Main Nav

Federal Government Develops Toolkit for Bring Your Own Device

The Digital Services Advisory Group and Federal Chief Information Officers Council have produced a Toolkit to Support Federal Agencies Implementing Bring Your Own Device (BYOD) Programs.  The toolkit provides key areas for consideration and examples of existing policies and best practices.  The toolkit also includes a small collection of case studies to highlight the successful efforts of BYOD pilots or programs at several government agencies.  The Digital Government Strategy, issued by Federal Chief Information Officer (CIO) Steven VanRoekel on May 23, 2012, called for the establishment of a Digital Services Advisory Group (Advisory Group) to promote cross-agency sharing and accelerated adoption of mobile workforce solutions and best practices in the development and delivery of digital services.

The toolkit begins with a very helpful explanation of BYOD:

BYOD is a concept that allows employees to utilize their personally-owned technology devices to stay connected to, access data from, or complete tasks for their organizations.  At a minimum, BYOD programs allow users to access employer-provided services and/or data on their personal tablets/eReaders, smartphones, and other devices.  This could include laptop/desktop computers; however, since mature solutions for securing and supporting such devices already exist, this document focuses on the emerging use case of mobile devices.

The Advisory Group identified several key characteristics of the growing trend towards employees bringing their own device into the workplace:

  • BYOD is about offering choice to customers.
  • BYOD can and should be cost-effective, so a cost-benefit analysis is essential as the policy is deployed.
  • Implementation of a BYOD program presents agencies with a myriad of security, policy, techni­cal, and legal challenges not only to internal communications, but also to relationships and trust with business and government partners.
  • The business case for implementing BYOD programs vary from agency to agency, but often involve the following drivers: to reduce costs, increase program productivity and effectiveness, adapt to a changing workforce, and improve user experience.

The Advisory Group assembled sample policies in use at agencies to help inform IT leaders who are considering developing a BYOD program for their agencies.  Sample policies include: 

  • Policy and Guidelines for Government-Provided Mobile Device Usage 
  • Bring Your Own Device—Policy and Rules of Behavior 
  • Mobile Information Technology Device Policy 
  • Wireless Communication Reimbursement Program 
  • Portable Wireless Network Access Device Policy

The Advisory Group cautions that the Federal Government still has more to do to address the more complicated issues related to BYOD.  This includes how the government can reimburse Federal employees for voice/data costs incurred when they use their personal mobile devices instead of government-issued mobile devices, and additional security, privacy, and legal considerations including supply chain risk management and legal discovery.

The National Institute for Standards and Technology (NIST) has developed Guidelines for Managing and Securing Mobile Devices in the Enterprise (SP 800-124 Revision 1 was released for comment on July 10th, 2012).  The draft guidance includes recommendations for securing personally-owned mobile devices.  Later this year, NIST will also release for comment a User’s Guide to Telework and Bring Your Own Device (BYOD) Security (SP 800-114 Revision 1), updating an earlier version, which will provide recommendations for securing BYOD devices used for telework and remote access, as well as those directly attached to the enterprise’s own networks.  NIST is also preparing a Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security (SP 800-46 Revision 2), updating an earlier version, which will provide information on security considerations for several types of remote access solutions.

Tags from the EDUCAUSE Library