DISA’s Improved Security Processes Accelerate Adoption of Commercial Devices
Fort George G. Meade, Md. – DISA’s approval last week of Security Technical Implementation Guides (STIG) for Blackberry and Samsung Knox devices means that DOD organizations will be able to use those devices in conjunction with a secure enterprise mobility environment.
The release of DISA’s Samsung Knox STIG, May 2, provisionally allows the DOD to use the latest technology as soon as it is available commercially. STIGs for the currently available Blackberry 10, Blackberry Playbook, and Blackberry Device Service were also issued. The STIGs allow use of accepted devices as part of approved mobility pilots with actively defended Mobile Device Management (MDM) systems.
The Samsung Knox STIG represents a paradigm shift in DISA’s business processes that dramatically increased the efficiency of bringing new devices into the DOD enterprise. Defense Information Systems Agency (DISA) Field Security Operations (FSO) developed the Samsung Knox STIG ahead of its commercial release, highlighting how close partnerships between government and industry are delivering the latest enterprise technology to meet department needs.
A key component of the secure mobility environment is the MDM system that provides the essential enforcement of the STIG settings as well as other key security functions. Achieving DOD security objectives requires both the device security, defined in the STIG, as well as active defense provided through the MDM. DISA will implement the MDM system through a contract award in early summer.
The cornerstone leading to this new process and basis for establishing the list of approved mobile devices to operate within the enterprise is the DOD Commercial Mobile Device Implementation Plan, released in February. In the plan, DISA was tasked to develop a new process for approving mobile devices "to ensure that DOD will have access to the latest mobile technologies in a timely manner by maximizing vendor participation."
“DISA established a process where vendors develop STIGs following DOD Security Requirements Guides and submit documentation and evidence for DISA's validation,” said Terry Sherald, chief, Information Assurance Standards Branch. “We are excited to continue working with other commercial mobile device providers to support a diverse competitive multi-vendor environment.”
Posted May 9, 2013