Security requirements, mutual communication, and lessons learned are key topics in the secret mobility arena for the Defense Information Systems Agency (DISA) and the National Security Agency (NSA).
DISA provides National Information Assurance Program (NIAP) — approved devices as part of the DoD Mobile Classified Capability-Secret (DMCC-S) mobility enterprise service. DMCC-S devices allow flexible and secure communications for mission partners around the world.
A secure capability in the field requires more than getting a product through the NIAP and Commercial Solutions for Classified (CSfC) processes, said DISA’s Kim Rice, portfolio manager for the DoD Mobility Program Office, at the ATARC Federal Mobile Computing Summit, held in the District of Columbia April 6.
“Making sure products and devices are interoperable is critical in today’s world of global engagement, and having that capability already built in is key,” she said.
From the presidential level all the way down to the basic DMCC-device, the program office must ensure every user can operate in a secure environment. However, experts agree there is a cost to contend with when increasing capabilities.
“We continue to make progress in reducing time and cost for evaluation, while maintaining the necessary level of security. At the same time, we want to take advantage of innovation, but we need help from industry in making sure that it’s gone through the processes,” said Jeffrey Blank, a technical director within NSA's Information Assurance Directorate at the same event. “Capturing requirements in protection profiles is key because it allows us to speak with a unified voice, which industry values above all else.”
In addition to balancing cost and capabilities, the discussion included ensuring interoperability.
“Our biggest take away from the success we’ve had with our DMCC-S, is that we cannot, at the government level, automatically take an approved device and put it out into the field for use,” said Rice. “Devices and users must be able to talk back to all of the secure systems used by not only the U.S. federal government and DoD, but also our coalition partners. With coalition partner support, DISA is currently in the position of balancing risk with operational need.”
On the horizon, Rice acknowledges the need for DISA to explore slightly different business models and management systems when it comes to coalition partner support because of interoperability considerations.
“We will continue to improve the offerings we have so we can support almost the same levels and users,” said Rice.