Department of Justice (DOJ)
Challenge
With the use of consumer-oriented mobile technologies becoming more prevalent in enterprise environments and with their capabilities and use-cases greatly expanding, many of the over 50 Department of Justice (DOJ) Components and offices were starting to pilot and implement consumer mobile device solutions. However, Federal guidance on how to securely deploy many of these technologies was limited, if it existed at all. How would the Department ensure that mobile technologies were implemented securely and that sensitive data was protected across the Department? In order to prevent mass deployments of unsecure mobile solutions throughout the DOJ, the DOJ IT Security Staff (ITSS) needed to quickly develop Department wide requirements for the usage of mobile devices, analyze the security risks across multiple mobile device platforms, and provide secure implementation guidance for each approved mobile platform.
Solution
Veris Group solved the DOJ’s challenge by providing ITSS with a team of mobile security Subject Matter Experts (SMEs) who were able to quickly and efficiently meet the DOJ’s needs by identifying the necessary overarching security requirements, conducting the risk analysis, developing device implementation guidance, and assisting in architecting and implementing secure solutions. By reviewing and evaluating existing guidance from both public and private industry sources, the Veris Group team created a complete set of mobile device security requirements that became the mandate for all DOJ Components. Our technical expertise allowed us to quickly conduct in-depth risk analysis of major mobile platforms, such as Apple iOS, Google Android, and RIM Blackberry and create secure implementation guidance to mitigate any identified risks.
In addition to developing guidance, our team participated as a key player in architecting and implementing Mobile Device Management (MDM) solutions and designing back-end system integration for mobility pilots within the DOJ Justice Management Division (JMD) and the Federal Bureau of Investigation (FBI). Our mobile security SMEs evaluated specific Agency use-cases and capabilities of various MDM solutions and developed complete, secure and manageable mobility solutions that were compliant with relevant Federal requirements, including the DOJ requirements we defined, and that were able to meet the needs and demands of both senior management and the end user.
Results
Our efforts allowed the DOJ to clearly define the minimum security posture necessary when implementing mobile device solutions and ITSS was able to deliver guidance to all DOJ Components before any production rollouts occurred. The requirements we developed defined auditable criteria that allow mobile devices and their supporting systems to meet or exceed FISMA requirements. In addition, the secure implementation guidance we developed identified specific methods to meet DOJ’s requirements per major mobile device platform. This information has put DOJ on the forefront of Government mobile computing by developing requirements and guidance where it didn’t exist in the federal space before. Veris Group’s successful services led to an ongoing relationship with DOJ ITSS as they continue to rely on our team as the Department mobile device security SMEs.
