By adding Apple iOS 6 to the Security Technical Implementation Guide (STIG) -- a methodology for "locking down" information systems and software that might otherwise be vulnerable to attacks -- the DOD has expanded the list of devices that it provides to military and government employees. The move is part of a larger effort by the DOD to build a multi-vendor mobile environment that supports a broad selection of devices and operating systems. However, the use of personal devices aren't allowed on its networks.
Some new BlackBerrys and Samsung Galaxy devices also received the Pentagon's nod of approval earlier this month. BlackBerry has long been a handset provider for the U.S. government, so the approval was expected. The Canadian company said its Z10 and Q10 -- running the new BlackBerry 10 operating system -- as well as the PlayBook, all have been cleared by the DOD. As for Samsung, the DOD chose the Galaxy S 4 with Knox security software, an enterprise-focused tool that keeps sensitive information separate from the rest of the smartphone.
[ Learn about the leaders who are helping the U.S. government become more tech savvy. Read The Government CIO 25. ]
In February, the Defense Department released a plan to speed up the adoption of commercial mobile devices and secure mobile applications in the military. The plan calls for a "framework to equip users and managers with mobile solutions that leverage commercial off-the-shelf products, improve functionality, decrease cost and enable increased personal productivity." DOD's goal is to support approximately 100,000 multi-vendor devices by February 2014. Currently, there are 600,000 commercial mobile devices in use and in pilot stage across the DOD. This includes approximately 470,000 BlackBerrys, 41,000 Apple devices and 8,700 Android devices.
The DOD has a mobile device strategy in place, which requires that mobile devices be configured to the STIG, combined with a mobile device management system for securely managing and distributing mobile applications. "All of these pieces must be in place to allow the secure use of commercial mobile devices on department networks," said Mark Orndorff, DISA information assurance executive and program executive officer for Mission Assurance and Network Ops, in a statement. "DISA is running a pilot program today where we bring this all together."
DISA is responsible for creating a MDM system for the DOD, and validating devices that meet the agency's security requirements. DISA said it anticipates awarding MDM contracts to vendors in early summer.