DISA issues new guidance for secure, enterprise mobility

The Defense Information Systems Agency (DISA) has approved the Security Technical Implementation Guides (STIG) for Blackberry and Samsung Knox devices, which means that DOD organizations will be able to use those devices in conjunction with a secure enterprise mobility environment.

The release of DISA's Samsung Knox STIG, May 2, provisionally allows the DOD to use the latest technology as soon as it is available commercially. STIGs for the currently available Blackberry 10, Blackberry Playbook, and Blackberry Device Service were also issued. The STIGs allow use of accepted devices as part of approved mobility pilots with actively defended Mobile Device Management (MDM) systems.

“The Samsung Knox STIG represents a paradigm shift in DISA's business processes that dramatically increased the efficiency of bringing new devices into the DOD enterprise,” said DISA in a press statement, adding that DISA Field Security Operations developed the Samsung Knox STIG ahead of its commercial release.

According to DISA, a key component of the secure mobility environment is the MDM system that provides the essential enforcement of the STIG settings, as well as other key security functions. Achieving DOD security objectives requires both the device security, defined in the STIG, as well as active defense provided through the MDM. DISA will implement the MDM system through a contract award in early summer.

"DISA established a process where vendors develop STIGs following DOD Security Requirements Guides, and submit documentation and evidence for DISA's validation," said Terry Sherald, chief, Information Assurance Standards Branch, in the press statement.