Windows Mobile is Secure Enough for Government

Topics:

Washington, DC, March 14, 2008 -- Microsoft Federal today announced the addition of two critical security certifications to its Windows Mobile operating system. Windows Mobile 5.0 with Messaging and Security Feature Pack, and Windows Mobile 6 operating systems were awarded Common Criteria Evaluation Assurance Level 2+ (EAL2+).

Separately, the U.S. Defense Information Systems Agency (DISA) announced it has approved Windows Mobile® for secure wireless e-mail throughout the Department of Defense (DoD). These milestones offer independent validation of Microsoft's commitment to assist governments and enterprises in meeting the ever-increasing security demands for mobile devices accessing sensitive data on information networks.

Both accreditations will help mobile U.S. government personnel become more productive and effective while accessing mission-critical data, including for example, Common Operational Picture software for combat and reconnaissance missions; Battlefield Medical Triage; Logistics and supply chain support, and more.

"Windows Mobile offers an extension to agency infrastructure investments, and these important security certifications create additional value to the technology investments government organizations have already made," said Randy Siegel, Enterprise Mobility Strategist, Microsoft Federal. "For instance, customers can be assured that their mobile email is sent and received in a secure manner, and that mobile access to back-end systems is just as secure and protected as on their desktop."

Common Criteria Certification
Common Criteria is a globally recognized standard for secure IT products. By meeting the security criteria for EAL2+, Windows Mobile is accepted under the Common Criteria Recognition Arrangement (CCRA) worldwide by 24 member countries. This means that U.S. government agencies with disparate, worldwide operations can use Windows Mobile with the assurance that they have adopted a technology platform that is universally recognized as tested to exacting security standards.

"Successfully completing the Common Criteria evaluation process ensures that our government customers' security needs and requirements are addressed up front, before our products even ship," said Siegel. "Through a third-party validation such as Common Criteria, our customers gain independent validation in our security products, giving them confidence in our approach to aggressively address their security needs."

The Common Criteria evaluation also provides detailed configuration documentation to aid in deployments.

DISA STIG
The approval process for Windows Mobile with the U.S. Defense Information Systems Agency (DISA) was formalized through a request for the DISA Field Security Operations (FSO) office to evaluate Windows Mobile as an approved mobile messaging platform for DoD use. As part of this process DISA developed a Security Technical Implementation Guide (STIG) checklist for prescriptive guidance on setting up a product to be used securely on DoD networks. Now that Windows Mobile devices have met the rigorous standards set forth – such as required actions if wireless email handheld is lost or stolen, authenticated login procedures to unlock a wireless email device, Bluetooth encryption, and more – large portions of DoD employees and users can access secure/unclassified Defense networks on Windows Mobile devices through a secure Bluetooth Common Access Card (CAC) reader.

The Common Access Card (CAC) is a smart card like the HSPD -12 PIV card and is used for identification and authentication to DoD systems.

The Windows Mobile DISA STIG complements other mission-critical work Microsoft is working on across the federal government. Systems integrator partners such as General Dynamics Corp. and L3 Communications Corp. have selected Microsoft to develop an NSA-approved Secure Mobile Environment Portable Electronic Device (SME PED). The SME PED is capable of secure wireless access to the SIPRNET and NIPRNET and supports DoD 8100.2 requirements. Today, more than 12 unique Windows Mobile devices are on the Army's approved Two-Way-Wireless E-mail Device list (TWED).

"By reaching these security milestones Windows Mobile not only offers unmatched choice in mobile options, but provides government agencies the tremendous cost benefit of rapidly deploying commercial off-the-shelf software solutions," said Siegel.

The full press release is available here.

Syndicate content