or Connect
AppleInsider › Forums › Mobile › iPhone › Pentagon officially grants security clearance to Apple's iPhone and iPad
New Posts  All Forums:Forum Nav:

Pentagon officially grants security clearance to Apple's iPhone and iPad

post #1 of 22
Thread Starter 
The U.S. Department of Defense announced on Friday that it has officially approved Apple devices running iOS 6 or later to access its secure government networks.

In a statement released by the Defense Department, the U.S. government confirmed that iPhones and iPads running Apple's latest mobile operating system are now cleared for use on its networks. The approval, which was expected, is part of a military plan to allow employees the flexibility to use commercial products on secure government networks.

istuff


The Pentagon signaled last week that approval of Apple devices was imminent. The authorization comes two weeks after Samsung Galaxy and BlackBerry 10 handsets were given the OK by the military.

Previously, the Department of Defense was reliant on legacy BlackBerry devices. Under the new rules, employees will be able to utilize the latest Apple devices, along with Samsung Knox-compatible units, and BlackBerry handsets running the company's new platform.

Apple devices have already been used in some areas of the government, but Pentagon certification will allow for their use in more secure areas.
post #2 of 22
Good news, AAPL will drop again now.

I still want to know how these places allow a PC with Microsoft OS inside if they care that much. But, hey it's still good news.
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
Google Motto "You're not the customer. You're the product."
Reply
From Apple ][ - to new Mac Pro I've used them all.
Long on AAPL so biased
Google Motto "You're not the customer. You're the product."
Reply
post #3 of 22
Just a formality.
post #4 of 22
Quote:
Originally Posted by digitalclips View Post

Good news, AAPL will drop again now.

I still want to know how these places allow a PC with Microsoft OS inside if they care that much. But, hey it's still good news.

 

Samsung got it first so Apple is doomed¡

post #5 of 22
Quote:
Originally Posted by digitalclips View Post

Good news, AAPL will drop again now.

I still want to know how these places allow a PC with Microsoft OS inside if they care that much. But, hey it's still good news.

the military would ground to a halt without powerpoint

 

the classified PC's are only allowed on classified networks. and computers on the normal network are not allowed on classified networks 

post #6 of 22
Here is the original press release from Defense Information Systems Agency.

Apple iOS 6 has had interim approval since January.
post #7 of 22
Quote:
Originally Posted by digitalclips View Post

Good news, AAPL will drop again now.

I still want to know how these places allow a PC with Microsoft OS inside if they care that much. But, hey it's still good news.

It is possible to harden Microsoft Windows to provide a very secure environment. Unfortunately, the ubiquity of Microsoft has created a ubiquity of Microsoft Certified IT Professionals. The larger population of IT professionals focused on Microsoft provides a larger pool of inadequate IT professionals.

Microsoft has security issues but if you follow many of the same rules recommended for OS X then the system can be secure:
  • Remove Adobe Acrobat
  • Remove Java
  • Remove Adobe Flash
  • etc.


One major advantage for the Department of Defense is that individuals who access sensitive information are well trained and far more conscientious in regards to sensitive information than the average person is with their computer.
Edited by MacBook Pro - 5/17/13 at 8:12am
post #8 of 22
Quote:
Originally Posted by MacBook Pro View Post


It is possible to harden Microsoft Windows to provide a very secure environment. Unfortunately, the ubiquity of Microsoft has created a ubiquity of Microsoft Certified IT Professionals. The larger population of IT professionals focused on Microsoft provides a larger pool of inadequate IT professionals.

Microsoft has security issues but if you follow many of the same rules recommended for OS X then the system can be secure:
  • Remove Adobe Acrobat
  • Remove Java
  • Remove Adobe Flash
  • etc.

 

Unfortunately, most of the programs the military use on both unclassified and classified networks are specifically written in Java, utilize Flash, and have documents with Acrobat.
~TN1~
Reply
~TN1~
Reply
post #9 of 22
Quote:
Originally Posted by TrustNoOne00 View Post

Unfortunately, most of the programs the military use on both unclassified and classified networks are specifically written in Java, utilize Flash, and have documents with Acrobat.

Reference?
post #10 of 22
Quote:
Originally Posted by lkrupp View Post

 

Samsung got it first so Apple is doomed¡

http://appleinsider.com/articles/13/03/04/samsung-adds-security-layer-to-android-to-gain-enterprise-credibility

 

Actually, we shouldn't be talking about Samsung getting approval at all. We should say Centrify's sandboxed additions to the Galaxy-only version of Android was approved. The difference is anything running iOS was approved. The same can't be said for anything running on Android or Samsung.

