recommended reading

iPhones and iPads Poised to Win Key Pentagon Security Nod Next Week

Flickr user smemon

Apple, within days, is set to finish clearing two safety hurdles that had kept the iPhone and iPad out of fingers’ way in the Defense Department and some civilian agencies.

The Pentagon is expected to approve a Defensewide guide on Tuesday for the secure use of iPhone 4s, iPad2, iPad Mini, and later devices based on the company's iOS operating system. And, already, on Friday, the National Institute of Standards and Technology announced the iPhone and iPad have earned a long sought-after governmentwide encryption certification.

A spokeswoman for the Defense Information Systems Agency, which evaluates military mobile security guidelines, told Nextgov that according to Mark Orndorff, DISA's chief information assurance executive and program executive officer for mission assurance and NetOps, "The decision is now internal to DISA for approval, and is expected to take place in the next week.”

The Defense Department will require that iOS devices first synch with a "mobile device management" system that centrally configures controls before troops can use the handhelds for work. Currently, many of Apple’s gadgets are undergoing trial runs throughout the military. 

A DISA working group that vets the so-called Security Technical Implementation Guides, or STIGs, for technology hooked up to Defense networks meets the second Tuesday of every month and is anticipated to give iOS the nod on May 14. 

"When the STIG is approved, the next step before users can connect iOS devices on DoD networks is establishing the mobile device management system, which is anticipated for award in early summer," said the DISA spokeswoman, Alana Casanova. 

Last week, Defense sanctioned the new BlackBerry 10 smartphones and BlackBerry PlayBook tablets, as well as Samsung's Android Knox, for use on military networks. The security approvals do not mean products have been ordered, contrary to some media reports, Pentagon officials said.

The military is in the midst of shifting Defensewide communications to mobile devices with various brand names and operating systems, including BlackBerry’s handhelds

The Canadian company has dominated the federal cellphone market for years, largely because BlackBerrys can be remotely programmed and locked down. But agencies now want to accommodate employees, particularly younger employees, accustomed to the productivity and flexibility of their personal consumer devices. 

Defense officials in March said they expect to manage about 100,000 mobile devices of multiple makes and models by February 2014. Right now, military personnel are using or testing 600,000 commercial devices, including 470,000 BlackBerrys; 41,000 iOS electronics; and 8,700 Google Android systems. 

Governmentwide, iOS 6.0 devices now meet NIST's Federal Information Processing Standard, or FIPS 140-2, for basic security, including data encryption and message authentication.  

All federal departments are required to use FIPS accredited technology for encrypting sensitive data. But some agencies, including Immigration and Customs Enforcement and the National Oceanic and Atmospheric Administration, are able to use Apple mobile devices by installing software that layers on the mandatory protections. 

(Image via Flickr user smemon)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.