Mobility in the Federal Government -- What's Next? | Kevin Cox, Mark Norton & Robert Palmer | Federal Mobile Computing Summit | July 9, 2013

3,520 views

Published on

The Federal Mobile Computing Summit was held on July 9, 2013 in Washington, DC.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
3,520
On SlideShare
0
From Embeds
0
Number of Embeds
1,722
Actions
Shares
0
Downloads
42
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Mobility in the Federal Government -- What's Next? | Kevin Cox, Mark Norton & Robert Palmer | Federal Mobile Computing Summit | July 9, 2013

  1. 1. Mobility in the Federal Government – What’s Next? July 9, 2013
  2. 2. 2 Federal Digital Government Strategy (DGS) Milestones of Interest DGS Milestone 9.1 Use Cases and Top Challenges DoD, DHS, DOJ, and NIST Mobility Efforts Moving Forward Agenda
  3. 3. 3 Milestones of Interest  Information Centric  MS 1.2 Open Data web-based availability  MS 2.1 and 2.2 High Value Data web based availability  Shared Platform  MS 3.3 BYOD  MS 3.6 Shared Mobile Application Development  MS 4.2 Development and delivery of digital services  MS 5.1 Wireless Federal Strategic Sourcing Initiative (FSSI)  MS 5.2 Enterprise-wide inventory (CMDs and Contracts)  MS 5.3 Analysis of enterprise contract vehicles  MS 5.4 Delivery of mobile apps  MS 5.5 Government-wide Mobile Device Management  Customer Centric  MS 6, 7 & 8 Customer focus & satisfaction  Security and Privacy  MS 9.1 Mobile Security Baseline and Mobile Security Architecture  MS 10.2 Accelerate mobile technology adoption  MS 10.3 Standard Approach to PII
  4. 4. Federal Mobile Security Baseline and Reference Architecture 4 DELIVERABLE Milestone 9.1 Federal Mobile Security Baseline DELIVERABLE Mobile Security Reference Architecture (Appendix: Mobile Computing Decision Framework)
  5. 5.  Government Mobile and Wireless Security Baseline – A use case driven security approach for four challenge areas identified in gap analysis of MS 10.2  Mobile Device Management (MDM) (COMPLETED, based on NIST SP 800-53 rev4 and DoD MDM SRG) Mobile Application Management (MAM) (COMPLETED, based on NIST SP 800-53 rev4 and DoD MDM SRG)  Identity and Access Management (Notional)  Data Sharing Standards (Notional)  Mobile Security Reference Architecture (COMPLETED)  Will be developed into a service level architecture by September  Mobile Computing Decision Framework (COMPLETED) Federal Digital Government Strategy Milestone 9.1 5
  6. 6. 6 Use Cases and Top Challenges
  7. 7.  DoD Mobile Device Strategy, 8 Jun 2012  DoD CMD Implementation Plan, 15 Feb 2013  Mobility Inventory Memo, 15 Mar 2013  CMD Pilot Consolidation Memo, 21 Mar 2013  Mobility BCA Memo, 15 Apr 2013  Mobility STIGs (iOS, Android, BB), May 2013  DMCC devices provisioned, May 2013  DISA MDM/MAS RFP awarded, 27 Jun 2013  NIAP Mobile Protection Profiles, CY 2013, Q3 Key DoD Mobility Efforts 7
  8. 8. Guidance Documents  NIST FIPS 201-1: Personal Identity Verification (PIV) of Federal Employees and Contractors  NIST FIPS 201-2 (DRAFT): Personal Identity Verification (PIV) of Federal Employees and Contractors  NIST SP 800-46 R2 (DRAFT TBD): Guide to Enterprise Telework, Remote Access, and BYOD Security*  NIST SP 800-53 R4: Security and Privacy Controls for Federal Information Systems and Organizations  NIST SP 800-73-4, Part 1 (DRAFT): PIV Card Application Namespace, Data Model and Representation  NIST SP 800-73-4, Part 2 (DRAFT): PIV Card Application Card Command Interface  NIST SP 800-73-4, Part 3 (DRAFT): PIV Client Application Programming Interface  NIST SP 800-114 R1 (DRAFT TBD): User's Guide to Telework and Bring Your Own Device (BYOD) Security*  NIST SP 800-124 R1: Guidelines for Managing and Securing Mobile Devices in the Enterprise  NIST SP 800-157 (DRAFT TBD): Guidelines for Personal Identity Verification (PIV) Derived Credentials*  NIST SP 800-163 (DRAFT TBD): Guidelines for Testing and Vetting Mobile Apps  NIST SP 800-164 (DRAFT): Guidelines on Hardware-Rooted Security in Mobile Devices Key NIST Mobility Efforts 8 Additional Efforts – Collaboration with DARPA on the TransApp Program – Collaboration with NSA on the Enduring Security Framework (ESF) * Taken from csrc.nist.gov/documents/nist-mobile-security-report.pdf
