Samsung Galaxy and Apple iPhone

A breakdown of DOD security controls for iOS and Android

In recently released Security Technical Implementation Guides of two more mobile operating systems, the Defense Information Systems Agency lays out requirements for the secure use of the devices on DOD networks.

More Info

In announcing the latest Security Technical Implementation Guides for mobile devices, DISA called them a "major stride in building a multi-vendor environment." They are part of an initiative to get the latest technology into the hands of soldiers, sailors and airmen more quickly. Read more.

Android:

The Samsung Knox platform provides Application Programming Interfaces for use by third-party vendors to develop tools to enable security controls required by the Samsung Knox Android STIG. APIs include:

  • The Mobile Device Management API includes more than 500 policies and 1100 interfaces to be called by any MDM agent. A vendor can implement an MDM solution that can meet or exceed requirements. Vendors implementing MDM API include Mobile Iron, AirWatch, SOTI, and Fixmo.
  • The Integrity Services Layer (ISL) provides an interface that allows third party vendors to implement an Integrity Services Agent (ISA) to communicate with the on-device MDM agent. The agent provides on-device scanning for integrity failures and reports results to the MDM server. Solutions implementing the ISL include Fixmo ISA.
  • The MDM API includes VPN policies and interfaces to allow an administrator to configure third-party IPSec VPN solutions implementing the MDM interfaces. This enables the device to connect to DoD networks using a FIPS 140-2 validated cryptographic module to protect data in transit. Solutions that implement the MDM interface include Mocana KeyVPN and Inside Secure VPN.
  • The Smart Card API provides an interface that allows third party vendors to implement smart card reader functionality, enabling Samsung Knox Android to support the DOD Common Access Card for PKI, including user authentication, S/MIME digital signatures, and device unlock. Solutions that implement this interface include the Biometrics Associates Bluetooth Smart Card Reader.

Apple iOS 6:

Third party products are specified to provide:

  • Mobile Device Management for DOD network access control and management of the security policy on mobile devices.
  • Mobile Application Management for the management of DOD approved applications on mobile devices.
  • Mobile Device Integrity Scanning for integrity validation of mobile devices.
  • Mobile Email Management for management of DOD email on mobile devices and providing an interface between the email server and the mobile system.
  • Security Container to provide FIPS 140-2 validated encryption of sensitive data, usually included as a feature of the MDM or MAM agent.
  • Browser must be installed inside a security container.
  • CAC reader and middleware.

 

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above