From: NASA Office of the Chief Information Officer
Posted: Thursday, August 29, 2013
As NASA employees, we expect anytime, anywhere access to our information. New devices, applications and operating systems bring tremendous opportunity for productivity and innovation, but they also bring challenges in protecting, securing, and maintaining NASA information.
The ultimate vision for NASA mobility is: "Anyone will be able to securely and seamlessly access and share any information, anyplace, anytime, using any device." In order to make this vision real, NASA must focus on devices, communications, information, applications and services, identity and authentication, all at the same time while striving to keep paramount your mission needs and a seamless user experience.
Mobile devices like smartphones and tablets are playing an increasingly important role in our lives. Some of us have access to a mobile device provided by NASA, and many others have personal devices we would like to use to help accomplish our work. To date, NASA has not prevented the use of your personal device to help increase your productivity and to enhance your ability to do business. Of course, we always have the responsibility to take care in handling and securing NASA data. This is especially true on mobile devices.
In the coming months, the NASA Office of the Chief Information Officer (OCIO) will be working to develop a formal policy to govern the use of personal devices, also known as "Bring Your Own Device (BYOD)". Until then, I have directed the OCIO to enroll every personal mobile device that accesses the NASA email system into a management profile that helps to secure NASA data, just like is currently done on NASA's government issued devices. This change, effective September 10, 2013, will enforce a minimum set of security requirements on your personal mobile device if you wish to directly access NASA's email and calendaring resources from your device's email client. This change will only affect mobile devices, i.e., those running a mobile operating system such as Apple's iOS, Google's Android, etc. It will not affect laptops, nor will affect any access to email via webmail.
Unfortunately, we cannot accommodate every single model, brand, and type of personal mobile device that may exist out there. As a result, there is a potential that some older devices may not be able to meet these minimum security requirements, and may not be able to continue accessing NASA email once this change is applied. However, most modern commercially available mobile devices and operating systems should be supported. Our intent is to enable and accommodate the NASA workforce to the best of our abilities, while still ensuring that those devices coming into the NASA email system are able to at least meet a minimum level of security.
The OCIO has published a memo detailing a minimum set of security requirements for the use of personally owned mobile devices, as well as frequently asked questions to help you use your personal device securely to access NASA data and support your work. These documents can be found at: http://inside.nasa.gov/ocio/content/nasa-memoranda (internal NASA site).
Editor's note: this is the memo behind the NASA firewall: Minimum Security Requirements for Personal Mobile Devices, NASA CIO
I ask that you take a moment to review and familiarize yourself with these requirements. Please keep in mind that any use of personal devices to access NASA data is purely optional. You should refrain from using a personal mobile device to access NASA information and systems if you are uncomfortable, unable or unwilling to comply with these minimum security requirements. As the use of personal mobile devices is purely optional, employees cannot be required or expected to use their own devices to accomplish their assigned tasks if they choose not to do so.
Thank you for all the work you do every day to help us achieve NASA's mission.
NASA Chief Information Officer
This notice is being sent agencywide to all employees by NASA INC in the Office of Communications at NASA Headquarters.
// end //