Pentagon officially grants security clearance to Apple's iPhone and iPad

Posted:
in iPhone edited January 2014
The U.S. Department of Defense announced on Friday that it has officially approved Apple devices running iOS 6 or later to access its secure government networks.

In a statement released by the Defense Department, the U.S. government confirmed that iPhones and iPads running Apple's latest mobile operating system are now cleared for use on its networks. The approval, which was expected, is part of a military plan to allow employees the flexibility to use commercial products on secure government networks.

istuff


The Pentagon signaled last week that approval of Apple devices was imminent. The authorization comes two weeks after Samsung Galaxy and BlackBerry 10 handsets were given the OK by the military.

Previously, the Department of Defense was reliant on legacy BlackBerry devices. Under the new rules, employees will be able to utilize the latest Apple devices, along with Samsung Knox-compatible units, and BlackBerry handsets running the company's new platform.

Apple devices have already been used in some areas of the government, but Pentagon certification will allow for their use in more secure areas.
«1

Comments

  • Reply 1 of 21
    MacProMacPro Posts: 19,718member
    Good news, AAPL will drop again now.

    I still want to know how these places allow a PC with Microsoft OS inside if they care that much. But, hey it's still good news.
  • Reply 2 of 21
    rcoleman1rcoleman1 Posts: 153member
    Just a formality.
  • Reply 3 of 21
    lkrupplkrupp Posts: 10,557member

    Quote:

    Originally Posted by digitalclips View Post



    Good news, AAPL will drop again now.



    I still want to know how these places allow a PC with Microsoft OS inside if they care that much. But, hey it's still good news.


     


    Samsung got it first so Apple is doomed¡

  • Reply 4 of 21
    al_bundyal_bundy Posts: 1,525member

    Quote:

    Originally Posted by digitalclips View Post



    Good news, AAPL will drop again now.



    I still want to know how these places allow a PC with Microsoft OS inside if they care that much. But, hey it's still good news.


    the military would ground to a halt without powerpoint


     


    the classified PC's are only allowed on classified networks. and computers on the normal network are not allowed on classified networks 

  • Reply 5 of 21
    macbook promacbook pro Posts: 1,605member
    [URL=http://disa.mil/News/PressResources/2013/STIG-Apple]Here[/URL] is the original press release from Defense Information Systems Agency.

    Apple iOS 6 has had interim approval since January.
  • Reply 6 of 21
    macbook promacbook pro Posts: 1,605member
    Good news, AAPL will drop again now.

    I still want to know how these places allow a PC with Microsoft OS inside if they care that much. But, hey it's still good news.

    It is possible to harden Microsoft Windows to provide a very secure environment. Unfortunately, the ubiquity of Microsoft has created a ubiquity of Microsoft Certified IT Professionals. The larger population of IT professionals focused on Microsoft provides a larger pool of inadequate IT professionals.

    Microsoft has security issues but if you follow many of the same rules recommended for OS X then the system can be secure:
    • Remove Adobe Acrobat
    • Remove Java
    • Remove Adobe Flash
    • etc.


    One major advantage for the Department of Defense is that individuals who access sensitive information are well trained and far more conscientious in regards to sensitive information than the average person is with their computer.
  • Reply 7 of 21
    Quote:
    Originally Posted by MacBook Pro View Post



    It is possible to harden Microsoft Windows to provide a very secure environment. Unfortunately, the ubiquity of Microsoft has created a ubiquity of Microsoft Certified IT Professionals. The larger population of IT professionals focused on Microsoft provides a larger pool of inadequate IT professionals.



    Microsoft has security issues but if you follow many of the same rules recommended for OS X then the system can be secure:

    • Remove Adobe Acrobat

    • Remove Java

    • Remove Adobe Flash

    • etc.

     

    Unfortunately, most of the programs the military use on both unclassified and classified networks are specifically written in Java, utilize Flash, and have documents with Acrobat.
  • Reply 8 of 21
    macbook promacbook pro Posts: 1,605member
    Unfortunately, most of the programs the military use on both unclassified and classified networks are specifically written in Java, utilize Flash, and have documents with Acrobat.

    Reference?
  • Reply 9 of 21
    rob53rob53 Posts: 3,241member

    Quote:

    Originally Posted by lkrupp View Post


     


    Samsung got it first so Apple is doomed¡



    http://appleinsider.com/articles/13/03/04/samsung-adds-security-layer-to-android-to-gain-enterprise-credibility


     


    Actually, we shouldn't be talking about Samsung getting approval at all. We should say Centrify's sandboxed additions to the Galaxy-only version of Android was approved. The difference is anything running iOS was approved. The same can't be said for anything running on Android or Samsung.


