Who doesn’t like spending Saturday night reading a IG report.
Through FCW’s writeup “VA May Have Bent the Rules for iPads, iPhones,” I found the VA Office of the Inspector General report “Department of Veterans Affairs: Review of Alleged Circumvention of Security Requirements for System Certifications and Apple Mobile Devices.”
There were two violations alleged in a report to an anonymous hotline.
Allegation 1: Violation of FISMA C&A requirements with a shift to continuous monitoring.
Allegation 2: Mobile devices, specifically iPhones and iPads were deployed without FIPS 140-2 encryption for sensitive data.
Both links are worth reading.