Editor’s Note: The CIO Council/DHS-NPPD document “Mobile Security Reference Architecture v1.0” is attached here.
From: GCN
By Patrick Marshall
IT staffs that have been struggling with finding ways to securely integrate the growing number of smart phones and tablets into their data environments are now getting some guidance from the Office of Management and Budget.
At the end of May, OMB delivered to departments and agencies The Federal CIO Council’s “Mobile Security Reference Architecture,” a 104-page guide detailing strategies for securing government-owned commercial smartphones and tablets.
The MSRA follows the April release by the National Institute of Standards and Technology of the even broader set of security policy guidelines in Revision 4 of Special Publication 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations,” and late 2011 of the “Electronic Authentication Guideline,” SP 800-63. Both publications address mobile environments.
The CIO Council’s document goes into great detail about strategies for securing mobile devices in an enterprise environment, but doesn’t get into the details of implementing those strategies with, say, specific operating systems or devices. And as some analysts have pointed out, the guide amounts to a mandate for agencies and departments, but there is no additional funding being provided for implementation.
Still, some analysts say the report is an important step. “It’s a big deal to some agencies that are lagging in developing policies,” said Shawn McCarthy, ICD Government Insights director. “A baseline document like this has to exist so that people can go back to it, especially if somebody comes up with something that’s too far afield of that.”
Leave a Reply