     


    The interesting thing about the iOS approval is DoD only needed FIPS approval for the CoreCrypto Kernel Module before announcing the ability to operate iOS devices on DoD networks. 

  • Reply 10 of 21
    chabigchabig Posts: 641member

    Quote:

    Originally Posted by TrustNoOne00 View Post


     

    Unfortunately, most of the programs the military use on both unclassified and classified networks are specifically written in Java, utilize Flash, and have documents with Acrobat.


    I can absolutely vouch for the accuracy of this statement.

  • Reply 11 of 21
    rob53rob53 Posts: 3,241member



    Quote:



    Originally Posted by TrustNoOne00 View Post


     

    Unfortunately, most of the programs the military use on both unclassified and classified networks are specifically written in Java, utilize Flash, and have documents with Acrobat.


     


    Quote:

    Originally Posted by MacBook Pro View Post





    Reference?


     


    Speaking as a government sub-contractor, I would agree that the government uses Java and Flash a lot. The Acrobat issue isn't a problem since iOS includes a pdf reader. There are many specialized applications that are written in Java, which isn't the problem. The Java browser issue is the problem. As for Flash, I hate all the stupid web-based Flash sites I have had to deal with. Almost all of them are training material, which could easily be done a different way (or thrown in the trash). Adobe does have extra capabilities with Acrobat the Preview doesn't do but again, there are other ways to replace this functionality. The use of Java is the biggest problem because it's supposed to run on multiple platforms, which cuts down on development time. Of course, this doesn't always work correctly, especially on Macs.


     


    Last I heard, classified use of mobile devices was limited to Blackberry systems because of the Blackberry servers. iOS and Centrify/Knox-Samsung mobile devices are for unclassified networks only.

  • Reply 12 of 21
    gprovidagprovida Posts: 258member


    I think the problems of security with JAVA and Flash are going to cause DOD to migrate away from these frameworks, but pdf I suspect is here to stay.  So I suspect this will not be a major obstacle.  The biggest challenge for Android is continuous Forking and updating of the devices.  The biggest challenge for Apple will be developers who like to poke into the OS using the Apple walled garden.

  • Reply 13 of 21
    boriscletoboriscleto Posts: 159member

    Quote:

    Originally Posted by al_bundy View Post


    the military would ground to a halt without powerpoint


     


    the classified PC's are only allowed on classified networks. and computers on the normal network are not allowed on classified networks 



     


    But a low level soldier with a thumb drive was able to get around that...

  • Reply 14 of 21
    rob53rob53 Posts: 3,241member

    Quote:

    Originally Posted by boriscleto View Post


     


    But a low level soldier with a thumb drive was able to get around that...



    If the classified computers were configured to government regulations, a thumb drive would not be readable or writable without admin privileges. That should keep the low level soldier from doing these things but not a low level soldier with admin privileges. Of course, there's always times when regulations are thrown out the window allowing anyone with physical access to do what's needed for the situation they're in.

  • Reply 15 of 21
    minicaptminicapt Posts: 219member

    Quote:

    Originally Posted by boriscleto View Post


     


    But a low level soldier with a thumb drive was able to get around that...



    He was using a laptop which was improperly configured for a secure network, ie, it had a functional CD-burner.


     


    Cheers


  • Reply 16 of 21

    Quote:

    Originally Posted by rob53 View Post


    http://appleinsider.com/articles/13/03/04/samsung-adds-security-layer-to-android-to-gain-enterprise-credibility


     


    Actually, we shouldn't be talking about Samsung getting approval at all. We should say Centrify's sandboxed additions to the Galaxy-only version of Android was approved. The difference is anything running iOS was approved. The same can't be said for anything running on Android or Samsung.


     


    The interesting thing about the iOS approval is DoD only needed FIPS approval for the CoreCrypto Kernel Module before announcing the ability to operate iOS devices on DoD networks. 



    I agree, however in all this chatter don't overlook that ONLY Apple is allowed to sell tablets to the government... no other company's tablet is listed and that includes Microsoft. 


     


    Now, if you want to use iPads in your Federal department, would you rather have Samscum phones that do not sync with your iPads, or an iPhone which will???

  • Reply 17 of 21

    Quote:

    Originally Posted by boriscleto View Post


     


    But a low level soldier with a thumb drive was able to get around that...




