Part D: Security and Privacy Other Information:
The information maintained by the Federal Government needs to be secured regardless of how data is stored, processed, or transmitted.
As information and devices become increasingly mobile, we must ensure confidentiality, integrity, and availability by building
security into digital government services. As the government moves to an information-centric and mobility-enabled digital
environment, existing security, privacy, and data protections and cyber security priorities—including Trusted Internet Connection
(TICs), continuous monitoring, and strong authentication consistent with NSTIC and Federal Identity Credential and Access
Management (ICAM) requirements—must be considered throughout the entire life cycle of existing and emerging technologies as
part of agencies’ overall organizational risk management. They must also be updated to reflect the realities of a rapidly
changing technology landscape. Mobile devices have unique security challenges. Due to their portability, they are easy to
misplace, potentially compromising any unencrypted sensitive data or applications stored locally. Wireless connectivity allows
users to bypass an agency’s secure TIC and connect directly to the Internet and other untrusted resources. These problems
are not new, as the introduction of laptops into the workforce led to security and data breaches as employees took their electronic
devices mobile. However, the new class of smaller, lighter smartphones and media tablets has elevated exposure to this risk.
The rate of change of mobile operating systems, new update and notification capabilities from external hardware and software
vendors, diversity of the devices themselves, and introduction of employee-owned devices (BYOD) also make security in the
mobile space more challenging than in a traditional desktop environment and require new approaches to continuously monitor
and manage devices and secure the data itself. The challenge extends beyond the workforce and into the delivery of services
to external customers. When deploying applications and other mobile technologies to interact with citizens and businesses,
the Federal Government will need to foster trust, accountability, and transparency about how user information is collected,
used, shared, and secured, without unduly burdening the robust development of such technologies or the user experience.
Objective(s):
|
