Speaker Presention by Adam Porter of the University of Maryland | December 17...Tim Harvey
More Related Content
Similar to Mobility in the Federal Government -- What's Next? | Kevin Cox, Mark Norton & Robert Palmer | Federal Mobile Computing Summit | July 9, 2013
Similar to Mobility in the Federal Government -- What's Next? | Kevin Cox, Mark Norton & Robert Palmer | Federal Mobile Computing Summit | July 9, 2013 (20)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mobility in the Federal Government -- What's Next? | Kevin Cox, Mark Norton & Robert Palmer | Federal Mobile Computing Summit | July 9, 2013
1. Mobility in the Federal Government –
What’s Next?
July 9, 2013
2. 2
Federal Digital Government Strategy (DGS) Milestones of Interest
DGS Milestone 9.1
Use Cases and Top Challenges
DoD, DHS, DOJ, and NIST Mobility Efforts
Moving Forward
Agenda
3. 3
Milestones of Interest
Information Centric
MS 1.2 Open Data web-based availability
MS 2.1 and 2.2 High Value Data web based availability
Shared Platform
MS 3.3 BYOD
MS 3.6 Shared Mobile Application Development
MS 4.2 Development and delivery of digital services
MS 5.1 Wireless Federal Strategic Sourcing Initiative (FSSI)
MS 5.2 Enterprise-wide inventory (CMDs and Contracts)
MS 5.3 Analysis of enterprise contract vehicles
MS 5.4 Delivery of mobile apps
MS 5.5 Government-wide Mobile Device Management
Customer Centric
MS 6, 7 & 8 Customer focus & satisfaction
Security and Privacy
MS 9.1 Mobile Security Baseline and Mobile Security Architecture
MS 10.2 Accelerate mobile technology adoption
MS 10.3 Standard Approach to PII
4. Federal Mobile Security Baseline and
Reference Architecture
4
DELIVERABLE
Milestone 9.1 Federal Mobile
Security Baseline
DELIVERABLE
Mobile Security Reference
Architecture (Appendix: Mobile
Computing Decision Framework)
5. Government Mobile and Wireless Security Baseline – A use case driven
security approach for four challenge areas identified in gap analysis of MS
10.2
Mobile Device Management (MDM) (COMPLETED, based on NIST SP
800-53 rev4 and DoD MDM SRG)
Mobile Application Management (MAM) (COMPLETED, based on NIST SP
800-53 rev4 and DoD MDM SRG)
Identity and Access Management (Notional)
Data Sharing Standards (Notional)
Mobile Security Reference Architecture (COMPLETED)
Will be developed into a service level architecture by September
Mobile Computing Decision Framework (COMPLETED)
Federal Digital Government Strategy
Milestone 9.1
5
7. DoD Mobile Device Strategy, 8 Jun 2012
DoD CMD Implementation Plan, 15 Feb 2013
Mobility Inventory Memo, 15 Mar 2013
CMD Pilot Consolidation Memo, 21 Mar 2013
Mobility BCA Memo, 15 Apr 2013
Mobility STIGs (iOS, Android, BB), May 2013
DMCC devices provisioned, May 2013
DISA MDM/MAS RFP awarded, 27 Jun 2013
NIAP Mobile Protection Profiles, CY 2013, Q3
Key DoD Mobility Efforts
7
8. Guidance Documents
NIST FIPS 201-1: Personal Identity Verification (PIV) of Federal Employees and Contractors
NIST FIPS 201-2 (DRAFT): Personal Identity Verification (PIV) of Federal Employees and Contractors
NIST SP 800-46 R2 (DRAFT TBD): Guide to Enterprise Telework, Remote Access, and BYOD Security*
NIST SP 800-53 R4: Security and Privacy Controls for Federal Information Systems and Organizations
NIST SP 800-73-4, Part 1 (DRAFT): PIV Card Application Namespace, Data Model and Representation
NIST SP 800-73-4, Part 2 (DRAFT): PIV Card Application Card Command Interface
NIST SP 800-73-4, Part 3 (DRAFT): PIV Client Application Programming Interface
NIST SP 800-114 R1 (DRAFT TBD): User's Guide to Telework and Bring Your Own Device (BYOD) Security*
NIST SP 800-124 R1: Guidelines for Managing and Securing Mobile Devices in the Enterprise
NIST SP 800-157 (DRAFT TBD): Guidelines for Personal Identity Verification (PIV) Derived Credentials*
NIST SP 800-163 (DRAFT TBD): Guidelines for Testing and Vetting Mobile Apps
NIST SP 800-164 (DRAFT): Guidelines on Hardware-Rooted Security in Mobile Devices
Key NIST Mobility Efforts
8
Additional Efforts
– Collaboration with DARPA on the TransApp Program
– Collaboration with NSA on the Enduring Security Framework (ESF)
* Taken from csrc.nist.gov/documents/nist-mobile-security-report.pdf
9. Key DHS Mobility Efforts
9
DHS Mobility Strategy (DRAFT)
DHS Mobility Implementation Plan
(DRAFT)
Mobile Pilot(s) Consolidation Memos
(DRAFT)
WorkPlace as a Service (WPaaS)
Mobile Container solution,
APR 2013
Mobile Application Vetting Platform
(CarWash)
Initial Proof of Concept, MAR
2013
DHS Enterprise Wireless Contract
Awarded APR 2013
Information Resource Management
Strategic Plan (DRAFT)
FED Initiatives
DGS
Changed the way we look at delivery of IT
services and data
DHS Initiatives
WorkPlace Transformation
Changing Business Model
Maintain Federal Relationships
Application Lifecycle Management (ALM)
From concept to O&M
Code Standards, Sharing, Testing Standards,
Drive Tool development, Distribution
Models, Context at the Presentation
Accomplishments
10. FOCUS: DHS Mobility Efforts
10
Data Standards
Structure, Tagging, Labeling, Temporal value
Remove Context
Aggregation Issues
Authentication and Authorization
Form Factor Issue, Device, App, or Network Level?
