The Defense Department and the National Institute of Standards and Technology provided a lift to the future of mobile computing in the government.
DoD announced it moved its classified mobile capability from a pilot stage into full production mode.
Defense Mobile Classified Capability – Secret (DMCC-S) lets users access voice and data at the secret level from anywhere in the world.
The Defense Information Systems Agency piloted about 2,000 devices, mostly a hardened version of the Samsung Galaxy S4, over the last few years.
The new capability will replace the Secure Mobile Environment Portable Electronic Device (SME PED) system, which was became old and bulky technology such as 2G networks. DISA says it will turn off the SME PED on July 30.
“This release is a big step toward being able to deliver secure mobile capabilities faster than we have ever seen before. The use of commercial products approved via NSA’s Commercial Solutions for Classified Program provides a mechanism to securely access and deploy new technology with significantly reduced deployment cycles,” said Kim Rice, DISA’s mobility portfolio manager, in a release. “That’s important because it enables us to scale the capability. In the near future, we expect to triple the number of active DMCC-S users.”
The agency says its goal is to have 3,000 secure mobile users by second quarter of fiscal 2016.
Meanwhile, NIST released an updated technical specifications and guidance for the next generation of “smart” identity cards. NIST says “the new specifications add enhanced security features to verify employees’ and contractors’ identities, as well as new capabilities that work with mobile devices and media such as smartphones.”
NIST Special Publication 800-73-4 revises how the software credential is stored on the smart identity card and how systems can retrieve and check them for authenticity.
“The update provides additional ways to authenticate, or prove, the cardholder’s identity,” NIST says. “One method, called on-card biometric comparison, helps preserve a cardholder’s privacy because the individual’s fingerprint data never leave the card. A new specification protects wireless communications between the PIV Card and mobile device when the cardholder uses authentication, signature or encryption services with a mobile device. Another new security feature prevents a cardholder from changing the PIN to one that is too short.”
The second change comes from Special Publication 800-78-4. It provides the technical cryptographic details needed to maintain the security of the next-generation smart card.
Both of these updates are important as agencies roll out more mobile devices and the Office of Management and Budget requires agencies to fully implement two-factor authentication as part of the 30-day cyber sprint.