I agree to Idea Mobile Information Assurance
Voting Disabled

22 votes

I disagree to Idea Mobile Information Assurance

Rank12

Idea#31

This idea is active.
Ideas for the Mobility Strategy »

Mobile Information Assurance

The civilian side of the federal government currently has no common policies or guidelines in place on how to evaluate, validate, protect or secure mobile technologies - including mobile infrastructure, mobile devices, mobile apps, mobile data practices, etc.

I suggest that the government create reasonable security guidelines so that the important work of protecting the federal computing infrastructure is not duplicated in every agency or is not done at all. We can have both reduced expenses and increased security with a little strategy and execution.

Submitted by 2 years ago

Comments (6)

  1. Mobility efforts for Federal agencies' would also benefit from a strategic review of existing policies and audit findings that run counter to the effective of adoption this family of initiatives. The existing patchwork of guidance and regulations are interpreted in ways that turn smartphones into bricks and tablets into dumb terminals.

    2 years ago
    2 Agreed
    0 Disagreed
    1. At our agency we have very strict processes that review the compliance to federal laws and guidelines. These are implemented through our life cycle. We are currently in the porcess of developing a new "Mobile Apps" path through our life cycle that we feel will allow for the rapid developement of mobile apps and yet continue to assure the quality and compliance with enforce on the traditional waterfall projects. We would be willing to share our findings if anyone is interested.

      2 years ago
      0 Agreed
      0 Disagreed
  2. More secure mobile devices are already being prototyped in the DOD community, which can surely inspire other use across the Federal Government.

    2 years ago
    1 Agreed
    0 Disagreed
  3. I disagree, as will most Govt security folks. The NIST's IA Controls (much like the DoD's) are well developed, very available, and quite applicable to mobile devices (and the related clouds). (Examples - Army's decent DIACAP accreditation of now-discontinued Android tablet and Google Apps for Govt was FISMA-certified per NIST's implementation.)

    I do agree on the reciprocity failure. Even w/in the DoD each service would rather repeat a thousand-man-hours C&A paperdrill than just accept another service's approval FOR THE SAME MUTUALLY CONNECTED NETWORK!

    The biggest problems are 1) finding C&A-smart folks to apply them aggressively, 2) trying to find a consumer-oriented / popular device that's even being capable of being secured, 3) having a device exist long enough on the market to make it secure and get some use outta it.

    2 years ago
    0 Agreed
    0 Disagreed
  4. Ouch - sweerek is too right, on reciprocity. Let's keep truly classified separate from truly open - and we can debate the gray area in our spare time. But don;t wait for the answer, just do what needs to be done.

    2 years ago
    0 Agreed
    0 Disagreed
  5. Agreed that NIST FISMA controls apply 100% to mobile devices as well. We can only hope FedRAMP will facilitate and accelerate A&A not only for cloud services but also for related mobile technologies.

    2 years ago
    1 Agreed
    0 Disagreed

Vote Activity Show

(latest 20 votes)

Events

  1. The idea was posted
    2 years ago