"In 2011, Executive Order No. 13571 was issued to Federal Government agencies to improve the quality of services to the American people. As a result of this directive, the strategy document 'Digital Government: Building a 21st Century Platform to Better Serve the American People' was created. As part of this strategy, the Department of Homeland Security (DHS), the Department of Defense (DoD), and the National Institute of Standards and Technology (NIST) were tasked with developing a reference architecture that would provide guidance to Federal agencies implementing mobile security. DHS, in collaboration with over 30 agencies, bureaus , and agency sub-components, developed a Mobile Security Reference Architecture (MSRA) to help Federal civilian agencies meet this directive and to help ensure privacy and security in the digital age. Mobile computing devices ('mobile devices') require are thinking of the security models that are traditionally employed to protect information accessed by off-site/remote workers. Appropriate authentication methods, traditional security products (e.g., anti-virus, firewalls), and connectivity options may be limited, non existent, or require modifications to accommodate mobile devices. The MSRA enumerates these issues and describes strategies to address them. Prior to the adoption of mobile computing devices for processing Department and Agency (D/A)-sensitive information, D/As should perform a threat and risk assessment that is tailored to their specific mobile data threat environment and mobile services. Both policy development and the required levels of mobile device management should be considered as inputs to the threat and risk assessment so that D/As can implement appropriate security controls."
Chief Information Officers Council: https://cio.gov/