recommended reading

Why Some Agencies Want a One-Size-Fits-All Policy for Mobile Devices


Various national security agencies would like the White House to provide guidance on how to handle mobile devices in the workplace. Employees are clamoring to use their personal smartphones and managers fear falling behind the technological curve.

Currently, there is no governmentwide policy on mobile device security.

Each agency has its own rules for bring-your-own-device programs, with varying levels of oversight. For work-issued smartphones and tablets, there are a hodgepodge of guidelines.

Gregory Youst, the chief technology officer and chief mobility engineer at the Defense Information Systems Agency, said the White House's Federal Chief Information Officers Council should develop one federal-level security policy so smartphones and tablets can be assessed and deployed more quickly.  

"What is the actual government policy on BYOD?" Youst asked the National Institute for Standards and Technology's Information Security and Privacy Advisory Board on Oct. 22.

The board members couldn’t answer.

"If we have uniformity, then we can leverage across the board and be able to do a consolidated government enterprise vetting process" for mobile devices, he said.

Among the many risks of letting employees work on their own phones without proper controls is that they might inadvertently save data to unapproved storage spaces, such as iCloud or Dropbox.

The Defense Department has created its own policies and procedures for locking down mobile devices that connect to unclassified and classified networks. For example, just last week, Samsung’s Galaxy S5 was approved for classified use, under the National Security Agency's National Information Assurance Partnership program and placed on NSA's approved products list

Defense has mandated that all military smartphones and tablets meet the NIAP criteria.

"We have moved all our mobility requirements to NIAP," Youst said. "We’re using the same requirements for unclassified."

The Pentagon is almost finished with the latest NIAP policy – a mobile app security-requirements guide, he said.

In the civilian space, there are various broad cyber polices that pertain to mobile, including NIST security and privacy controls, annual rules for complying with the 2002 Federal Information Security Management Act and a Homeland Security Presidential Directive – known as HSPD-12 – requiring smartcards for accessing federal networks. 

But Youst pressed for a mobile-specific federal memo distinct from NIST guidelines and HSPD-12.

The most recent BYOD guidance is a two-year-old CIO Council toolkit that does not address cloud access.

On Monday, White House officials said they could not provide further information at this time on upcoming policy.

Officials pointed to the general cyber rules, 2012 BYOD guidance and NIST recommendations as what agencies should be using to ensure device purchases and security are up to par.

(Image via Georgejmclittle/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.