Report includes BYOD requirement, new solutions for identity
The White House Office of Management and Budget released a digital government strategy report, “Digital Government: Building a 21st Century Platform to Better Serve the American People.”
President Obama issued the directive to make services accessible from mobile devices and charged OMB with developing a strategy to build a 21st Century Digital Government that delivers better digital services. The report also paves the way for federal employees to bring your own device and calls for new solutions for identity, authentication and credential management.
The report calls for the creation of a Digital Services Advisory Group out of OMB that will include members from the Federal CIO Council, Federal Web Managers Council, and other agencies.
One area of focus for the group will be to identify and recommend changes to help close gaps in policy and standards. Specifically, the report mentions identity credentials and mobile devices. “As new technologies are introduced into the federal environment, policies governing identity and credential management may need to be revised to allow the introduction of new solutions that work better in a mobile world,” the strategy states.
Revisions to FIPS 201, the standard for federal employee identity credentials, are currently underway. The first draft was released more than a year ago but didn’t focus on mobile. Further revisions to include a strategy for using high-assurance credentials with mobile devices with another draft expected before the end of the year and a final specification about a year from now.
What, if any, impact this will have on the revisions to FIPS 201 is unknown. But the new OMB advisory group is supposed to issue a report in the next three-months on bring your own device to agencies. The report will be based on lessons learned from other agencies.
The report also details how the federal government “must pilot, document and rapidly scale new approaches to secure data and mobile technologies and address privacy concerns.”
New technologies should also be consistent with the National Strategy for Trusted Identities in Cyberspace and the Federal Identity, Credentialing Access Management requirements.
Identity is again mentioned when it comes to privacy and security. “Other opportunity areas include adopting advanced mobile device management solutions to support continuous monitoring, strengthening identity and access management and accepting externally-issued credentials on public-facing Web sites,” the report states.
The full report can be downloaded here.