    Quote:

    Originally Posted by rob53 View Post


    If the classified computers were configured to government regulations, a thumb drive would not be readable or writable without admin privileges. That should keep the low level soldier from doing these things but not a low level soldier with admin privileges. Of course, there's always times when regulations are thrown out the window allowing anyone with physical access to do what's needed for the situation they're in.




    Quote:

    Originally Posted by minicapt View Post


    He was using a laptop which was improperly configured for a secure network, ie, it had a functional CD-burner.


     


    Cheers




     


    ...AND he could get all the access he wanted because all the secure computers in his area had their passwords written on sticky notes attached to the monitors.

  • Reply 18 of 21
    runbuhrunbuh Posts: 315member

    Quote:

    Originally Posted by Macky the Macky View Post


    I agree, however in all this chatter don't overlook that ONLY Apple is allowed to sell tablets to the government... no other company's tablet is listed and that includes Microsoft. 


     


    Now, if you want to use iPads in your Federal department, would you rather have Samscum phones that do not sync with your iPads, or an iPhone which will???



    The Windows 7 STIG has been out since April 2010 and includes this wording in the title: "Windows 7 STIG - Applies to any installation of Windows 7, including tablet computers".  You can see this at: http://iase.disa.mil/stigs/a-z.html.

  • Reply 19 of 21

    Quote:

    Originally Posted by runbuh View Post


    The Windows 7 STIG has been out since April 2010 and includes this wording in the title: "Windows 7 STIG - Applies to any installation of Windows 7, including tablet computers".  You can see this at: http://iase.disa.mil/stigs/a-z.html.



     


    From all the articles relating to the federal government purchase, Windows in any form, are not acceptable on phones or tablet purchases. So, my previous comments are based on that starting premise. Finally, Windows 7 on phones turned out to be a dead-end product combo with no upgrade path to Windows 8. 


     


    Uncle Fester and the gang were totally shut out of phone and tablet sales for the current contract and may not get invited again until 6 years from now. 

  • Reply 20 of 21
    runbuhrunbuh Posts: 315member

    Quote:

    Originally Posted by Macky the Macky View Post


     


    From all the articles relating to the federal government purchase, Windows in any form, are not acceptable on phones or tablet purchases. So, my previous comments are based on that starting premise. Finally, Windows 7 on phones turned out to be a dead-end product combo with no upgrade path to Windows 8. 


     


    Uncle Fester and the gang were totally shut out of phone and tablet sales for the current contract and may not get invited again until 6 years from now. 



    Pardon my misunderstanding, but you made the statement that "ONLY Apple is allowed to sell tablets to the government... no other company's tablet is listed and that includes Microsoft."  That statement, standing on it's own, is patently false.


     


    The contract to which you are referring may provide a vehicle for procuring iOS devices, but that is only one contract.  There are many many many contracts for procuring IT hardware in the federal government and nothing preventing an agency from procuring and using a Windows tablet.  Comply with the Buy American Act, follow the STIG, make sure your DAR and DIM are compliant, test your config, and you're good to go.  


     


    The Windows 8 STIG is here: http://iase.disa.mil/stigs/os/windows/win8.html


    Note that there is no STIG for Windows RT, yet, so regular Surface tablets would need a waiver to be allowed on a DoD network (and who in their right mind would want to go through the trouble of a waiver for a Surface????).  However, Surface Pro tablets would be covered under the Windows 8 STIG, and the STIG has specific items to address for tablets.  For example:


     











    Group Title: WN08-CC-000035

    Severity: CAT III

    Group ID (Vulid): WN08-CC-000035 Rule ID: WN08-CC-000035_rule Rule Version (STIG-ID): WN08-CC-000035

    Rule Title: Errors in handwriting recognition on tablet PCs must not be reported to Microsoft.

    Vulnerability Discussion: 

    Some features may communicate with the vendor, sending system information or downloading data or components for the feature. Turning off this capability will prevent potentially sensitive information from being sent outside the enterprise and uncontrolled updates to the system.This setting prevents errors in handwriting recognition on tablet PCs from being reported to Microsoft.

    Check Content: 

    If the following registry value does not exist or is not configured as specified, this is a finding:Registry Hive: HKEY_LOCAL_MACHINESubkey: \Software\Policies\Microsoft\Windows\HandwritingErrorReports\Value Name: PreventHandwritingErrorReportsType: REG_DWORDValue: 1


    Fix Text: 

    Configure the policy value for Computer Configuration -> Administrative Templates -> System -> Internet Communication Management -> Internet Communication settings -> “Turn off handwriting recognition error reporting” to “Enabled”.

Sign In or Register to comment.