Home » Budget Industry » New Pentagon Mobile Device Restrictions Policy


New Pentagon Mobile Device Restrictions Policy

The following is the May 22, 2018 Pentagon memo, Mobile Device Restrictions in the Pentagon.

From the Memo:

SUBJECT: Mobile Device Restrictions in the Pentagon

1. Purpose. This memorandum prescribes guidance and procedures for mobile device
restrictions within the Pentagon.

2. Applicability.
a. This memorandum establishes restrictions for mobile devices anywhere within the Pentagon that is designated or accredited for the processing, handling, or discussion of classified information.

b. This memorandum applies to all Department of Defense (DOD) and Office of the Secretary of Defense (OSD) Components (“Components”), as well as military personnel, civilian employees, contractors, and visitors in the Pentagon. For purposes of this memorandum. the term “Pentagon” means the Pentagon Office Building and its supporting facilities located on that area of land (consisting of approximately 227 acres) located in Arlington County, Virginia.

c. This does not apply to approved medical devices. In evaluating requests to approve medical devices for civilian employees. an individualized assessment will be made consistent with the requirements of the Rehabilitation Act of 1973, as amended.

d. This does not apply to mobile devices having minimal storage and transmission capabilities such as key fobs used for medical alert, motor vehicles, or home security systems.

e. This does not apply to fitness trackers that do not contain camera, microphone, cellular, or Wi-Fi technology.

3. Policy.

a. Personal and Government mobile devices that transmit, store, or record data are prohibited inside secure spaces within the Pentagon.

b. Mobile devices may be used in common areas and spaces within the Pentagon that are not designated or accredited for the processing, handling, or discussion of classified information.

c. Components will comply with any applicable labor relations obligations when implementing this policy.

4. Control Procedures and Device Storage.

a. Mobile devices must be stored in daily-use storage containers that are located outside the secure space.

b. Mobile devices must be powered off prior to being stored, and must remain powered off until retrieved.

c. Signs displaying the prohibition and control procedures must be posted outside all secure spaces.

5. Requests for Exceptions.

a. Component Senior Agency Officials will submit written requests for exceptions on behalf of their respective Component and will be responsible for compliance.

b. All requests for exceptions must be submitted to the Under Secretary of Defense for Intelligence (USD(I)).

c. Government-issued mobile devices.

(1) The USD( I) and the Department of Defense Chief Information Officer (DOD CIO), may jointly grant exceptions to this policy for government-issued mobile devices pursuant to DOD Manual 5200.01 , Vol l, “DOD Information Security Program: Overview, Classification and Declassification.” USD( I) and DOD CIO will prescribe procedures for requesting exceptions and documenting approved exceptions.

(2) Exception requests for unclassified government-issued mobile devices that will regularly be present in secure spaces (for example, a laptop or tablet serving as a desktop replacement) must have an approved process for disabling the camera and microphone functionality and have technical measures in place to disable Wi-Fi connectivity.

d. Personal mobile devices.

Exceptions for personal mobile devices will not be granted. Note, however, that under paragraph 2.c, approved medical devices are not covered by this policy, and paragraphs 2.d and 2.e have further exclusions. 6. Security Violations and Enforcement.

a. Failure to abide by the rules promulgated in this memorandum and other applicable laws and regulations regarding security violations involving classified information may subject
military members, civilian employees, and contractors to appropriate disciplinarily and for administrative actions, fines, or other appropriate actions, and may result in a review of the individual`s security clearance eligibility. Also, military members may be subject to punishment under chapter 47 of the United States Code (also known as “the Uniform Code of Military
Justice” or “UCMJ”). The Secretaries of the Military Departments will maintain regulations that make punishable, under Article 92 of the UCMJ, any violation of the restrictions imposed by this memorandum by persons subject to the UCMJ.

b. Pentagon Force Protection Agency (PFPA), in coordination with tenant space security managers, will randomly conduct security inspections in and around classified spaces to monitor
compliance, to include the use of wireless detection capabilities.

c. Tenant managers and/or supervisors in Components will ensure prohibited devices are immediately removed from the space and under appropriate circumstances inspected for activities that could result in the loss or compromise of classified information, such as audio recordings of classified information discussions or photography of classified information from computer screens or paper documents. Security violations will be reported in accordance with DOD Manual 5200.01 , Volume 3, “DOD Information Security Program: Protection of Classified Information.”

d. In accordance with applicable rules and regulations regarding physical access to the Pentagon, persons who violate this policy may be denied access thereto.

7. Responsibilities.
a. Tenant managers and or supervisors in Components are responsible for:

(1) Enforcing the requirements in this memorandum;

(2) Ensuring that daily-use storage containers are available outside the entry control points to secure spaces within the Pentagon;

(3) Posting applicable signage delineating a space as a secure space and the restrictions for mobile devices;

(4) Coordinating with Washington Headquarters Services (WHS), Integrated Services Division at 703-693-3768 or https:I/my.whs.milfservicesfmobile-devices to obtain information regarding the procurement and installation of identified standard daily-use storage containers to deconflict with fire, safety and construction requirements. Information can be found on the WHS website, and;

(5) Coordinating with USD(I) and DOD CIO for approved disabling instructions prior to introducing government-issued mobile devices into secure space.

b. All tenants will ensure their visitors are aware of the restrictions and requirements in this memorandum.

c. PFPA will report results of random screenings quarterly to senior leadership and brief the Pentagon Governance Council (PGC) on violations.

d. The DOD CIO will ensure the a.nnual Cyber Awareness training includes information on the risks associated with mobile devices in areas processing classified information.

e. USD(I) and DoD CIO will establish a process for assessing technical capabilities of medical devices to inform component Human Resource officials on decisions regarding introduction of these into secure spaces.

f. WHS will issue a Pentagon Building Circular establishing guidance and procedures for WHS daily-use storage containers, including their installation within the Pentagon. In doing so, WHS will coordinate with PFPA regarding security standards and with the Pentagon fire marshall regarding fire safety.

