Ideas for the Mobility Strategy

Government Mobility Meeting

Here is a meeting that Tom and I have put together. A goal of the TEM is to share ideas and networking across gov't lines to reduce duplication of efforts, expedite fielding of the devices and a few other buzz phrases.

 

Conference info is below. See you there.

 

Conference info

http://www.nist.gov/itl/csd/mobile-device-meeting.cfm

 

Registration link

https://www-s.nist.gov/CRS/conf_disclosure.cfm?conf_id=5122

Voting

3 votes
Active

Ideas for the Mobility Strategy

Strong Authentication!

Begin with a focus for updating guidance (e.g. FIPS-201, NIST SP800-53) to call out for the use of strong authentication credentials (PIV, PIV-I, CAC) with mobile devices.

Yes, the idea of attaching an additional device/sled to a mobile device in order to swipe,store, or scan your PIV/CAC card sounds cumbersome. But there is no reason why mobile devices can't be tapped to enable technologies such as cert-cloning/biometrics... more »

Voting

3 votes
Active

Ideas for the Mobility Strategy

Mobile Platform as a Service

Create a federal mobility platform that includes the following:
Components
- mobile app development tool
- mobile app library
- central cloud storage
- client component providing security and app shell
- security/user management, common capability but replicated for each user agency

Capabilities
- user agencies can modify apps from library or create their own in a short period of time. Inspections, ticketing, inventory,... more »

Voting

3 votes
Active

Ideas for the Mobility Strategy

Allow industry To Certify Compliance Against IA Standards

Instead of requiring Government test and certification of solutions, publish IA standards and require industry to certify their solutions' compliance with those standards. Mobile technologies change at a rate that far outpaces the Government's ability to remain current. If Industry knew in advance what standards were required, they could certify compliance themselves with periodic investigation by a trusty entity or... more »

Voting

3 votes
Active

Ideas for the Mobility Strategy

Don't Overcomplicate this! Keep it simple.

We utilize COTS soltuions throughout the entire enterprise today. As long as we can manage each end user solution and verify compliance from the network, we should be fine. Too few controls and reliance on good behavior will leave us vulnerable. Too many controls and specialized requirements will leave us broke ($$). Use the same controls, visability, inspection, verification, and assurance standards we use for laptops... more »

Voting

3 votes
Active

Ideas for the Mobility Strategy

EPA Mobile Strategy - Provide Data not Mobile Apps

The EPA has adopted a new mobile strategy, where they see themselves as the providers of data and environment information, but they are not the developers of mobile applications. The EPA recently ran a Apps Challenge where “Apps for the Environment” was a contest for software developers to find new ways to combine and deliver environmental data in new apps. Submissions to the challenge were required to use EPA data,... more »

Voting

3 votes
Active

Ideas for the Mobility Strategy

National Mobility Council (US CIO, Cybercom, DHS, GSA, DISA)

Mobility fundamentally changes how people accomplish their tasks, connect with others, express themselves, and form communities. It also introduces some significant challenges, not the least of which is it exposes the seams between federal agencies when it comes to acquisition (apps, network services, devices), security (physical security, information security, operational security) and policy (BYOD, no mobile, blackberry... more »

Voting

3 votes
Active

Ideas for the Mobility Strategy

Strengthen Mobile Security with Adaptive Risk Based Authenticat

Federal Agencies should consider using multi factor authentication and risk based authentication, similar to what the mobile banking industry as adopted. The challenge with mobile devices, is that they can be easily lost, stolen or in some cases even hacked. Strong credential based authentication is not enough to stop unwanted access. Adding a risk- based challenge layer behind existing authentication can greatly increase... more »

Voting

3 votes
Active

Ideas for the Mobility Strategy

Mobile First

Mobile First is the concept that applications need to be designed from the start to be mobile. Web sites/applications should be built to support both PC browsers and mobile browsers from the start. The incremental cost of supporting both PC and mobile browsers at first release of a web site/application is significantly less than trying to add on mobile support to an existing non-mobile one.

Voting

3 votes
Active

Ideas for the Mobility Strategy

IT Wireless Infrastructure as a Service

A smart phone or tablet loses a lot of capability if it can't connect to a wireless network. There is an immense cost associated with enabling ubiquitous wireless needed. Need to look at someone like GSA to provied a service that can be rolled into a lease so that the massive costs can be amortized over time.

Voting

3 votes
Active

Ideas for the Mobility Strategy

Decouple Content and Delivery Mechanism

The Federal Government has a broad constituency with a wide range of prefernces on how it interacts with the Government - every thing from postal mail to social media. It is the Federal Government mission (and some might say, responsibility) to deliver constient quality of information to all constituents, regardless of their preferred communciations method. The only way to do this is to decouple content from delivery... more »

Voting

3 votes
Active