iOS 6 cleared to carry restricted government information
New CESG guidance advises that iOS 6 phones and tablets are suitable for handling more sensitive government data
iPhones and iPads are now deemed sufficiently secure to handle higher-security government data, according to new advice published by the Communications-Electronics Security Group (CESG).
CESG, a wing of GCHQ responsible for providing policy and assistance on the security of communications and electronic data, has advised that iOS 6, the latest version of Apple's iOS mobile operating system, is suitable for data categorised under Impact Levels 1 to 3.
The Impact Levels scale ranges from 0 to 6, with 0 indicating the least sensitive data and Level 6 reserved for the highest security information.
Previously, Blackberrys were the only mobile phones deemed suitable for handling higher-security IL3 government data by CESG.
According to a GCHQ spokesperson, "CESG is currently working on updates and enhancements to a number of our mobile security guidance documents. As part of this work CESG has published risk management guidance for iOS 6 devices for protecting sensitive emails - up to and including Impact Level 3 depending on local risk management decisions."
"The guidance is based on existing CESG security procedures for iOS, but includes updated guidance, additional technical controls and improvements to user guidelines to more effectively manage identified risks with mobile working."
"We published an earlier version of this guidance for iOS 4 in April 2011. Our recent publication takes advantage of new security features within iOS, and builds on CESG's increasing understanding of the security properties of this platform."
CESG published guidance for a number of mobile operating systems in April 2011, including BlackBerry, Windows Phone 7 and Symbian.
Explaining more about CESG's risk guidance, the GCHQ spokesperson said, "It is a comprehensive document that describes the various things which organisations should consider prior to an iOS deployment. This includes recommended network architecture for their enterprise services, the provisioning and deployment process for iOS devices, the configuration and on-going management of the iOS devices, and points around user guidance and education".
"It also describes the high-level risks which any mobile working solution will be exposed to - such as loss or theft of devices - and the relevant technical and procedural mitigations which can be put in-place to help address these."