unauthorized devices (ud) and unauthorized software (us ... · 26/07/2018 · mdm license •...
TRANSCRIPT
Unauthorized Devices (UD) and Unauthorized Software (US)
Working GroupJuly 26, 2018
Code 710
Qi’Anne Knox
Shoeb Siraj
IT Security Working Group 1
Agenda
• UD Use Cases (Excel Spreadsheet)• Survey Results • OATS Action• Phase 1 Impacts• Phase 2 Discussion• MDM License• Software Management (SM)• UDS Team (Code 710) Requests
2
UD Use Cases
Excel Spreadsheet
Survey Results
• Survey Results – 3,176 responses received from all centers out of 11,519 users (~30%)– 490 responses received at GSFC out of 2,360 users (~21%)– 1,510 users stated they would potentially place NASA MDM on PFE – Although user stated yes, they may not meet requirements (i.e. required to
work 24/7).– Code 710 POCs will work with the Agency to get more survey data and share
with the working group.– Please use the survey information as a gauge as you’re working the ACES
Seat orders/OATS Action (resulting from the UD memo)
OATS Action
• Due date: August 3, 2018• Action: Update how many ACES seats are needed and what type, so ACES can
forecast the schedule. If the carrier is known, please create a new column with this information. The same is true if additional information is needed.
• The forecast information is needed to ensure that no one’s access is inadvertently cut off.
• Recommendation is to get the data call complete versus placing orders now. This will help ensure turnaround time and resource availability.
• This data call will also help the Agency understand the final requirement and costs. It is critical to ensure those requesting these seats, really need them (e.g., those user who require 24/7 access).
• ACES Mobile Seat Quick Reference Guide was emailed to the WG outlining the cheapest options.
OATS Action Tracking
Directorate / Mission Status
100, 110150200300400500600700710800JPSS
GOESSTScIESMO
450ESDISHST
JWSTSSMO Received 7/25/18IV&V
Phase 1 Impacts
• For Phase 1, when Office365 is implemented, impacts are as follows:– OWA external access is shut off– ActiveSync ID and password access is shut off– Outlook thick client connectivity to the mail system requires VPN access
• Users must have an alternative solution once phase one is implemented such as MDM on mobile device or VPN into a Center. (Thick client will still work w/ VPN.)
Phase 2 Discussion
• Phase 2 date is still TBD and will be discussed in detail early next fiscal/calendar year.
• Phase 2 is dependent on process element development (e.g., how to authorize some corporate machines, ensure device has right certificates, etc.).
• Various partner profiles will need to be developed based on access needed.• The Agency will work with Centers to get concurrence on profiles.
MDM License• Licenses (subject to change):
– First 10,000 licenses are free for the 1st year• Cost (subject to change):
– After that, the cost for personal mobile devices could be more than $5 per month per license
• User Agreement:– By signing the agreement, there will be an impact to the right to privacy. – The users need to comply with patching requirements.
• The Agency is aware of patching concerns for Android devices. – Policy is under discussion at Office of General Counsel (OGC).– Business rules are complete.– Aiming to having MDM User Agreement finalized by second week of August after
CIO face-to-face.• This should include the NAMS workflow and SATERN training.
Software Management (SM)
• Classification (Games)1. Web/Cloud 2. Hybrid (Local + Web/Cloud)3. Standalone (Local)
• Actions (GFEs - ACES & non-ACES only)– Block access to gaming sites (#1 above) from NASA-owned networks
• Agency Implementation date: July 12, 2018• Goddard Tentative date: September 4, 2018
– Removing gaming software from NASA systems (#2 & #3 above)– Centralize, standardize, and streamline lifecycle processes for
managing software
UD Team (710) Asks
Thank you for all your support!
• Complete data call on forecast of ACES seats by August 3, 2018
• Please continue to communicate your concerns and suggestions to us, which we will communicate up.
• Email: GSFC IT Security Review– [email protected]– [email protected]– [email protected]
11
12
Backup Slides
Survey Results
3,176 Responses ReceivedCenter Responses
ARC 376
AFRC 2GSFC 490
GISS 1JPL 5
JSC 1,708
KSC 3LaRC 362
HQ 96SSC 74
WFF 53
WSC 6
Device TypeApple/iOS 2,446
Android 696
Other 34
Device OwnershipPersonal 2,669
GFE 320Partner 27
Corporate 160
Willing to Install on Personal DeviceYes 1,510No 1,666