From: FederalNewsRadio.com 1500AM
By Jason Miller
Agencies soon will have a minimum set of cyber standards for securing their iPhones, Androids and BlackBerry devices.
The Chief Information Officer’s Council and the Homeland Security Department are receiving comments on the draft version of mobile cyber standards called for under the Digital Government Strategy.
The document is split into two parts: a security architecture and a security baseline.
“Essentially, what’s being published is a narrative of how the baseline will work, a framework by which an agency can walk through understanding what their mission requirements are, working to balance out the economics against capabilities against security and trying to find that sweet spot, and then moving into the many risk areas, what we are calling tailored risk, operations, finance, security, etc.,” said Kevin Cox, the program manager for the information security tools tiger team of the CIO Council, Thursday at the TechAmerica 23rd Annual CIO Survey conference in Washington. “From that framework, once the agency has worked through that, they will have a good sense of what their architecture will look like. Then they can go to the reference architecture and build out what the ultimate mobility will look like for their agency.”
Cox said the working group is overlaying the National Institute of Standards and Technology special publication 800-53 revision 4’s security controls, which were just released earlier this week, so agencies can focus on the specific security standards for mobile computing.
Wide range of input
For instance, NIST added a section on mobility in the operational environment considerations. It also includes specific access controls for mobile devices, and. it promotes the idea of tailoring the codes for specific environments — fixed versus mobile.
Cox said the CIO Council has been working on the secure baseline and architecture for several months.
“Two key events we’ve held, one in December and one in March, held up at NIST was a technical exchange meeting to really brief out what we were finding, brief out the direction and, again, receive agency feedback and input on this. We’ve also had input from industry as much as we can,” Cox said. “One key thing that we have looked to do is to align as much as possible with the existing security standards that they already need to meet. That’s why it was key that we aligned everything with 800-53 Rev 4 so it wasn’t a new set of requirements coming down, but simply a scaled down overlay of what you need to focus on specifically for mobility.”
The CIO Council, NIST, and the departments of Defense and Homeland Security will review agency comments over the next few weeks with a goal of releasing a final version by May 23 — the one-year anniversary of the Digital Government Strategy, Cox said.
Read Complete Article
Leave a Reply