Mar 16 2015

How Will FITARA Affect Federal Mobility?

The Justice Department began adopting provisions of the IT legislation to improve mobile investments — even before it passed Congress.

One of the expected benefits of the Federal Information Technology Acquisition Reform Act (FITARA), which Congress passed in December, is that agencies will have better visibility into their IT costs and greater traction in adopting common solutions that boost efficiencies.

In many instances agencies have already started identifying common IT solutions through initiatives such as PortfolioStat (a tool aimed at improving the efficiency and effectiveness of information technology in federal agencies), but department CIOs now have codified authorities to review and approve agency IT contracts and oversee IT spending departmentwide.

One area of federal IT that is ripe for this level of oversight: mobility.

“The mobility nut has yet to be cracked…, but we are making progress on that,” said Jon Johnson, program manager for enterprise mobility programs at the General Services Administration, addressing participants at last month’s Federal Mobile Computing Summit in Washington, D.C. Some agencies don’t have a good grasp of what devices and data plans they have and how they are used, he explained. Most agencies are defaulting to unlimited plans because they don’t know what they have.

At the Justice Department, CIO Joseph Klimavicz began adopting provisions of FITARA to better manage the department’s mobility investments — even before the legislation passed Congress. The goals are to gain better visibility into costs, embrace common mobility solutions and achieve common efficiencies throughout DOJ, Rick Holgate, assistant director for science and technology and CIO at the Bureau of Alcohol, Tobacco, Firearms & Explosives (ATF), told conference attendees.

The Justice Department is moving to adopt a common infrastructure for mobile device management (MDM), Holgate said. ATF is using a solution from AirWatch, which was acquired by VMware last year. The FBI and the Executive Office for United States Attorneys are also using AirWatch solutions, but not all users have the same version of the mobility management solution. DOJ is also investigating MaaS360 to determine the most effective solution and how to go about acquiring it, Holgate said.

While Klimavicz will have contract oversight, as required by FITARA, the expectation is not that he approve every IT contract of any size, Holgate explained.

“We have to figure out how to implement that in a practical way,” Holgate said about FITARA.

Mobile Security vs. User Functionality

ATF alone has roughly 4,000 Apple iOS devices, which include mostly smarpthones and a few hundred tablets. The bureau upgraded from 4S devices to iPhone 6 as part of a technology refresh and to take advantage of Apple’s Touch ID technology, which allows users to log on to the phone using their fingerprint.

The bureau worked with DOJ to get validation that Touch ID was an acceptable level of security and could function as a surrogate for using complex passwords on a mobile device. Users get only three tries to use their fingerprint to access the device. If unsuccessful, after that they must enter their complex password to log on to the phone.

Touch ID, “gave us the flexibility to give them security and convenience at the same time,” Holgate said. But some applications, such as Microsoft’s SharePoint, still require users to enter a username and password because they’re accessible to users only through their phone’s web browser.

ATF wants to move mobile users off a Windows interface to a mobile interface and modernize legacy applications to make them mobile friendly.

“We have legacy desktop applications that are wedded to [the] traditional interface that’s not mobile friendly,” Holgate said. “We need to break that paradigm.”


Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.