 

The interesting thing about the iOS approval is DoD only needed FIPS approval for the CoreCrypto Kernel Module before announcing the ability to operate iOS devices on DoD networks. 

post #11 of 22
Quote:
Originally Posted by TrustNoOne00 View Post

 

Unfortunately, most of the programs the military use on both unclassified and classified networks are specifically written in Java, utilize Flash, and have documents with Acrobat.

I can absolutely vouch for the accuracy of this statement.

post #12 of 22

Quote:
Originally Posted by TrustNoOne00 View Post

 

Unfortunately, most of the programs the military use on both unclassified and classified networks are specifically written in Java, utilize Flash, and have documents with Acrobat.

 

Quote:
Originally Posted by MacBook Pro View Post


Reference?

 

Speaking as a government sub-contractor, I would agree that the government uses Java and Flash a lot. The Acrobat issue isn't a problem since iOS includes a pdf reader. There are many specialized applications that are written in Java, which isn't the problem. The Java browser issue is the problem. As for Flash, I hate all the stupid web-based Flash sites I have had to deal with. Almost all of them are training material, which could easily be done a different way (or thrown in the trash). Adobe does have extra capabilities with Acrobat the Preview doesn't do but again, there are other ways to replace this functionality. The use of Java is the biggest problem because it's supposed to run on multiple platforms, which cuts down on development time. Of course, this doesn't always work correctly, especially on Macs.

 

Last I heard, classified use of mobile devices was limited to Blackberry systems because of the Blackberry servers. iOS and Centrify/Knox-Samsung mobile devices are for unclassified networks only.

post #13 of 22

I think the problems of security with JAVA and Flash are going to cause DOD to migrate away from these frameworks, but pdf I suspect is here to stay.  So I suspect this will not be a major obstacle.  The biggest challenge for Android is continuous Forking and updating of the devices.  The biggest challenge for Apple will be developers who like to poke into the OS using the Apple walled garden.

post #14 of 22
Quote:
Originally Posted by al_bundy View Post

the military would ground to a halt without powerpoint

 

the classified PC's are only allowed on classified networks. and computers on the normal network are not allowed on classified networks 

 

But a low level soldier with a thumb drive was able to get around that...

post #15 of 22
Quote:
Originally Posted by boriscleto View Post

 

But a low level soldier with a thumb drive was able to get around that...

If the classified computers were configured to government regulations, a thumb drive would not be readable or writable without admin privileges. That should keep the low level soldier from doing these things but not a low level soldier with admin privileges. Of course, there's always times when regulations are thrown out the window allowing anyone with physical access to do what's needed for the situation they're in.

post #16 of 22
Quote:
Originally Posted by boriscleto View Post

 

But a low level soldier with a thumb drive was able to get around that...

He was using a laptop which was improperly configured for a secure network, ie, it had a functional CD-burner.

 

Cheers

post #17 of 22
Quote:
Originally Posted by rob53 View Post

http://appleinsider.com/articles/13/03/04/samsung-adds-security-layer-to-android-to-gain-enterprise-credibility

 

Actually, we shouldn't be talking about Samsung getting approval at all. We should say Centrify's sandboxed additions to the Galaxy-only version of Android was approved. The difference is anything running iOS was approved. The same can't be said for anything running on Android or Samsung.

 

The interesting thing about the iOS approval is DoD only needed FIPS approval for the CoreCrypto Kernel Module before announcing the ability to operate iOS devices on DoD networks. 

I agree, however in all this chatter don't overlook that ONLY Apple is allowed to sell tablets to the government... no other company's tablet is listed and that includes Microsoft. 

 

Now, if you want to use iPads in your Federal department, would you rather have Samscum phones that do not sync with your iPads, or an iPhone which will???

"That (the) world is moving so quickly that iOS is already amongst the older mobile operating systems in active development today." — The Verge
Reply
"That (the) world is moving so quickly that iOS is already amongst the older mobile operating systems in active development today." — The Verge
Reply
post #18 of 22
Quote:
Originally Posted by boriscleto View Post

 

But a low level soldier with a thumb drive was able to get around that...

Quote:
Originally Posted by rob53 View Post

If the classified computers were configured to government regulations, a thumb drive would not be readable or writable without admin privileges. That should keep the low level soldier from doing these things but not a low level soldier with admin privileges. Of course, there's always times when regulations are thrown out the window allowing anyone with physical access to do what's needed for the situation they're in.

Quote:
Originally Posted by minicapt View Post

He was using a laptop which was improperly configured for a secure network, ie, it had a functional CD-burner.

 

Cheers

 

...AND he could get all the access he wanted because all the secure computers in his area had their passwords written on sticky notes attached to the monitors.

"That (the) world is moving so quickly that iOS is already amongst the older mobile operating systems in active development today." — The Verge
Reply
"That (the) world is moving so quickly that iOS is already amongst the older mobile operating systems in active development today." — The Verge
Reply
post #19 of 22
Quote:
Originally Posted by Macky the Macky View Post

I agree, however in all this chatter don't overlook that ONLY Apple is allowed to sell tablets to the government... no other company's tablet is listed and that includes Microsoft. 

