The federal mobility group, a community of practice under the federal CIO Council, has urged federal agencies to stay on top of the security risks of use of agency-managed mobile devices.
Because of their small size and their features such as mobile apps, location services, numerous wireless network interfaces and their availability for use outside the organization’s secured environment, phones and tablets “need periodic scrutiny to ensure your agency’s mission security is safeguarded,” says a posting on cio.gov.
As part of the council’s cybersecurity month program, the group said that ongoing initiatives include assessing the potential threat, issuing guidance on telework security, and advising agencies on techniques for identity and credential management.
It also recommended that agencies follow National Institute of Standards and Technology guidance to secure mobile technologies, which recommends steps including that agencies: conduct a threat analysis of mobile devices and any backend information systems accessed by mobile devices; employ enterprise mobile security technologies; fully secure all organization-issued mobile devices before allowing users to access the organization’s backend systems or information; and keep mobile operating systems and apps updated.
The posting follows recent IG reports raising concerns about security of devices at agencies including the EPA and Bureau of Prisons, as well as concerns about wireless networks at the IRS and Interior Department.