Instead of using a lengthy security technical implementation guide approval process to decide which tablets and smartphones will be allowed to use its network, the...
wfedstaff | April 17, 2015 4:02 pm
The Defense Department is changing the way it approves smartphones and tablet computers for use on its network.
Instead of going through the lengthy security technical implementation guide (STIG) approval process, the Defense Information Systems Agency wants to put the ball in the vendors’ court.
Alex Froede is the Mobile Security support contractor specializing in DISA’s Security Technical Implementation Guides. He said the goal is to set high-level requirements across four areas and then ask the vendors to tell DoD how they are meeting those security requirements.
DoD then will review the vendors documents and decide whether they meet the Pentagon’s security requirements, Froede said at the Federal Mobility Computing Summit sponsored by Mobilegov in Washington.
“DISA’s certification authority would make a recommendation about whether the product or service deals with the risk appropriately,” he said. “Then it could be used by any of the services or Defense agencies, or any other federal agency for that matter.”
Froede said DoD is basing its efforts on the National Institute of Standards and Technology’s special publication 800-53 guidance and other security best-practices.
These are the four areas DISA will provide guidance to vendors:
Froede said DISA will publish the draft guidance in the next few weeks.
“The results will be the development of STIGs much faster than today,” he said. “We hope the new STIG process will solve some of the problems found in how long it takes for us to get these out. People are willing to set up their devices to be secure if they are told how to do it. We think once the STIG is available, it will take one or two months to decide whether to approve it.”
DoD decided to finally change the STIG development process after it took more than one year to approve the Dell Streak tablet — only for the company to discontinue making and supporting the product shortly afterwards.
Froede said one of the big benefits of this new approach is other agencies can review and use the vendor-developed security documents.
“They can read the approval decision and decide whether to use it or not,” he said.
The concept meshes with the Office of Management and Budget’s Digital Government Strategy. OMB wants agencies to share apps more readily and trust each other about the security of these systems and apps.
RELATED STORIES
Agencies feel strain of balancing mobility, security
DoD approves first-ever Android devices
OMB unveils ambitious digital, mobile strategy
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Jason Miller is executive editor of Federal News Network and directs news coverage on the people, policy and programs of the federal government.
Follow @jmillerWFED