Add to collection(s) Add to saved
  1. Business
  2. Management

Mobility in the Federal Government — What's Next? | Kevin Cox, DOJ

advertisement 
Mobility in the Federal Government –
What’s Next?
July 9, 2013
Agenda
Federal Digital Government Strategy (DGS) Milestones of Interest
DGS Milestone 9.1
Use Cases and Top Challenges
DoD, DHS, DOJ, and NIST Mobility Efforts
Moving Forward
2
Milestones of Interest
Information Centric
MS 1.2 Open Data web-based availability
MS 2.1 and 2.2 High Value Data web based availability
Shared Platform
MS 3.3 BYOD
MS 3.6 Shared Mobile Application Development
MS 4.2 Development and delivery of digital services
MS 5.1 Wireless Federal Strategic Sourcing Initiative (FSSI)
MS 5.2 Enterprise-wide inventory (CMDs and Contracts)
MS 5.3 Analysis of enterprise contract vehicles
MS 5.4 Delivery of mobile apps
MS 5.5 Government-wide Mobile Device Management
Customer Centric
MS 6, 7 & 8 Customer focus & satisfaction
Security and Privacy
MS 9.1 Mobile Security Baseline and Mobile Security Architecture
MS 10.2 Accelerate mobile technology adoption
MS 10.3 Standard Approach to PII
3
Federal Mobile Security Baseline and
Reference Architecture
DELIVERABLE
Milestone 9.1 Federal Mobile
Security Baseline
DELIVERABLE
Mobile Security Reference
Architecture (Appendix: Mobile
Computing Decision Framework)
4
Federal Digital Government Strategy
Milestone 9.1
Government Mobile and Wireless Security Baseline – A use case driven
security approach for four challenge areas identified in gap analysis of MS
10.2
Mobile Device Management (MDM) (COMPLETED, based on NIST SP
800-53 rev4 and DoD MDM SRG)
Mobile Application Management (MAM) (COMPLETED, based on NIST SP
800-53 rev4 and DoD MDM SRG)
Identity and Access Management (Notional)
Data Sharing Standards (Notional)
Mobile Security Reference Architecture (COMPLETED)
Will be developed into a service level architecture by September
Mobile Computing Decision Framework (COMPLETED)
5
Use Cases and Top Challenges
6
Key DoD Mobility Efforts
DoD Mobile Device Strategy, 8 Jun 2012
DoD CMD Implementation Plan, 15 Feb 2013
Mobility Inventory Memo, 15 Mar 2013
CMD Pilot Consolidation Memo, 21 Mar 2013
Mobility BCA Memo, 15 Apr 2013
Mobility STIGs (iOS, Android, BB), May 2013
DMCC devices provisioned, May 2013
DISA MDM/MAS RFP awarded, 27 Jun 2013
NIAP Mobile Protection Profiles, CY 2013, Q3
7
Key NIST Mobility Efforts
Guidance Documents
NIST FIPS 201-1: Personal Identity Verification (PIV) of Federal Employees and Contractors
NIST FIPS 201-2 (DRAFT): Personal Identity Verification (PIV) of Federal Employees and Contractors
NIST SP 800-46 R2 (DRAFT TBD): Guide to Enterprise Telework, Remote Access, and BYOD Security*
NIST SP 800-53 R4: Security and Privacy Controls for Federal Information Systems and Organizations
NIST SP 800-73-4, Part 1 (DRAFT): PIV Card Application Namespace, Data Model and Representation
NIST SP 800-73-4, Part 2 (DRAFT): PIV Card Application Card Command Interface
NIST SP 800-73-4, Part 3 (DRAFT): PIV Client Application Programming Interface
NIST SP 800-114 R1 (DRAFT TBD): User's Guide to Telework and Bring Your Own Device (BYOD) Security*
NIST SP 800-124 R1: Guidelines for Managing and Securing Mobile Devices in the Enterprise
NIST SP 800-157 (DRAFT TBD): Guidelines for Personal Identity Verification (PIV) Derived Credentials*
NIST SP 800-163 (DRAFT TBD): Guidelines for Testing and Vetting Mobile Apps
NIST SP 800-164 (DRAFT): Guidelines on Hardware-Rooted Security in Mobile Devices
Additional Efforts
– Collaboration with DARPA on the TransApp Program
– Collaboration with NSA on the Enduring Security Framework (ESF)
* Taken from csrc.nist.gov/documents/nist-mobile-security-report.pdf
8
Key DHS Mobility Efforts
FED Initiatives
DGS
Changed the way we look at delivery of IT
services and data
DHS Initiatives
WorkPlace Transformation
Changing Business Model
Accomplishments
Maintain Federal Relationships
Application Lifecycle Management (ALM)
From concept to O&M
Code Standards, Sharing, Testing Standards,
Drive Tool development, Distribution
Models, Context at the Presentation
DHS Mobility Strategy (DRAFT)
DHS Mobility Implementation Plan
(DRAFT)
Mobile Pilot(s) Consolidation Memos
(DRAFT)
WorkPlace as a Service (WPaaS)
Mobile Container solution,
APR 2013
Mobile Application Vetting Platform
(CarWash)
Initial Proof of Concept, MAR
2013
DHS Enterprise Wireless Contract
Awarded APR 2013
Information Resource Management
Strategic Plan (DRAFT)
9
FOCUS: DHS Mobility Efforts
Data Standards
Authentication and Authorization
Form Factor Issue, Device, App, or Network Level?