  9. 9. Key DHS Mobility Efforts 9  DHS Mobility Strategy (DRAFT)  DHS Mobility Implementation Plan (DRAFT)  Mobile Pilot(s) Consolidation Memos (DRAFT)  WorkPlace as a Service (WPaaS)  Mobile Container solution, APR 2013  Mobile Application Vetting Platform (CarWash)  Initial Proof of Concept, MAR 2013  DHS Enterprise Wireless Contract  Awarded APR 2013  Information Resource Management Strategic Plan (DRAFT)  FED Initiatives  DGS  Changed the way we look at delivery of IT services and data  DHS Initiatives  WorkPlace Transformation  Changing Business Model  Maintain Federal Relationships  Application Lifecycle Management (ALM)  From concept to O&M  Code Standards, Sharing, Testing Standards, Drive Tool development, Distribution Models, Context at the Presentation Accomplishments
  10. 10. FOCUS: DHS Mobility Efforts 10  Data Standards  Structure, Tagging, Labeling, Temporal value  Remove Context  Aggregation Issues  Authentication and Authorization  Form Factor Issue, Device, App, or Network Level?  Legacy infrastructure  Mission Partners  Application Services  Move to data layer protection  What to do in the interim?  Progression of the trust level…  Infrastructure  Concept of Internet as transport  Capability to support increased communications
  11. 11.  Mobility Strategy  Partnerships with other Departments/Agencies  App Development Strategy  Pilot of New Handheld Devices  Tablet Pilots  Standard Tablets  Hybrids  BYOD Pilot Key DoJ Mobility Efforts 11
  12. 12.  Building on the Digital Government Strategy Mobility Milestones  Mobile Identity Management  Mobile Application Development and Vetting  Federal Mobility Solutions Architecture Moving Forward 12
  13. 13.  Federal CIO Council Committees  New Innovation Committee  Information Security and Identity Management Committee (ISIMC)  CIO Council will help coordinate Interagency efforts, including involvement with OMB, GSA, and NIST  Federal Digital Government Strategy  Continue to build on Baseline and Reference Architecture (Milestone 9.1), as well as on other completed Milestones  Partnered with NSA for security  GSA: future contracts for Mobile Device Manager, mobile devices and Airtime/Data Plans  Mobile Applications Reciprocity across Agencies  Expedite Mobile Security Approvals  Collaborative Technology Exploration and Standards Development Building on the Digital Government Strategy Mobility Milestones 13
  14. 14.  Current Capabilities  Bluetooth CAC Reader / Dongle  CAC Sleeve (Case)  Primary Candidates (2013-2014)  Near-Field Communications (NFC)  Hardware Security Modules (HSM)  microSD Cards / Sleeve  Trust Platform Modules (TPM)  Derived Credentials (NIST SP 800-157)  Secondary Candidates (> 2014)  Universal Integrated Circuit Card (UICC)  Out-of-Band One Time Pad (OTP) Tokens (App or Cellular SMS-based)  Emerging Technologies (>2014)  Environment-aware heuristics  Cloud based Biometrics (facial/voice/fingerprint/iris recognition) Mobile Identity Management 14
  15. 15.  DHS – Mobile Application Continuous Integration Orchestration Platform and Mobile CoE, aka “CarWash”  NIST/DARPA – TransApp Program (NIST SP800-163 DRAFT Coming Soon)  DoD  Software Assurance in Defense Acquisition Guidance  DISA Mobility PMO – Mobile Applications Security Requirements Guide (SRG)  NSA Information Assurance Directorate (IAD) Center for Assured Software (CAS)  GSA Mobile PMO and Digital Services Innovation Center – Mobile Application Development Program Mobile Application Development and Vetting 15
  16. 16.  Builds on the Federal Mobility Reference Architecture  Building on Department/Agency (D/A) Use Cases  Utilizing information gathered from D/As during development of DGS Milestone 10.2 (Mobility Barriers/Opportunities/Gaps) Federal Mobility Solutions Architecture 16
  17. 17.  Programs/Opportunities  GSA FSSI Wireless: Wireless Federal Strategic Sourcing Initiative BPAs  GSA Mobility Management Solutions: potential MDM/MAM solutions sources  DGS Milestone 3.6: GSA Mobile Application Development Program  U.S. Government APIs: API Developer Resources  NSA CSfC Program: Commercial Solutions for Classified Program  DISA BAA 12-01: Mobile Device Common-Access-Card-Enabled Virtual Thin Client  Working Groups  ICAM Subcommittee (ICAMSC) Working Groups: various [e.g., CNSS IdAM WG, Logical Access WG]  DoD Commercial Mobile Device Working Group (CMDWG) – Next meeting 19 Sept 2013  DoD PKE Mobility TIM –next meeting tentatively Dec 2013  References  HSPD-12: Policy for a Common Identification Standard for Federal Employees and Contractors  OMB M-11-11: Continued Implementation of HSPD 12  DTM 08-006: DoD Implementation of Homeland Security Presidential Directive - 12 (HSPD-12)  NIAP CC Protection Profiles (PP): various [e.g., Mobile OS, VoIP Apps, WLAN]  DISA SRGs: various [e.g., MDM, Mobile Policy, Mobile App, Mobile OS] More Information 17

×