and yet continue to assure the quality and compliance with enforce on the traditional waterfall projects. We would be willing to share our findings if anyone is interested.

  2. Comment
    Fed user

    More secure mobile devices are already being prototyped in the DOD community, which can surely inspire other use across the Federal Government.

  3. Comment
    sweerek

    I disagree, as will most Govt security folks. The NIST's IA Controls (much like the DoD's) are well developed, very available, and quite applicable to mobile devices (and the related clouds). (Examples - Army's decent DIACAP accreditation of now-discontinued Android tablet and Google Apps for Govt was FISMA-certified per NIST's implementation.)

    I do agree on the reciprocity failure. Even w/in the DoD each service would rather repeat a thousand-man-hours C&A paperdrill than just accept another service's approval FOR THE SAME MUTUALLY CONNECTED NETWORK!

    The biggest problems are 1) finding C&A-smart folks to apply them aggressively, 2) trying to find a consumer-oriented / popular device that's even being capable of being secured, 3) having a device exist long enough on the market to make it secure and get some use outta it.

  4. Comment
    darnold

    Ouch - sweerek is too right, on reciprocity. Let's keep truly classified separate from truly open - and we can debate the gray area in our spare time. But don;t wait for the answer, just do what needs to be done.

  5. Comment
    Nikolay Bakaltchev

    Agreed that NIST FISMA controls apply 100% to mobile devices as well. We can only hope FedRAMP will facilitate and accelerate A&A not only for cloud services but also for related mobile technologies.