From: Federal Computer Week
By Alice Lipowicz
A new federal audit claims that Veterans Affairs Department Chief Information Officer Roger Baker may have bent information security rules in deploying iPhones and iPads at the VA in October 2011.
But the auditor concluded that Baker’s methods complied with federal information security requirements.
The May 15 audit was just published by Linda Halliday, assistant inspector general for audits and evaluations in the VA Office of Inspector General.
It was sparked by a confidential hotline complaint in September 2011 claiming that the VA was circumventing the Federal Information Security Management Act (FISMA) and other federal rules for information security with regard to Apple mobile devices approved for use on the VA network.
The inspector general also was asked by Sen. Jon Kyl, (R-Ariz.), to evaluate whether the VA’s approach regarding storage of sensitive data without “FIPS 140-2” hardware encryption would meet FISMA requirements.
The inspector general auditors “partially substantiated” the allegation that the VA was deploying Apple mobile devices without the FIPS 140-2 hardware encryption required under FISMA. However, Baker took “compensating” measures to protect the sensitive information, the report said.
As a result, the auditor concluded that Baker’s approach to information security met the FISMA requirements, although there were some deficiencies in inventory management and controls.
“VA deployed more than 200 Apple iPhones and iPads with encryption that was not FIPS 140-2 certified,” Halliday wrote. “Compliance with the FIPS 140-2 standard is mandatory when agencies specify they will use cryptographic-based security systems to protect sensitive or valuable data. As a compensating control, VA used a FIPS 140-2 certified security application named ‘Good’ from Good Technology to encrypt application data such as emails, calendars, and contacts residing on the mobile devices.”
Using the certified application was deemed a satisfactory solution, the report said.
“We determined that VA’s approach of allowing only FIPS 140-2 certified applications to access or store sensitive encrypted data on the mobile device met FISMA requirements for data protection,” Halliday wrote.
However, the report also noted that VA could improve its security controls and systems management by maintaining an accurate inventory, and by configuring devices consistently.
Halliday made two recommendations for change, and Baker agreed with both of them, the report said.
Ohh, thanks! You know, I’ve bought an iPhone 14 and I really need a beautiful case. The options available just don’t resonate with my taste. Any insights on where I might procure a stunning case for my phone?
Dear, the search for the perfect iPhone 14 Pro Max case isn’t easy, but I’ve come across this beautiful Pure Clear iPhone 14 Pro Case. Its transparent design is sleek and minimalist, allowing the device’s beauty to shine through. I’ve heard good things about Orase cases, but I’d love to hear your thoughts.
I think that https://www.certsboard.com/ is crucial for graduating from any university. Every student should know how to write and I think you should be able to do it, too. I would recommend you to take some extra classes or enroll in additional course.