The Obama administration’s Digital Government Strategy is now a year old, and with it comes the task of putting words into action. On May 23rd, the government did just that with the release of standards for the strategy’s mobility deliverables that included the Federal Mobile Security Baseline (FMSB), Mobile Security Decision Framework (MSDF) and Mobile Security Reference Architecture (MSRA).
In a May 23 conference call, Federal CIO Steven VanRoekel told reporters, “The future for us really holds a future where mobile is the default computing platform. We’re not far from mobile being the default computing environment and the fact that we treat them differently is a disconnect.”
Government computing moving toward mobile as the default is supported by data from a May 2013 Market Connections-Fierce Government IT PulsePoll™, in which 82% of respondents said their mobile devices are critical to their jobs, and 81% said their mobile devices increase productivity. Additionally, Market Connections’ 2013 Federal Media and Marketing Study, released May 16, showed tablet usage in the government doubling from 31% to 60% in just one year.
Security is the utmost concern with mobile devices and the Federal Mobile Security Baseline (FMSB) sets a minimum set of security controls for mobile device use in federal agencies. The challenges with mobility are vast; thus, getting members of the Mobile Technology Tiger Team, which includes the Department of Homeland Security, Department of Defense, National Institute of Standards and Technology, Department of Justice and General Services Administration, on the same page was essential.
The Mobile Security Decision Framework (MSDF) puts the decision-making into the hands of each agency to effectively support their respective missions. In other words, it allows each agency to select the proper mobile solution to support their mission by dividing the process into four stages: mission requirements, decision balancing, risk-based tailoring and results.
The Mobile Security Reference Architecture (MSRA) was designed to implement secure mobile services across enterprise architecture platforms. The Federal CIO Council and DHS’ National Protection and Program Directorate Office of Cybersecurity and Communications Federal Network Resilience collaborated to produce this set of standards.
This “living, flexible” guide listed the following related to the MSRA:
- Components of a mobile computing reference architecture;
- Categories for users of a mobile computing architecture;
- Sample implementations of a mobile computing architecture;
- Management and security functions of a mobile computing architecture;
- A discussion of the threats to mobile computing devices and infrastructures, and potential mitigations for those threats;
- Information assurance controls that apply to the mobile infrastructure components, and their relation to NIST Special Publication 800-53 rev4;
- A set of considerations for High Risk environments; and
- A discussion of the policy considerations necessary for the secure adoption of a mobile solution.
Despite resources being thin, the government’s mission must move forward. The government’s decision to move forward with these three standards — FMSB, MSDF, MSRA – reinforces the Market Connections and Fierce Government IT poll findings that mobile solutions can increase government efficiency, enhance field work and add flexibility that enhances productivity.
Working with agencies to develop the right mobile and security solutions can present ongoing opportunities to serve government and increase productivity.