Controls Over Information Contained in BlackBerry Devices Used Within DoD

摘要

The overall objective of the audit was to determine whether the Military Services and other Defense agencies have controls in place to prevent unauthorized disclosure of information contained in wireless devices. Specifically, we reviewed controls to protect information contained in BlackBerry devices as these are the primary Personal Digital Assistant (PDA) devices used by the Military Services and other Defense agencies. See Appendix A for the scope and methodology and prior audit coverage. PDAs are small, portable electronic devices with similar functional use as a personal computer with the convenience of portability. However, with the convenience of portability comes the risk of loss, which could lead to the compromise of DoD information. Therefore, DoD Components must implement proper security controls to prevent unauthorized disclosure. A BlackBerry device incorporates features, such as an organizer (address book, calendar, and to-do lists) and instant messaging with wireless services, such as e-mail, mobile telephone, and web browsing. The use of BlackBerry devices is prevalent among highlevel officials such as senior management, personnel requiring access to DoD information technology resources during non duty hours, and personnel who are frequently separated from the office. Because BlackBerry devices can introduce security vulnerabilities exposing Government information systems to compromise, BlackBerry devices must be properly secured.