ATARC Document Library
DHS Study on Mobile Device Security
Released in May 2017, the DHS Study on Mobile Device Security found that the threats to the Federal government’s use of mobile devices — smartphones and tablet computers running mobile operating systems — exist across all elements of the mobile ecosystem. DHS led the study in coordination with the National Institute of Standards and Technology and its National Cybersecurity Center of Excellence and submitted the report to Congress with a series of recommendations to enhance Federal government mobile device security.
Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Released in May 2017, this Presidential Executive Order holds heads of executive departments and agencies (agency heads) accountable for managing cybersecurity risk to their enterprises and manages cybersecurity risk at an executive branch enterprise.
Mobile Services Category Team (MSCT) Mobile Services Roadmap
Released on November 21, 2016 by the Mobile Services Category Team (MSCT), the Mobile Services Roadmap defines the next generation strategy of government-wide mobile acquisition and includes a discussion on using a category management strategy to increase efficiency in mobile acquisition and management as outlined in OMB Category Management Policy 16-3:
MITRE ATT&CK: Adversarial Tactics, Techniques & Common Knowledge
Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) is a model and framework for describing the actions an adversary may take while operating within an enterprise network.
DHS Mobile Application Playbook
Released in April 2016, the DHS Mobile Application Playbook (MAP) is a critical tool to utilize during the entire lifecycle of a mobile application. The Playbook informs readers of the process for developing and managing applications that run on smartphones and other mobile devices from the initial concept to design, development, testing, deployment, and ongoing maintenance and operations. The MAP also addresses the challenges of mobile application development and deployment within the Federal Government, and provides solutions and processes that benefit CIOs, Business Owners, and Developers.
ATARC Next Generation Federal Mobile Strategy
ATARC believes a Next Generation Federal Mobility Strategy is a necessary requirement in the ever-changing mobile landscape and that a collaborative effort between government and private industry will provide the proper perspective as Federal government leverages mobile technology to improve its efficiency and operations, and better engage and serve the citizens of the United States of America.
ATARC Federal Big Data Strategy
ATARC believes a successful Federal Big Data Strategy requires an overall vision of data and analytics in the Federal government, as well as a definition of the big data ecosystem and its key topic areas. Using feedback from government and industry, ATARC has started the process of identifying potential topic areas within the big data ecosystem.
Digital Government Strategy
Released as a Presidential Memorandum in 2012, the Digital Government Strategy aims to build a 21st century government that works better for the American people. The DGS sets out to accomplish three things:
- Enable the American people and an increasingly mobile workforce to access high-quality digital government information and services anywhere, anytime, on any device.
- Ensure that as the government adjusts to this new digital world, we seize the opportunity to procure and manage devices, applications, and data in smart, secure and affordable ways.
- Unlock the power of government data to spur innovation across our Nation and improve the quality of services for the American people.
NISTIR 8144 (Draft) | September 12, 2016
Assessing Threats to Mobile Devices & Infrastructure: Mobile Threat Catalogue (Download .pdf)
NISTIR 8080 | July 2016
Usability and Security Considerations for Public Safety Mobile Authentication (Download .pdf)
SP 800-114 Revision 1 | July 2016
User’s Guide to Telework and Bring Your Own Device (BYOD) Security (Download .pdf)
SP 800-46 Revision 2 | July 2016
Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security (Download .pdf)
NISTIR 8136 (Draft) | June 1, 2016
Mobile Application Vetting Services for Public Safety: an Informal Survey (Download .pdf)
SP 1800-4 (Draft) | November 2, 2015
Mobile Device Security: Cloud and Hybrid Builds (NCCoE project page)
SP 1800-1 (Draft) | July 28, 2015
Securing Electronic Health Records on Mobile Devices (NCCoE project page)
The following White Papers were produced by the MITRE Corporation in conjunction with the Advanced Technology Academic Research Center via collaboration and brainstorming sessions conducted as a part of the ATARC Federal IT Summit Series.
