The Army agrees with the recently released DOD Inspector General report that found two Army organizations did not follow policies for tracking and configuring commercial mobile devices using the Android, Apple iOS, and Windows operating systems between October 2010 and May 2012.
Both the U.S. Military Academy and the U.S. Army Engineer Research and Development Center moved immediately to remedy the issues and revised their administrative controls.
“This year, the Army has published additional policies that help ensure oversight of all IT equipment, security and spending, to include commercial mobile devices,” said Lt. Gen. Susan Lawrence, the Army Chief Information Officer/G-6 (CIO/G-6). For example, no IT equipment — including commercial mobile devices, or CMDs — can be purchased without approval through the Army CIO/G-6 process.
The Army published new requirements to enforce information assurance, or IA, and cybersecurity, and improve commander accountability, Feb. 1. Commanders must assess their IA posture and weaknesses via Army assessment tools, and develop a plan of action within five months. During a planned Army-wide IA/Cybersecurity awareness week this fall, commanders will train and teach their program to all in their command.
The Army continues to move forward with DOD to put in place systems allowing visibility and management of all CMDs and applications that connect to the DOD and Army network, said Lawrence.
As part of the Army’s mobile solutions strategy, CMDs will be managed by Defense Information Systems Agency, or DISA, enterprise services, to include governance and the capability to wipe or remove a device from the environment. Initial operating capability for DISA enterprise services is expected by October 2013 with full operating capability by the end of FY14.
Since April 2012, the Army has been teaming with DISA and the National Security Agency as part of DISA’s mobility pilot. The pilot is well underway, with more than 500 mobile devices issued to the Army. The DOD goal is to provide a secure, device-agnostic, CAC-enabled mobile capability that will include government-furnished devices as well as commercial bring-your-own-device solutions.
The Army continues to work with the DOD IG to respond to the IG’s March 26 recommendations.