recommended reading

Why Some Agencies Want a One-Size-Fits-All Policy for Mobile Devices


Various national security agencies would like the White House to provide guidance on how to handle mobile devices in the workplace. Employees are clamoring to use their personal smartphones and managers fear falling behind the technological curve.

Currently, there is no governmentwide policy on mobile device security.

Each agency has its own rules for bring-your-own-device programs, with varying levels of oversight. For work-issued smartphones and tablets, there are a hodgepodge of guidelines.

Gregory Youst, the chief technology officer and chief mobility engineer at the Defense Information Systems Agency, said the White House's Federal Chief Information Officers Council should develop one federal-level security policy so smartphones and tablets can be assessed and deployed more quickly.  

"What is the actual government policy on BYOD?" Youst asked the National Institute for Standards and Technology's Information Security and Privacy Advisory Board on Oct. 22.

The board members couldn’t answer.

"If we have uniformity, then we can leverage across the board and be able to do a consolidated government enterprise vetting process" for mobile devices, he said.

Among the many risks of letting employees work on their own phones without proper controls is that they might inadvertently save data to unapproved storage spaces, such as iCloud or Dropbox.

The Defense Department has created its own policies and procedures for locking down mobile devices that connect to unclassified and classified networks. For example, just last week, Samsung’s Galaxy S5 was approved for classified use, under the National Security Agency's National Information Assurance Partnership program and placed on NSA's approved products list

Defense has mandated that all military smartphones and tablets meet the NIAP criteria.

"We have moved all our mobility requirements to NIAP," Youst said. "We’re using the same requirements for unclassified."

The Pentagon is almost finished with the latest NIAP policy – a mobile app security-requirements guide, he said.

In the civilian space, there are various broad cyber polices that pertain to mobile, including NIST security and privacy controls, annual rules for complying with the 2002 Federal Information Security Management Act and a Homeland Security Presidential Directive – known as HSPD-12 – requiring smartcards for accessing federal networks. 

But Youst pressed for a mobile-specific federal memo distinct from NIST guidelines and HSPD-12.

The most recent BYOD guidance is a two-year-old CIO Council toolkit that does not address cloud access.

On Monday, White House officials said they could not provide further information at this time on upcoming policy.

Officials pointed to the general cyber rules, 2012 BYOD guidance and NIST recommendations as what agencies should be using to ensure device purchases and security are up to par.

(Image via Georgejmclittle/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.