Now that the Department of Veterans Affairs (VA) has given its clinicians the green light to use iPads and iPhones, it needs a way to manage those devices. To that end, the VA is looking for a contractor to provide a Mobile Device Management (MDM) solution to manage its mobile device infrastructure.
This mobile device management solution must allow up to 100,000 users to securely connect tablet devices to the VA’s enterprise network. These tablet devices could be running on iOS, Android or Windows platforms. The MDM solution will manage these mobile devices and deliver a custom VA applications store.
Despite concerns about the security of using mobile devices in a clinical environment — especially the lack of FIPS 140-2 encryption available on the iPad and iPhone — the VA determined that a MDM solution could “provide compensating controls that are integral to the VA effectively securing its mobile environment.”
Vendors who wish to bid for the opportunity to manage the VA’s mobile devices must demonstrate that their MDM solution can meet a list of 41 specific security requirements. Some examples of those requirements are:
- Ability to view the current GPS location of a device or logical grouping of devices on a map
- Ability to remotely lock a targeted device by manual process and by automated compliance rules
- Ability to execute a corporate wipe when a device has a disallowed operating system
- Capable of FIPS 140-2 encryption including strong cryptography strength that the device uses to encrypt content at rest. The VA Address Book is protected when device is at rest.
The MGM solution must also meet requirements related to compliance, reporting, profile management and other areas.