The Federal Mobile Computing Summit was held on July 9, 2013 in Washington, DC.

1. Mobility in the Federal Government –
What’s Next?
July 9, 2013

2. 2
Federal Digital Government Strategy (DGS) Milestones of Interest
DGS Milestone 9.1
Use Cases and Top Challenges
DoD, DHS, DOJ, and NIST Mobility Efforts
Moving Forward
Agenda

3. 3
Milestones of Interest
 Information Centric
 MS 1.2 Open Data web-based availability
 MS 2.1 and 2.2 High Value Data web based availability
 Shared Platform
 MS 3.3 BYOD
 MS 3.6 Shared Mobile Application Development
 MS 4.2 Development and delivery of digital services
 MS 5.1 Wireless Federal Strategic Sourcing Initiative (FSSI)
 MS 5.2 Enterprise-wide inventory (CMDs and Contracts)
 MS 5.3 Analysis of enterprise contract vehicles
 MS 5.4 Delivery of mobile apps
 MS 5.5 Government-wide Mobile Device Management
 Customer Centric
 MS 6, 7 & 8 Customer focus & satisfaction
 Security and Privacy
 MS 9.1 Mobile Security Baseline and Mobile Security Architecture
 MS 10.2 Accelerate mobile technology adoption
 MS 10.3 Standard Approach to PII

4. Federal Mobile Security Baseline and
Reference Architecture
4
DELIVERABLE
Milestone 9.1 Federal Mobile
Security Baseline
DELIVERABLE
Mobile Security Reference
Architecture (Appendix: Mobile
Computing Decision Framework)

5.  Government Mobile and Wireless Security Baseline – A use case driven
security approach for four challenge areas identified in gap analysis of MS
10.2
 Mobile Device Management (MDM) (COMPLETED, based on NIST SP
800-53 rev4 and DoD MDM SRG)
Mobile Application Management (MAM) (COMPLETED, based on NIST SP
800-53 rev4 and DoD MDM SRG)
 Identity and Access Management (Notional)
 Data Sharing Standards (Notional)
 Mobile Security Reference Architecture (COMPLETED)
 Will be developed into a service level architecture by September
 Mobile Computing Decision Framework (COMPLETED)
Federal Digital Government Strategy
Milestone 9.1
5

6. 6
Use Cases and Top Challenges

7.  DoD Mobile Device Strategy, 8 Jun 2012
 DoD CMD Implementation Plan, 15 Feb 2013
 Mobility Inventory Memo, 15 Mar 2013
 CMD Pilot Consolidation Memo, 21 Mar 2013
 Mobility BCA Memo, 15 Apr 2013
 Mobility STIGs (iOS, Android, BB), May 2013
 DMCC devices provisioned, May 2013
 DISA MDM/MAS RFP awarded, 27 Jun 2013
 NIAP Mobile Protection Profiles, CY 2013, Q3
Key DoD Mobility Efforts
7

8. Guidance Documents
 NIST FIPS 201-1: Personal Identity Verification (PIV) of Federal Employees and Contractors
 NIST FIPS 201-2 (DRAFT): Personal Identity Verification (PIV) of Federal Employees and Contractors
 NIST SP 800-46 R2 (DRAFT TBD): Guide to Enterprise Telework, Remote Access, and BYOD Security*
 NIST SP 800-53 R4: Security and Privacy Controls for Federal Information Systems and Organizations
 NIST SP 800-73-4, Part 1 (DRAFT): PIV Card Application Namespace, Data Model and Representation
 NIST SP 800-73-4, Part 2 (DRAFT): PIV Card Application Card Command Interface
 NIST SP 800-73-4, Part 3 (DRAFT): PIV Client Application Programming Interface
 NIST SP 800-114 R1 (DRAFT TBD): User's Guide to Telework and Bring Your Own Device (BYOD) Security*
 NIST SP 800-124 R1: Guidelines for Managing and Securing Mobile Devices in the Enterprise
 NIST SP 800-157 (DRAFT TBD): Guidelines for Personal Identity Verification (PIV) Derived Credentials*
 NIST SP 800-163 (DRAFT TBD): Guidelines for Testing and Vetting Mobile Apps
 NIST SP 800-164 (DRAFT): Guidelines on Hardware-Rooted Security in Mobile Devices
Key NIST Mobility Efforts
8
Additional Efforts
– Collaboration with DARPA on the TransApp Program
– Collaboration with NSA on the Enduring Security Framework (ESF)
* Taken from csrc.nist.gov/documents/nist-mobile-security-report.pdf

