In a vote of confidence for Apple's iOS devices, the U.S. Defense Department has given the all-clear for employees to use iPads and iPhones for work. But only those running the latest operating system, iOS 6, and only if issued by the government.
The Pentagon previously approved the Samsung Knox and BlackBerry systems as secure enough for its employees, and made the decision after allowing some to use Apple devices during a trial period.
In announcing the decision, the Defense Information Systems Agency said it had approved the Security Technical Implementation Guide (STIG) for iOS 6, allowing government-issued mobile devices to be approved for connecting to DoD networks "within current mobility pilots or the future mobile device management framework. "
Pilot Program In Place
Employees won't be able to use devices they acquired on their own, however.
DISA is the agency responsible for a Mobile Device Management (MDM) system, which is in source selection now and expected to have a contract awarded in early summer, the statement said. That protocol will manage and distribute mobile applications and fend off persistent cyberattacks that have been targeting private and government computers in search of secrets.
"All of these pieces must be in place to allow the secure use of commercial mobile devices on department networks," said Mark Orndorff, program executive officer for Mission Assurance and NetOps, and chief information assurance executive at DISA, in the statement. "DISA is running a pilot program today where we bring this all together."
Chester Wisniewski, a senior cybersecurity analyst at Sophos International, said approving STIGs is a common procedure for nearly any type of technology or operating system. "Everything that is in use must have a STIG defining how it is to be deployed, which options must be enabled/disabled, etc.," he said. "While it is certainly a good thing for Apple, I imagine there are or will be STIGs for Android Ice Cream Sandwich (4.2) and others. There are already STIGs for Blackberry and Samsung."
Samsung's Knox is a mobile solution that "addresses mobile security needs of enterprise IT without invading the privacy of its employees," the company says on its Web site.
In 2010, the Army announced it was looking at issuing STIGs for iOS and other devices, including Android, for personal use by its personnel. (continued...)