Directive Issued on Use of Mobile Devices in Secure Workspaces

The Committee on National Security Systems has issued minimum standards for departments and agencies regarding use of mobile devices in secure spaces, adding that they may also add protections of their own.

The committee, an inter-agency body consisting of representatives from DoD and other agencies involved in security issues, said that while mobile devices such as cellphones offer the potential for “increased productivity and mission flexibility,” their presence in secure spaces “may pose risks to National Security Systems and the information contained therein” and that departments and agencies are to “take physical and technical security measures to mitigate these risks.”

The directive applies to use of government-issued devices; personal devices typically are banned outright in such spaces. An exception is that emergency personnel responding to a crisis within the restricted space will be allowed to bring in their devices–but they are to be escorted to the degree possible and are to be debriefed afterward, including a potential examination of their devices to ensure they do not contain classified information.

In general, use of a mobile device in such space must be justified based on mission need prior to approval and introduction into such space, for reasons such as command, control, and communication, counterintelligence, cover, testing, training, research, and development activities.

Also, a “cognizant security authority” must be named to decide on what devices and practices may be allowed, including a determination of potential vulnerabilities of the device; the sensitivity of the information stored there; the potential impact to facility’s vulnerability to technical attack; and more.