The Department of the Navy has long been pursuing a secure solution to meet the demand from users to use government-issued mobile devices for personal use. The stumbling block has always been the requirement to securely separate government and personal data, per DoDD 8100.02, Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense (DoD) Global Information Grid (GIG).
Recognizing the mobility advantage to users, the Deputy Chief of Naval Operations for Information Dominance (OPNAV N2/N6) Vice Adm. Ted N. Branch issued NAVADMIN 092/15, Stipulations for Using for Using Navy Mobile Devices (Smart Phone/Tablets), April 21.
“Mobility is transforming how the Navy operates, connects, and supports our personnel and the fleet. To meet this growing demand the Naval Enterprise Networks (NEN) program office (PMW-205) has implemented a mobile solution to meet operational needs while complying with architectural and security requirements to protect the Navy enterprise,” Branch wrote.
The new mobile solution for devices will use a Good Technology container to securely segregate official data from personal data, thereby providing users the ability to perform government work and personal activities securely and effectively on the same device per U.S. Navy policies on acceptable use of government IT, Branch wrote.
Mobile device configuration, security settings, and policy enforcement will be managed using Good Technology mobile device management software and equipment installed on the Navy Marine Corps Intranet (NMCI).
This new service initially supports iPhone 5s/6 running iOS 8. Android and newer iPhone/iOS versions will be supported as they are released and certified for operation on the NMCI network. Information, processes, and user guides/acknowledgement are available at https://www.homeport.navy.mil/services/mobile/.
The improved service will be available to users who are approved by their local command and can be ordered as a standard wireless device update through the command's contract technical representative (CTR) or the command’s wireless account manager. Existing BlackBerry capabilities will continue to be supported until end of life or full transition to iOS and Android devices per NAVADMIN 092/15.
DON Chief Information Officer Memorandum 01-09, Information Assurance Policy for Platform Information Technology, of 30 January 2009, requires the following stipulations:
-- Use of personally-owned devices is not authorized.
-- Program Manager (PM) shall enable TouchID, ensuring it is only used to access the native (non-secure) persona of the device. The additional password requirement to access the Good Technology container minimizes the risk of unauthorized access to Defense Department information. Further, on devices without TouchID the PM shall retain the passcode minimum of four alphanumeric characters to authenticate to the native (non-secure) persona of the device.
-- Access to the Good Container will be controlled via a minimum eight-character passcode containing alpha/numeric and special characters.
-- Commands and users are responsible for adhering to all applicable physical security requirements for portable electronic devices in command spaces.
-- The camera will be turned on by default, with the option to have it turned off per individual or as directed at the command level. Cameras on government-furnished equipment devices will be subject to wireless security restrictions imposed by the facility in which the device is being operated.
-- Cellular/PCS and/or other RF or Infrared (IR) wireless devices shall not be allowed into an area where classified information is discussed or processed without written approval from the Designated Approving Authority (DAA) in consultation with the Cognizant Security Authority (CSA) Certified TEMPEST Technical Authority.
-- Non-work applications may be installed only outside the Good Container and may only be acquired from the iTunes or Google app stores. Users are responsible for all charges and installations of personally desired applications and data installed on the non-secure portion of the device.
DoD Instruction 8520.02 requires all Department of Defense information systems, including networks and email, be enabled to use DoD-issued public key infrastructure certificates to support authentication, access control, confidentiality, data integrity, and non-repudiation.
DON users shall digitally sign all email messages with attachments, active content, or which require either message integrity or non-repudiation verification. Email messages containing sensitive information shall be encrypted. Transmission of email (i.e., create, forward, reply, and reply all) that should be either signed or encrypted without applying digital signature or encryption is prohibited, regardless of technical limitations of the desktop or handheld device being used.
NAVADMIN 092/15 contains a complete list of reference documents.
Additional capabilities will be released on the NMCI Homeport at https://www.homeport.navy.mil/services/mobile/ when they become available.