Securing the Federal Mobility Ecosystem

The COVID-19 pandemic heightened the need for federal agencies to secure and monitor government-issued devices as vast numbers of employees shifted to remote work. Before that, however, threats to the public sector mobility landscape were already on the rise. While the benefits of mobile devices are many, so are its security risks.

Hence, a sector of the federal government’s interagency team on the matter, the Federal Mobility Group (FMG), issued a new document in September titled, An Overview of the Mobile Security Ecosystem. The publication is produced by a working group under the FMG, the Federal Mobility Metrics Working Group (FMMG), in conjunction with the Advanced Technology Academic Research Center (A-TARC).

“This paper describes the security features of the mobile security management ecosystem (tools, technologies, products, and services) and aims to provide initial guidance that facilitates agencies’ development of enterprise-wide mobile security strategy and policy, including a program for mobile Government Furnished Equipment (GFE),” according to the issued document.

The target audience for the paper are IT and cybersecurity decision makers instituting mobile management, security, and privacy protection programs.

The premise of the paper identifies four pillars of a mobile management ecosystem and their respective security capabilities. This set of components, the paper argues, is ideal in providing a strong and secure mobile atmosphere:

Early intervention and control capabilities for mobile devices that deploys a scenario with these four pillars will require a mature mobile device program. The paper acknowledges that this approach may not be for federal departments that have autonomous and/or de-centralized operating models yet encourages agencies, to the extent possible, to deploy such tools and solutions to protect mobile devices and their users.

In addition to this paper, the interagency group is focused in other aspects of federal mobile security. In August, the team published the International Travel Guidance for Government-Furnished Mobile Devices draft report, which outlines risks and best practices for smartphones and tablets abroad. The document is open for public comment through December.

The mobile threat attack surface will continue to expand, exemplified by the COVID-19 pandemic. Accordingly, the FMG will focus on improving overall cybersecurity and governance for federal mobile device programs, with plans to update FISMA mobility metrics and accomplish a derived-PIV policy and playbook.