MITRE-ATARC Mobile Collaboration Symposium, October 4, 2016
Key topics: Identity and Access Management; Mobile Deployment; Mobile Healthcare; Mobile Innovation; Mobile Technology
MITRE-ATARC Mobile Collaboration Symposium, April 6, 2016
Key topics: Mobile DevOps; Continuous Mobile Integration; Mobile App Vetting; Secure Components of Mobility; Legacy Government Applications; Citizen Engagement; Mobile Technology in Healthcare
MITRE-ATARC Mobile Collaboration Symposium, August 12, 2015
Key topics: Access Control Systems; Legacy Mobile Applications; Mobility Pilots; Personal Identity Verification
MITRE-ATARC Mobile Collaboration Symposium, February 18, 2015
Key topics: Access Management; Bring Your Own Device (BYOD); Commercial Solutions for Classified Use (CSfC); Derived Credentials; Identity Management
MITRE-ATARC Mobile Collaboration Symposium, August 19, 2014
Key topics: Acquisition Best Practices; Contextually-Aware Devices; Internet of Things (IoT); Legal Best Practices; Mobile Application Development (MAD); Mobile Device Management (MDM); Mobile Integration; Wearables
MITRE-ATARC Mobile Collaboration Symposium, March 5, 2014
Key topics: Cyber Intelligence; Mobile Application Protection Mechanisms; Mobile Application Attack Patterns; Mobile Application Threats; Mobile Application Vetting
MITRE-ATARC Mobile Collaboration Symposium, July 8, 2013
Key topics: Acquisition Challenges; Contextually Aware Mobile Applications; Mobile Cyber Strategy; Identity, Credentialing & Access Management (ICAM)
MITRE-ATARC Cloud Collaboration Symposium, February 16, 2017
Key topics: Cloud & Data Center Migration; Cloud in Healthcare; Cloud Roadmap; Disconnected and Tactical Environments; Securing Data in the Cloud; Service Level Agreements
MITRE-ATARC Cloud Collaboration Symposium, July 26, 2016
Key topics: APIs; Cloud Category Management; Cloud in Healthcare; Cost Savings; DevOps; Mobile & IoT Devices; Secure Cloud Access; Workload Management
MITRE-ATARC Cloud Collaboration Symposium, January 13, 2016
Key topics: Cloud Adoption; Cloud Architecture; Cloud Migration; Cloud O&M; Future Clouds; Security and Privacy Management
MITRE-ATARC Cloud Collaboration Symposium, July 23, 2015
Key topics: Acquisition; Automation; Contracting; Data Interchange in Federated Cloud; DevOps; Integration Services; Migration Aids
MITRE-ATARC Cloud Collaboration Symposium, January 15, 2015
Key topics: Acquisition; Emerging Technologies; Government Cloud; Hybrid Cloud; Private Cloud; Public Cloud; Tiered Architectures
MITRE-ATARC Cloud Collaboration Symposium, July 8, 2014
Key topics: Austere Environments; Impact on Enterprise; Mobile Worker; Security as a Service (SaaS)
MITRE-ATARC Big Data Collaboration Symposium, December 13, 2016
Key topics: Autonomous Systems; Big Data as a Catalyst; Cyber Security; Mission Success; Health Data
MITRE-ATARC Big Data Collaboration Symposium, June 30, 2016
Key topics: Health Analytics; Health Data; Innovation; Internet of Things (IoT); Prescriptive Analytics; Privacy
MITRE-ATARC Big Data Collaboration Symposium, December 8, 2015
Key topics: Data Science; Governance; Integration; Management; Systems Architecture
MITRE-ATARC Big Data Collaboration Symposium, June 18, 2015
Key topics: Analytics; Cyber Defense; Internet of Things (IoT); Predictive Analysis
MITRE-ATARC Big Data Collaboration Symposium, June 19, 2014
Key topics: Analytics; Applications; Healthcare; Privacy Protection
MITRE-ATARC DevOps Collaboration Symposium, August 18, 2016
Key topics: Agile, DevOps, Culture Change, Expectations; Reality; SecDevOps
INTERNET OF THINGS
MITRE-ATARC Internet of Things Collaboration Symposium, November 10, 2015
Key topics: Architecture; Changing Dynamics; Data Analytics; Policy Making, Risk Management, Security
The following reports were produced by the Advanced Technology Academic Research Center during events that featured government, academia and private industry thought leaders collaborating on topics of interest to the Federal IT community.
Government agencies face numerous technical, cultural, and resource challenges in protecting sensitive information on federal and military networks. But some specific approaches and best practices offer promise, particularly as they concern change management and culture, skills shortfalls, and transitioning from reactive to proactive cybersecurity postures.
FUTURE OF FEDERAL NETWORKS
Daunting challenges confront federal agencies as they chart their journeys to more modern capabilities that will deliver the needed flexibility, agility, security and performance for current and future workloads. Finding success will require that agencies recognize the need to adopt new mindsets and approaches in how they view technology.