8. Implementation.

a. Components will begin implementation immediately, with complete implementation no later than 180 days after the date of this memorandum.

(1) Government-issued unclassified mobile devices that function as a desktop replacement within a secure space must have approved interim mitigations applied until replaced with compliant devices, no later than 180 days after the date of this memorandum.

(2) Government-issued classified mobile devices may continue to operate as previously approved while a request for exception is submitted as described in Section 5 of this
memorandum.

(3) All other government-issued and personal mobile devices must be removed from secure spaces immediately.

b. Components will immediately conduct a survey of mobile devices being used in secure spaces and coordinate with their service provider to implement any needed mitigations.

c. Components will update the PGC monthly on progress and issues until implementation is complete.

9. Definitions.

For the purposes of this memorandum only, the following definitions apply:
a. Secure Space: An area that has been designated or accredited for the processing, handling, or discussion of classified information.

b. Senior Agency Official: An official appointed by the Head of a DOD or OSD Component to be responsible, within the Pentagon, for direction, administration, and oversight of the
Component’s Information Security Program, to include classification, declassification, safeguarding, and security education and training programs.

c. Mobile Device: Also referred to as a portable electronic device, a mobile device is a portable computing device that: (i) has a small form factor such that it can easily be carried by a single individual; (ii) is designed to operate without a physical connection (e.g., wirelessly transmit or receive information); (iii) possesses local, non-removable data storage; and (iv) is powered-on for extended periods of time with a self-contained power source.

Mobile devices include but are not limited to laptops, tablets, cellular phones, smartwatches, and other devices with these characteristics, but exclude those devices described in 2.c, 2.d, and 2.e.

d. Disabled: Rendering a capability inoperable in a USD( 1)-approved manner that cannot be reversed in software.

e. Interim Mitigation: Examples include but are not limited to the following:

(1) Covering cameras on mobile devices in secure spaces.

(2) Disabling Wi-Fi and audio recording capability on mobile devices in secure spaces.

10. The USD(l) will incorporate this memorandum into a new or existing DOD issuance within 180 days.

  • Ed L

    Crystal Clear, Amen

  • D. Jones

    Would be 950% clearer if they said “no personal electronic devices on the premises”

    Pacemakers excluded.

    Any electronics fool can bury all kinds of stuff in a fitbit. Whoever wrote the order is technologically a nincompoop.

    No. Personal. Electronics.

    Sheesh.

    • bob

      “Would be 950% clearer if they said “no personal electronic devices on the premises”

      Ha!

      Then you wouldn’t need a raft of lawyers, 30 people in the approval chain, and a small rain forest to be destroyed to produce a document that could’ve taken one page.

      My current job does similar silliness. Forty pages of qualifiers before saying what they mean. And then you still have to search for it.

    • proudrino

      The 1990s called, they want their personal electronics policy back.

      You’re suggesting that the 30,000 individuals working in the Pentagon should leave their mobile phones at home? No abilty to communicate while on long commutes. No ability to be reached by family in case of emergency. No connectivity in a society where it is increasingly impossible function without access to electronic devices? Simply put. It is impossible and unrealistic to ban all personal electronics in 2018- no matter the location. Better to figure out a legitimate way to deal with them than your approach.

      • Jim Gallagher

        Re-read:
        “2. Applicability.
        a. This memorandum establishes restrictions for mobile devices anywhere within the Pentagon that is designated or accredited for the processing, handling, or discussion of classified information.”

        Most Pentagon employees don’t work inside these areas. If you do, leave it in your car or the cell rack outside the secure area door.

      • Refguy

        Not impossible; my employer banned cell phones from SCIFs from day one. Of course, in a proper SCIF a cell phone won’t work, should still be banned because of its recording capability.

      • USNVO

        Hillary is that you?

        A complete ban makes no sense but keeping stuff out of classified spaces does.
        Seriously, things like secretaries or co-workers, landlines, and post-it notes have existed for decades to contact people in secure facilities. This isn’t anything new for classified spaces and seriously, who works out in a SCIF anyway?

        No one is going to steal your precious, just not let you use it where you shouldn’t.

  • Jay

    Does not matter. Fox News, Putin, Xi, Israel and Sunni Arab countries are running America foreign policy.

    • proudrino

      Not even close. Are you a professional troll or is this just a hobby?

      • Jay

        Prove me wrong. You right wing Trumptsers sure are sensitive Snowflakes.

  • Marc Apter

    Where is the exemption for Trump’s iPhone, if he happens to visit the Pentagon?

    • USNVO

      I guess you didn’t read the part about exceptions being granted by the USD(I)? Plus, since the last regime and their crackberries, I am sure procedures are well rehearsed.

  • Bo

    I thought this already was the policy … I never dreamed of taking a cell phone into a SCIF or other space classified information was stored or discussed.

    • USNVO

      I agree, I think this is just an update and clarification of existing policy to include things like apple watches, Fitbit, advanced features on cellphones, and other newer technologies that may not have been a concern before. Maybe the new civilian staff isn’t addicted to blackberries? I never served in the pentagon so didn’t follow their policies, but I never would have been allowed to take a smart phone or blackberry into classified spaces.

  • Ed L

    Just put a wi-fi and mobile phone suppression system to cover all military bases and the rest of the world

  • SDW

    Are the “daily use storage containers” going to be Faraday cages; i.e., will they block radio signals coming or going?

    Why does the definition in 9C include items iii and iv? Why restrict the definition that way?