Security Processes Accelerate Adoption of Commercial Devices
From a Defense Information Systems Agency News Release
FORT MEADE, Md., May 9, 2013 Approval last week of security technical implementation guides for BlackBerry and Samsung Knox devices means that Defense Department organizations will be able to use those devices in conjunction with a secure enterprise mobility environment.
The May 2 release of the Defense Information Systems Agency’s Samsung Knox STIG provisionally allows DOD to use the latest technology as soon as it is available commercially. Officials also released STIGs for the BlackBerry 10, Blackberry Playbook and Blackberry Device Service. The STIGs allow use of accepted devices as part of approved mobility pilots with actively defended mobile device management systems, DISA officials said.
The Samsung Knox STIG represents a paradigm shift in DISA's business processes that dramatically increased the efficiency of bringing new devices into the DOD enterprise, officials added. DISA field security operations developed the Samsung Knox STIG ahead of its commercial release, they noted, highlighting how close partnerships between government and industry are delivering the latest enterprise technology to meet department needs.
A key component of the secure mobility environment is the mobile device management system that provides enforcement of the STIG settings, as well as other key security functions. Achieving DOD security objectives requires both the device security, defined in the STIG, as well as active defense provided through the mobile device management system, which DISA will implement through a contract award in early summer.
The DOD Commercial Mobile Device Implementation Plan, released in February, led to the new process and served as the basis for establishing the list of approved devices. The plan tasked DISA to develop a new process for approving mobile devices "to ensure that DOD will have access to the latest mobile technologies in a timely manner by maximizing vendor participation."
"DISA established a process where vendors develop STIGs following DOD security requirements guides and submit documentation and evidence for DISA's validation," said Terry Sherald, chief of DISA’s information assurance standards branch. "We are excited to continue working with other commercial mobile device providers to support a diverse, competitive multivendor environment."