Legacy infrastructure
Mission Partners
Application Services
Move to data layer protection
What to do in the interim?
Progression of the trust level…
Infrastructure
Concept of Internet as transport
Capability to support increased communications
11. Mobility Strategy
Partnerships with other Departments/Agencies
App Development Strategy
Pilot of New Handheld Devices
Tablet Pilots
Standard Tablets
Hybrids
BYOD Pilot
Key DoJ Mobility Efforts
11
12. Building on the Digital Government Strategy Mobility Milestones
Mobile Identity Management
Mobile Application Development and Vetting
Federal Mobility Solutions Architecture
Moving Forward
12
13. Federal CIO Council Committees
New Innovation Committee
Information Security and Identity Management Committee (ISIMC)
CIO Council will help coordinate Interagency efforts, including involvement
with OMB, GSA, and NIST
Federal Digital Government Strategy
Continue to build on Baseline and Reference Architecture (Milestone
9.1), as well as on other completed Milestones
Partnered with NSA for security
GSA: future contracts for Mobile Device Manager, mobile devices and
Airtime/Data Plans
Mobile Applications Reciprocity across Agencies
Expedite Mobile Security Approvals
Collaborative Technology Exploration and Standards Development
Building on the Digital Government
Strategy Mobility Milestones
13
15. DHS – Mobile Application Continuous Integration Orchestration Platform and
Mobile CoE, aka “CarWash”
NIST/DARPA – TransApp Program (NIST SP800-163 DRAFT Coming Soon)
DoD
Software Assurance in Defense Acquisition Guidance
DISA Mobility PMO – Mobile Applications Security Requirements Guide
(SRG)
NSA Information Assurance Directorate (IAD) Center for Assured Software
(CAS)
GSA Mobile PMO and Digital Services Innovation Center – Mobile Application
Development Program
Mobile Application Development and
Vetting
15
16. Builds on the Federal Mobility Reference Architecture
Building on Department/Agency (D/A) Use Cases
Utilizing information gathered from D/As during development of
DGS Milestone 10.2 (Mobility Barriers/Opportunities/Gaps)
Federal Mobility Solutions
Architecture
16
17. Programs/Opportunities
GSA FSSI Wireless: Wireless Federal Strategic Sourcing Initiative BPAs
GSA Mobility Management Solutions: potential MDM/MAM solutions sources
DGS Milestone 3.6: GSA Mobile Application Development Program
U.S. Government APIs: API Developer Resources
NSA CSfC Program: Commercial Solutions for Classified Program
DISA BAA 12-01: Mobile Device Common-Access-Card-Enabled Virtual Thin Client
Working Groups
ICAM Subcommittee (ICAMSC) Working Groups: various [e.g., CNSS IdAM WG, Logical Access
WG]
DoD Commercial Mobile Device Working Group (CMDWG) – Next meeting 19 Sept 2013
DoD PKE Mobility TIM –next meeting tentatively Dec 2013
References
HSPD-12: Policy for a Common Identification Standard for Federal Employees and Contractors
OMB M-11-11: Continued Implementation of HSPD 12
DTM 08-006: DoD Implementation of Homeland Security Presidential Directive - 12 (HSPD-12)
NIAP CC Protection Profiles (PP): various [e.g., Mobile OS, VoIP Apps, WLAN]
DISA SRGs: various [e.g., MDM, Mobile Policy, Mobile App, Mobile OS]
More Information
17