 

Now, if you want to use iPads in your Federal department, would you rather have Samscum phones that do not sync with your iPads, or an iPhone which will???

The Windows 7 STIG has been out since April 2010 and includes this wording in the title: "Windows 7 STIG - Applies to any installation of Windows 7, including tablet computers".  You can see this at: http://iase.disa.mil/stigs/a-z.html.

post #20 of 22
Quote:
Originally Posted by runbuh View Post

The Windows 7 STIG has been out since April 2010 and includes this wording in the title: "Windows 7 STIG - Applies to any installation of Windows 7, including tablet computers".  You can see this at: http://iase.disa.mil/stigs/a-z.html.

 

From all the articles relating to the federal government purchase, Windows in any form, are not acceptable on phones or tablet purchases. So, my previous comments are based on that starting premise. Finally, Windows 7 on phones turned out to be a dead-end product combo with no upgrade path to Windows 8. 

 

Uncle Fester and the gang were totally shut out of phone and tablet sales for the current contract and may not get invited again until 6 years from now. 

"That (the) world is moving so quickly that iOS is already amongst the older mobile operating systems in active development today." — The Verge
Reply
"That (the) world is moving so quickly that iOS is already amongst the older mobile operating systems in active development today." — The Verge
Reply
post #21 of 22
Quote:
Originally Posted by Macky the Macky View Post

 

From all the articles relating to the federal government purchase, Windows in any form, are not acceptable on phones or tablet purchases. So, my previous comments are based on that starting premise. Finally, Windows 7 on phones turned out to be a dead-end product combo with no upgrade path to Windows 8. 

 

Uncle Fester and the gang were totally shut out of phone and tablet sales for the current contract and may not get invited again until 6 years from now. 

Pardon my misunderstanding, but you made the statement that "ONLY Apple is allowed to sell tablets to the government... no other company's tablet is listed and that includes Microsoft."  That statement, standing on it's own, is patently false.

 

The contract to which you are referring may provide a vehicle for procuring iOS devices, but that is only one contract.  There are many many many contracts for procuring IT hardware in the federal government and nothing preventing an agency from procuring and using a Windows tablet.  Comply with the Buy American Act, follow the STIG, make sure your DAR and DIM are compliant, test your config, and you're good to go.  

 

The Windows 8 STIG is here: http://iase.disa.mil/stigs/os/windows/win8.html

Note that there is no STIG for Windows RT, yet, so regular Surface tablets would need a waiver to be allowed on a DoD network (and who in their right mind would want to go through the trouble of a waiver for a Surface????).  However, Surface Pro tablets would be covered under the Windows 8 STIG, and the STIG has specific items to address for tablets.  For example:

 

Group Title: WN08-CC-000035
Severity: CAT III
Group ID (Vulid): WN08-CC-000035 Rule ID: WN08-CC-000035_rule Rule Version (STIG-ID): WN08-CC-000035
Rule Title: Errors in handwriting recognition on tablet PCs must not be reported to Microsoft.
Vulnerability Discussion: 
Some features may communicate with the vendor, sending system information or downloading data or components for the feature. Turning off this capability will prevent potentially sensitive information from being sent outside the enterprise and uncontrolled updates to the system.This setting prevents errors in handwriting recognition on tablet PCs from being reported to Microsoft.
Check Content: 
If the following registry value does not exist or is not configured as specified, this is a finding:Registry Hive: HKEY_LOCAL_MACHINESubkey: \Software\Policies\Microsoft\Windows\HandwritingErrorReports\Value Name: PreventHandwritingErrorReportsType: REG_DWORDValue: 1

Fix Text: 
Configure the policy value for Computer Configuration -> Administrative Templates -> System -> Internet Communication Management -> Internet Communication settings -> “Turn off handwriting recognition error reporting” to “Enabled”.

post #22 of 22
Quote:
Originally Posted by Macky the Macky View Post

Uncle Fester and the gang were totally shut out of phone and tablet sales for the current contract and may not get invited again until 6 years from now. 

Here is but one example: GSA Contract GS-35F-0483X doesn't expire until 2016 and can be used by any US Federal Agency to buy Windows 7 and Windows 8 Tablets made by HP, Lenovo, Samsung, Sony, Acer, Asus, Toshiba:

https://www.gsaadvantage.gov/advantage/s/search.do?q=0:2GS-35F-0483X&q=1:4ADV.TEC.432115.09*&searchType=1&db=0&nc=30

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
  • Pentagon officially grants security clearance to Apple's iPhone and iPad
AppleInsider › Forums › Mobile › iPhone › Pentagon officially grants security clearance to Apple's iPhone and iPad