"In the coming months, the NASA Office of the Chief Information Officer (OCIO) will be working to develop a formal policy to govern the use of personal devices, also known as "Bring Your Own Device (BYOD)". Until then, I have directed the OCIO to enroll every personal mobile device that accesses the NASA email system into a management profile that helps to secure NASA data, just like is currently done on NASA's government issued devices. This change, effective September 10, 2013, will enforce a minimum set of security requirements on your personal mobile device if you wish to directly access NASA's email and calendaring resources from your device's email client. This change will only affect mobile devices, i.e., those running a mobile operating system such as Apple's iOS, Google's Android, etc. It will not affect laptops, nor will affect any access to email via webmail."
AFEU Memo: Message from the Chief Information Officer: Bring Your Own Device, Ames Federal Employees Union, IFPTE Local #30
"You should assume, if you connect your personal device in this manner, that the agency will be able to read and access any data you have on your personal device and that the agency will retain the ability to remotely erase everything on that device. The union has secured an agreement that employees' personal phones will not be remotely wiped without prior permission from the owner, and I will keep you posted if that policy is altered."
Keith's note: It is nice to see NASA slowly dragging itself into the 21st century. But based on the non-stop trail of IT blunders and damning OIG reports on NASA's chronic inability to get IT right, I'd be very leery of directly connecting any personal computer to NASA. Do you really trust the same group that allowed all of your personal info to sit on laptops that seem to be stolen on a regular basis?
Have a look at the NASA CIO security requirements that NASA wants to place on what you can and cannot do with your mobile device if you connect it to NASA and what NASA can do to it if you do. You might as well just give the phone to NASA.
- NASA is Taking More Servers Offline - With No Explanation, earlier post
- NASA OIG IT Report Highlights Governance Problems, earlier post
- OIG on Information Technology Security Tools, earlier post
- NASA Still Has Not Encrypted All Laptops, earlier post
- OIG Doubts NASA Can Meet Laptop DAR Deadline, earlier post
- NASA IT Blunder Update, earlier post
- other postings