Ideas for the Mobility Strategy

Mobile Information Assurance

The civilian side of the federal government currently has no common policies or guidelines in place on how to evaluate, validate, protect or secure mobile technologies - including mobile infrastructure, mobile devices, mobile apps, mobile data practices, etc.

I suggest that the government create reasonable security guidelines so that the important work of protecting the federal computing infrastructure is not duplicated in every agency or is not done at all. We can have both reduced expenses and increased security with a little strategy and execution.

Tags

Submitted by

Stage: Active

Feedback Score

22 votes
Voting Disabled
Idea#31

Idea Details

Vote Activity (latest 20 votes)

  1. Upvoted
  2. Upvoted
  3. Downvoted
  4. Upvoted
  5. Upvoted
  6. Upvoted
  7. Downvoted
  8. Upvoted
  9. Downvoted
  10. Downvoted
  11. Upvoted
  12. Upvoted
  13. Upvoted
  14. Upvoted
  15. Upvoted
  16. Upvoted
  17. Upvoted
  18. Upvoted
  19. Upvoted
  20. Upvoted
(latest 20 votes)

Events

  1. The idea was posted

Comments

  1. Comment
    tim.arnold

    Mobility efforts for Federal agencies' would also benefit from a strategic review of existing policies and audit findings that run counter to the effective of adoption this family of initiatives. The existing patchwork of guidance and regulations are interpreted in ways that turn smartphones into bricks and tablets into dumb terminals.

    Comments on this comment

    1. Comment
      Jerome.S.Frese

      At our agency we have very strict processes that review the compliance to federal laws and guidelines. These are implemented through our life cycle. We are currently in the porcess of developing a new "Mobile Apps" path through our life cycle that we feel will allow for the rapid developement of mobile apps and yet continue to assure the quality and compliance with enforce on the traditional waterfall projects. We would be willing to share our findings if anyone is interested.

  2. Comment
    Fed user

    More secure mobile devices are already being prototyped in the DOD community, which can surely inspire other use across the Federal Government.

  3. Comment
    sweerek

    I disagree, as will most Govt security folks. The NIST's IA Controls (much like the DoD's) are well developed, very available, and quite applicable to mobile devices (and the related clouds). (Examples - Army's decent DIACAP accreditation of now-discontinued Android tablet and Google Apps for Govt was FISMA-certified per NIST's implementation.)

    I do agree on the reciprocity failure. Even w/in the DoD each service would rather repeat a thousand-man-hours C&A paperdrill than just accept another service's approval FOR THE SAME MUTUALLY CONNECTED NETWORK!

    The biggest problems are 1) finding C&A-smart folks to apply them aggressively, 2) trying to find a consumer-oriented / popular device that's even being capable of being secured, 3) having a device exist long enough on the market to make it secure and get some use outta it.

  4. Comment
    darnold

    Ouch - sweerek is too right, on reciprocity. Let's keep truly classified separate from truly open - and we can debate the gray area in our spare time. But don;t wait for the answer, just do what needs to be done.

  5. Comment
    Nikolay Bakaltchev

    Agreed that NIST FISMA controls apply 100% to mobile devices as well. We can only hope FedRAMP will facilitate and accelerate A&A not only for cloud services but also for related mobile technologies.