Happy Friday Federal friends! We're nestled comfortable in our new space in downtown Boston and it already feels like home. This is good news for everyone because we moved out of the Pru at 4pm on Friday and we were rockin' n' rolling in the new digs at 8am on Monday
Enough about us though, let's get back to it...
On the mobile front, NASA had a rough go of it during a recent audit of their mobile device management. NASA is one of the few agencies that allow personal devices on their network, but this could be a perk that could be going away. While they do enforce the basics of requiring a 4 digit passcode, auto-lock features, and device-wipe after 10 failed attempts they were extremely lax as to what other aspects of the network these devices were reaching. In response NASA has decided to launch an enterprise-wide MDM policy via HP.
In what could be another case of perfect timing, NIST has announced that they are releasing the building-blocks for a draft on a Mobile Security Framework. This should help agencies like NASA better align their policies to match the demand and usage from their employees around mobile devices. That being said NIST still has a ways to go and is currently seeking feedback for this effort.
In Rapid7 News we are continuing to update Nexpose and one of our latest releases was geared towards our federal customers, specifically those needing STIG benchmarks. Per the Nexpose 5.8.12 release:
- You can now assess your asset configuration for compliance with Defense Information Systems Agency (DISA) standards. A new built-in scan template allows you to scan with policies and tuned settings specifically developed for DISA assessment. New DISA policies provide compliance coverage for Microsoft Windows 8, Windows 7, and Windows 2008 operating systems. All DISA policies are contained within a single category, named DISASTIGS, so that you can easily select this category when configuring a custom scan template.
And now, Tom Hanks sending an email.