CIO Council & Department of Homeland Security, National Protection and Programs Directorate, Office of Cybersecurity and Communications, Federal Network Resilience, Mobile Security Reference Architecture (Ver. 1.0) (May 23, 2013) (full-text).
The Mobile Security Reference Architecture (MSRA) has been released to assist Federal Departments and Agencies (D/As) in the secure implementation of mobile solutions through their enterprise architectures. This document focuses on securing the use of commodity mobile computing devices and infrastructures used to access Federal Government resources. The MSRA provides a review of the security risks associated with mobile computing devices and infrastructures, and example solutions for mitigating those risks. Although the MSRA primarily focuses on Government Furnished Equipment (GFE), a discussion of security concerns related to non-GFE devices is also provided.
- Components of a mobile computing reference architecture;
- Categories for users of a mobile computing architecture;
- Sample implementations of a mobile computing architecture;
- Management and security functions of a mobile computing architecture;
- A discussion of the threats to mobile computing devices and infrastructures, and potential mitigations for those threats;
- Information assurance controls that apply to the mobile infrastructure components, and their relation to NIST Special Publication 800-53, rev4;
- A set of considerations for High Risk environments; and
- A discussion of the policy considerations necessary for the secure adoption of a mobile solution.