Legacy infrastructure
Mission Partners
Application Services
Structure, Tagging, Labeling, Temporal value
Remove Context
Aggregation Issues
Move to data layer protection
What to do in the interim?
Progression of the trust level…
Infrastructure
Concept of Internet as transport
Capability to support increased communications
10
Key DoJ Mobility Efforts
Mobility Strategy
Partnerships with other Departments/Agencies
App Development Strategy
Pilot of New Handheld Devices
Tablet Pilots
Standard Tablets
Hybrids
BYOD Pilot
11
Moving Forward
Building on the Digital Government Strategy Mobility Milestones
Mobile Identity Management
Mobile Application Development and Vetting
Federal Mobility Solutions Architecture
12
Building on the Digital Government
Strategy Mobility Milestones
Federal CIO Council Committees
New Innovation Committee
Information Security and Identity Management Committee (ISIMC)
CIO Council will help coordinate Interagency efforts, including involvement
with OMB, GSA, and NIST
Federal Digital Government Strategy
Continue to build on Baseline and Reference Architecture (Milestone
9.1), as well as on other completed Milestones
Partnered with NSA for security
GSA: future contracts for Mobile Device Manager, mobile devices and
Airtime/Data Plans
Mobile Applications Reciprocity across Agencies
Expedite Mobile Security Approvals
Collaborative Technology Exploration and Standards Development
13
Mobile Identity Management
Current Capabilities
Bluetooth CAC Reader / Dongle
CAC Sleeve (Case)
Primary Candidates (2013-2014)
Near-Field Communications (NFC)
Hardware Security Modules (HSM)
microSD Cards / Sleeve
Trust Platform Modules (TPM)
Derived Credentials (NIST SP 800-157)
Secondary Candidates (> 2014)
Universal Integrated Circuit Card (UICC)
Out-of-Band One Time Pad (OTP) Tokens (App or Cellular SMS-based)
Emerging Technologies (>2014)
Environment-aware heuristics
Cloud based Biometrics (facial/voice/fingerprint/iris recognition)
14
Mobile Application Development and
Vetting
DHS – Mobile Application Continuous Integration Orchestration Platform and
Mobile CoE, aka “CarWash”
NIST/DARPA – TransApp Program (NIST SP800-163 DRAFT Coming Soon)
DoD
Software Assurance in Defense Acquisition Guidance
DISA Mobility PMO – Mobile Applications Security Requirements Guide
(SRG)
NSA Information Assurance Directorate (IAD) Center for Assured Software
(CAS)
GSA Mobile PMO and Digital Services Innovation Center – Mobile Application
Development Program
15
Federal Mobility Solutions
Architecture
Builds on the Federal Mobility Reference Architecture
Building on Department/Agency (D/A) Use Cases
Utilizing information gathered from D/As during development of
DGS Milestone 10.2 (Mobility Barriers/Opportunities/Gaps)
16
More Information
Programs/Opportunities
Working Groups
GSA FSSI Wireless: Wireless Federal Strategic Sourcing Initiative BPAs
GSA Mobility Management Solutions: potential MDM/MAM solutions sources
DGS Milestone 3.6: GSA Mobile Application Development Program
U.S. Government APIs: API Developer Resources
NSA CSfC Program: Commercial Solutions for Classified Program
DISA BAA 12-01: Mobile Device Common-Access-Card-Enabled Virtual Thin Client
ICAM Subcommittee (ICAMSC) Working Groups: various [e.g., CNSS IdAM WG, Logical Access
WG]
DoD Commercial Mobile Device Working Group (CMDWG) – Next meeting 19 Sept 2013
DoD PKE Mobility TIM –next meeting tentatively Dec 2013
References
HSPD-12: Policy for a Common Identification Standard for Federal Employees and Contractors
OMB M-11-11: Continued Implementation of HSPD 12
DTM 08-006: DoD Implementation of Homeland Security Presidential Directive - 12 (HSPD-12)
NIAP CC Protection Profiles (PP): various [e.g., Mobile OS, VoIP Apps, WLAN]
DISA SRGs: various [e.g., MDM, Mobile Policy, Mobile App, Mobile OS]
17
Related documents
Florida Information Technology Resource Security Policies and
Florida Information Technology Resource Security Policies and
View/Open
View/Open
Risk is the net negative impact of the exercise of a vulnerability
Risk is the net negative impact of the exercise of a vulnerability
PowerPoint Slides from this Seminar
PowerPoint Slides from this Seminar
Click to a copy of college transition suggested readings.
Click to a copy of college transition suggested readings.
THE BOB McQUARRIE RECREATION COMPLEX
THE BOB McQUARRIE RECREATION COMPLEX
Impaired Physical Mobility
Impaired Physical Mobility
Impaired Physical Mobility - Mission Consolidated Independent
Impaired Physical Mobility - Mission Consolidated Independent
Download
advertisement