by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : November and December 2014
The National Institute of Standards and Technology is readying guidance to help agencies vet commercial mobile applications that workers might use on government-issued devices or personal apps that access government networks. The draft guidelines, "Technical Con- siderations for Vetting 3rd Party Mobile Apps," aim to help agencies assess a mobile app's security, behavior and reliability to determine if the app is ac- ceptable for their environments. The guidance is intended to be in- structive rather than prescriptive, letting government of cials choose what risks apply to their agencies. "There needs to be more awareness of what the apps actually do, what information they're collecting and how you may put your network at risk," said Tom Karygiannis, a NIST computer scientist, who helped develop the guidelines. The guidelines also focus on users outside the IT department who "need to have an awareness of how their security and privacy might be compromised as they use these devices," Karygiannis said. As for for the IT technical staff, "there are new technologies in there, so they need new tools and new security technologies to help secure both the device itself and the network it con- nects to." According to the draft, vetting re- quires having access to an app's binary code and its most basic metadata, such as a primary point of contact who can answer questions regarding the app's intended use within the organization. Better still is access to source code. To prepare for testing, agencies must identify the developer and know its reputation, the intended hardware plat- form and con guration and any digital signatures that apply. Primary examples of things to test, according to the draft, include whether the app protects sensitive data and privacy, is reliable and available and performs as promised. In an appendix, the authors de ne the vulnerabilities speci c to applications running on devices using Android and iOS operat- ing systems. The guidance isn't intended to be universal. What's a big deal at one agency might not be at another, Karygiannis said. For instance, a public relations of cer at a law enforcement branch might want to access social media, while rst responders collecting medical or other personal data have an obligation to avoid exposing private information. What's more, agencies have different levels of risk tolerance. "We just want to make them aware what the risks are, provide some guidance on what they could do about it, but ultimately they're responsible for accepting the risks," he said. App vetting is important because apps represent a new business model for government. "On your desktop environment, maybe you were familiar with three or four major vendors," Karygiannis said. "Now there's hundreds of thousands out there that you're not really sure how mature their software development process is or you're not really sure what the apps do." NIST's draft document could help that a bit, too, though. It will let vendors that make software development tools or testing tools see what tests they need to be able to perform and what mistakes to avoid in making apps.• BY STEPHANIE KANOWITZ Apps not safe for work? NIST drafts guide for checking BYOD of choice for Congress Of 102 lawmakers whose of ces responded to a survey questionnaire from The Hill, more than 71 percent use iPhones, 9 percent use Android phones and 28 percent carry a BlackBerry. Not surprisingly, many carry more than one device. Among those using tablets, 95 percent use iPads. Congress is much more Apple-friendly than the nation as a whole, ac- cording to The Hill survey, where about 42 percent of smartphone owners have an iPhone and 52 percent have an Android. Rep. Mike Honda (D-Calif.), who represents the Silicon Valley district that includes Apple's headquarters, also has the full suite of an iPhone, iPad and MacBook Air --- and he's looking into picking up one of the company's new Apple Watches, spokesman Ken Scud- der said. The lone Windows phone owner is Rep. Suzan DelBene (D-Wash.), a former Microsoft executive who now represents the district that includes the company's Redmond, Wash., headquarters. DelBene's staffers use Windows phones as well, her of ce told The Hill. Like most Ameri- cans, popular apps for lawmakers include those that provide news, weather and traf c, although Reps. Jared Polis (D- Colo.) and Randy Hultgren (R-Ill.) told The Hill they were fans of Capitol Bells, an app developed by a former Capitol Hill staffer that decodes the Capitol's buzzer system and lets the general public follow along.• GCN NOVEMBER/DECEMBER 2014 • GCN.COM 9