unauthorized devices (ud) and unauthorized software (us ... · 26/07/2018  · mdm license •...

Unauthorized Devices (UD) and Unauthorized Software (US)

Working GroupJuly 26, 2018

Code 710

Qi’Anne Knox

Shoeb Siraj

IT Security Working Group 1

Agenda

• UD Use Cases (Excel Spreadsheet)• Survey Results • OATS Action• Phase 1 Impacts• Phase 2 Discussion• MDM License• Software Management (SM)• UDS Team (Code 710) Requests

2

UD Use Cases

Excel Spreadsheet

Survey Results

• Survey Results – 3,176 responses received from all centers out of 11,519 users (~30%)– 490 responses received at GSFC out of 2,360 users (~21%)– 1,510 users stated they would potentially place NASA MDM on PFE – Although user stated yes, they may not meet requirements (i.e. required to

work 24/7).– Code 710 POCs will work with the Agency to get more survey data and share

with the working group.– Please use the survey information as a gauge as you’re working the ACES

Seat orders/OATS Action (resulting from the UD memo)

OATS Action

• Due date: August 3, 2018• Action: Update how many ACES seats are needed and what type, so ACES can

forecast the schedule. If the carrier is known, please create a new column with this information. The same is true if additional information is needed.

• The forecast information is needed to ensure that no one’s access is inadvertently cut off.

• Recommendation is to get the data call complete versus placing orders now. This will help ensure turnaround time and resource availability.

• This data call will also help the Agency understand the final requirement and costs. It is critical to ensure those requesting these seats, really need them (e.g., those user who require 24/7 access).

• ACES Mobile Seat Quick Reference Guide was emailed to the WG outlining the cheapest options.

OATS Action Tracking

Directorate / Mission Status

100, 110150200300400500600700710800JPSS

GOESSTScIESMO

450ESDISHST

JWSTSSMO Received 7/25/18IV&V

Phase 1 Impacts

• For Phase 1, when Office365 is implemented, impacts are as follows:– OWA external access is shut off– ActiveSync ID and password access is shut off– Outlook thick client connectivity to the mail system requires VPN access

• Users must have an alternative solution once phase one is implemented such as MDM on mobile device or VPN into a Center. (Thick client will still work w/ VPN.)

Phase 2 Discussion

• Phase 2 date is still TBD and will be discussed in detail early next fiscal/calendar year.

• Phase 2 is dependent on process element development (e.g., how to authorize some corporate machines, ensure device has right certificates, etc.).

• Various partner profiles will need to be developed based on access needed.• The Agency will work with Centers to get concurrence on profiles.

MDM License• Licenses (subject to change):

– First 10,000 licenses are free for the 1st year• Cost (subject to change):

– After that, the cost for personal mobile devices could be more than $5 per month per license

• User Agreement:– By signing the agreement, there will be an impact to the right to privacy. – The users need to comply with patching requirements.

• The Agency is aware of patching concerns for Android devices. – Policy is under discussion at Office of General Counsel (OGC).– Business rules are complete.– Aiming to having MDM User Agreement finalized by second week of August after

CIO face-to-face.• This should include the NAMS workflow and SATERN training.

Software Management (SM)

• Classification (Games)1. Web/Cloud 2. Hybrid (Local + Web/Cloud)3. Standalone (Local)

• Actions (GFEs - ACES & non-ACES only)– Block access to gaming sites (#1 above) from NASA-owned networks

• Agency Implementation date: July 12, 2018• Goddard Tentative date: September 4, 2018

– Removing gaming software from NASA systems (#2 & #3 above)– Centralize, standardize, and streamline lifecycle processes for

managing software

UD Team (710) Asks

Thank you for all your support!

• Complete data call on forecast of ACES seats by August 3, 2018

• Please continue to communicate your concerns and suggestions to us, which we will communicate up.

• Email: GSFC IT Security Review– GSFC-IT-Security-Review@mail.nasa.gov– shoeb.siraj@nasa.gov– qianne.l.knox@nasa.gov

11

12

Backup Slides

Survey Results

3,176 Responses ReceivedCenter Responses

ARC 376

AFRC 2GSFC 490

GISS 1JPL 5

JSC 1,708

KSC 3LaRC 362

HQ 96SSC 74

WFF 53

WSC 6

Device TypeApple/iOS 2,446

Android 696

Other 34

Device OwnershipPersonal 2,669

GFE 320Partner 27

Corporate 160

Willing to Install on Personal DeviceYes 1,510No 1,666