The Federal CIO Council working group has released a new guidance document intended for federal agencies that are implementing bring-your-own-device (BYOD) programs.
The document contains case studies from Delaware, and a handful of federal agencies. The council also presents a list of key considerations to keep in mind — such as a cost/benefit analysis for BYOD, security and policy obstacles, and roles and responsibilities.
The guidance outlines three basic technical approaches to an effective BYOD program:
“Virtualization: Provide remote access to computing resources so that no data or corporate application processing is stored or conducted on the personal device;
Walled garden: Contain data or corporate application processing within a secure application on the personal device so that it is segregated from personal data; and
Limited separation: Allow comingled corporate and personal data and/or application processing on the personal device with policies enacted to ensure minimum security controls are still satisfied.”
The paper also includes sample text of various BYOD policies.
Implementing a BYOD program isn’t mandatory, the white paper says. “This document is intended to serve as a toolkit for agencies contemplating implementation of BYOD programs. The toolkit is not meant to be comprehensive, but rather provides key areas for consideration and examples of existing policies and best practices.”
The document is searchable in the player below.