IG report on iOS usage at the VA

Who doesn’t like spending Saturday night reading a IG report.

Through FCW’s writeup “VA May Have Bent the Rules for iPads, iPhones,” I found the VA Office of the Inspector General report “Department of Veterans Affairs: Review of Alleged Circumvention of Security Requirements for System Certifications and Apple Mobile Devices.”

There were two violations alleged in a report to an anonymous hotline.

Allegation 1: Violation of FISMA C&A requirements with a shift to continuous monitoring.

Allegation 2: Mobile devices, specifically iPhones and iPads were deployed without FIPS 140-2 encryption for sensitive data.

Both links are worth reading.