Mobile Security Solution for U.S. DoD Mobile Devices

Fixmo announced it was selected to provide mobile data protection and cyber security solutions for the U.S. DISA as part of a contract for managing mobile devices within the U.S. DoD. Fixmo’s technology will be used to secure mobile Email and Browsing, and to protect the integrity and compliance of Apple and Android DISA-managed mobile devices.

Fixmo’s technology can enforce the use of complex passcodes and allow users to digitally sign encrypted

emails and log into back-end systems using their Common Access Cards. 

Fixmo has been actively involved with DISA and mobile device manufacturers since 2010 in producing mobile security technologies that align with the requirements of DISA security policies and STIG definitions.

Some of the core technology developed by Fixmo evolved from its participation in the National Security Agency’s technology transfer program. Some of the intellectual property was originally developed by the NSA for use within DoD, specifically to enforce the security of BlackBerrys. Since then, DoD has moved to expand its variety of mobile devices.

Through its partnership with DMI, Fixmo will provide the following technologies as part of the DISA 

MDM/MAS contract award:

    Fixmo Secure Mobile Apps for Email, Calendaring, Contacts and Secure Browsing on smartphones and

    tablets.

    Fixmo SafeZone Secure Workspace for application containerization, multi-factor user authentication,

    FIPS 140-2 AES 256-bit encryption of data-at-rest and data-in-transit, and on-device data leakage

    prevention (DLP).

    Fixmo Enterprise Server for secure remote access to private DOD networks.

    Fixmo Sentinel Integrity Services for device continuous integrity verification, compromise detection and

    policy compliance reporting.

The MDM system is in the test phase, and it expected to reach initial operating capabilities in January 2014.

The DISA contract could cover as many as 300,000 DOD mobile users by 2016.

US DoD is adopting Mobile Technology - status and challenges

The US Department of Defense (DoD) recently released its Commercial Mobile Device (CMD) Implementation Plan that will allow to equip the DOD’s 600,000 mobile-device users with secure classified and protected unclassified mobile solutions. 

This plan updates the DOD’s mobile strategy. 

The following video presents some of the Mobile Technology applications (and security challenges) in the US Army:

The following is a very interesting DoD press briefing on the CMD Implementation Plan (25 February 2013):

The DoD implements two separated working paths for accomplishement of the plan:

1. The Defense Information Systems Agency (DISA) released (October 2012) the Mobile Device Management (MDM) / Mobile Application Store (MAS) Request for Proposal (RFP). The MDM capability will function as a "traffic cop" enforcing policy for network and user end devices.

2. DISA’s mobility pilot started on May 2012 and builds enterprise mobile capabilities. The participants partner with DISA for the pilot’s unclassified side, while teaming up with the NSA to address the classified side of mobility. The following table lists several component mobility pilots and initial operational uses:

The goal - development of an enterprise mobile device management (MDM) capability and mobile application store (MAS) to support multivendor (Blackberry, iOS, Windows and Android), CAC-enabled, government-furnished devices by February 2014.

The scope - establishment of a separated, reliable, secure and flexible wireless infrastructure, for unclassified (DISA) and classified (NSA) devices, and mobile application.

The interesting news - a deployment plan of a new NSA security architecture that permits the use of commercial products for classified communications for the first time.


The Commercial Mobile Device Working Group (CMDWG) - will review and approve standards, policies, and processes for the management of mobility solutions and mobile applications on an ad-hoc basis.

The (several) callenges:

• The transfer from decentralized to certralized MDM services.
• The optional usage of commercial devices, MDM / MAS solutions and accreditable cloud solutions.
• Federated management and certification for mobile applications.
• For the device security compliance proceess DISA is using new Security Requirements Guides, a set of security standards that each device or application must comply with (instead of using the STIG process, which is relatevely long).
• Continuous monitoring and enforcement of policy compliance for configuration of applications and OSs.
• Secured authentication of mobile devices and users in unclassified networks.
• Processing of classified information on commercial mobile infrastructure, devices and applications:  

• Establishement of separated MDM / MAS infrastructure for classified information.
• Encrypting information using a minimum of two independent layers of Suite B commercial encryption. 
• Deployment of CMD architectures and implementations using NSA approved standards. 
• Protection of voice communications on carrier infrastructure and also using gateways for interoperability with the PSTN. 
• Use of secured hardware tokens for trusted user identification and authentication to SIPRNet.