9. Key DHS Mobility Efforts
9
 DHS Mobility Strategy (DRAFT)
 DHS Mobility Implementation Plan
(DRAFT)
 Mobile Pilot(s) Consolidation Memos
(DRAFT)
 WorkPlace as a Service (WPaaS)
 Mobile Container solution,
APR 2013
 Mobile Application Vetting Platform
(CarWash)
 Initial Proof of Concept, MAR
2013
 DHS Enterprise Wireless Contract
 Awarded APR 2013
 Information Resource Management
Strategic Plan (DRAFT)
 FED Initiatives
 DGS
 Changed the way we look at delivery of IT
services and data
 DHS Initiatives
 WorkPlace Transformation
 Changing Business Model
 Maintain Federal Relationships
 Application Lifecycle Management (ALM)
 From concept to O&M
 Code Standards, Sharing, Testing Standards,
Drive Tool development, Distribution
Models, Context at the Presentation
Accomplishments

10. FOCUS: DHS Mobility Efforts
10
 Data Standards
 Structure, Tagging, Labeling, Temporal value
 Remove Context
 Aggregation Issues
 Authentication and Authorization
 Form Factor Issue, Device, App, or Network Level?
 Legacy infrastructure
 Mission Partners
 Application Services
 Move to data layer protection
 What to do in the interim?
 Progression of the trust level…
 Infrastructure
 Concept of Internet as transport
 Capability to support increased communications

11.  Mobility Strategy
 Partnerships with other Departments/Agencies
 App Development Strategy
 Pilot of New Handheld Devices
 Tablet Pilots
 Standard Tablets
 Hybrids
 BYOD Pilot
Key DoJ Mobility Efforts
11

12.  Building on the Digital Government Strategy Mobility Milestones
 Mobile Identity Management
 Mobile Application Development and Vetting
 Federal Mobility Solutions Architecture
Moving Forward
12

13.  Federal CIO Council Committees
 New Innovation Committee
 Information Security and Identity Management Committee (ISIMC)
 CIO Council will help coordinate Interagency efforts, including involvement
with OMB, GSA, and NIST
 Federal Digital Government Strategy
 Continue to build on Baseline and Reference Architecture (Milestone
9.1), as well as on other completed Milestones
 Partnered with NSA for security
 GSA: future contracts for Mobile Device Manager, mobile devices and
Airtime/Data Plans
 Mobile Applications Reciprocity across Agencies
 Expedite Mobile Security Approvals
 Collaborative Technology Exploration and Standards Development
Building on the Digital Government
Strategy Mobility Milestones
13

14.  Current Capabilities
 Bluetooth CAC Reader / Dongle
 CAC Sleeve (Case)
 Primary Candidates (2013-2014)
 Near-Field Communications (NFC)
 Hardware Security Modules (HSM)
 microSD Cards / Sleeve
 Trust Platform Modules (TPM)
 Derived Credentials (NIST SP 800-157)
 Secondary Candidates (> 2014)
 Universal Integrated Circuit Card (UICC)
 Out-of-Band One Time Pad (OTP) Tokens (App or Cellular SMS-based)
 Emerging Technologies (>2014)
 Environment-aware heuristics
 Cloud based Biometrics (facial/voice/fingerprint/iris recognition)
Mobile Identity Management
14

15.  DHS – Mobile Application Continuous Integration Orchestration Platform and
Mobile CoE, aka “CarWash”
 NIST/DARPA – TransApp Program (NIST SP800-163 DRAFT Coming Soon)
 DoD
 Software Assurance in Defense Acquisition Guidance
 DISA Mobility PMO – Mobile Applications Security Requirements Guide
(SRG)
 NSA Information Assurance Directorate (IAD) Center for Assured Software
(CAS)
 GSA Mobile PMO and Digital Services Innovation Center – Mobile Application
Development Program
Mobile Application Development and
Vetting
15

16.  Builds on the Federal Mobility Reference Architecture
 Building on Department/Agency (D/A) Use Cases
 Utilizing information gathered from D/As during development of
DGS Milestone 10.2 (Mobility Barriers/Opportunities/Gaps)
Federal Mobility Solutions
Architecture
16

17.  Programs/Opportunities
 GSA FSSI Wireless: Wireless Federal Strategic Sourcing Initiative BPAs
 GSA Mobility Management Solutions: potential MDM/MAM solutions sources
 DGS Milestone 3.6: GSA Mobile Application Development Program
 U.S. Government APIs: API Developer Resources
 NSA CSfC Program: Commercial Solutions for Classified Program
 DISA BAA 12-01: Mobile Device Common-Access-Card-Enabled Virtual Thin Client
 Working Groups
 ICAM Subcommittee (ICAMSC) Working Groups: various [e.g., CNSS IdAM WG, Logical Access
WG]
 DoD Commercial Mobile Device Working Group (CMDWG) – Next meeting 19 Sept 2013
 DoD PKE Mobility TIM –next meeting tentatively Dec 2013
 References
 HSPD-12: Policy for a Common Identification Standard for Federal Employees and Contractors
 OMB M-11-11: Continued Implementation of HSPD 12
 DTM 08-006: DoD Implementation of Homeland Security Presidential Directive - 12 (HSPD-12)
 NIAP CC Protection Profiles (PP): various [e.g., Mobile OS, VoIP Apps, WLAN]
 DISA SRGs: various [e.g., MDM, Mobile Policy, Mobile App, Mobile OS]
More Information
17