11 August 2020

INSTALLATION AND USE OF COMMERCIAL MOBILE APPLICATIONS ON GOVERNMENT-ISSUED MOBILE DEVICES


R 281355Z JUL 20

MARADMIN 429/20

MSGID/GENADMIN/CMC DCI IC4 WASHINGTON DC//

SUBJ/INSTALLATION AND USE OF COMMERCIAL MOBILE APPLICATIONS ON GOVERNMENT-ISSUED MOBILE DEVICES//

POC/DR. RAY A. LETTEER/CIV/IC4 ICC CY/TEL: (703)693-3490/EMAIL: RAY.LETTEER@USMC.MIL//

POC/MS. STEPHANIE CLEARWATER/CIV/IC4 ICC CY/TEL:(571) 256-8868/EMAIL: STEPHANIE.CLEARWATER@USMC.MIL//

POC/MAJ MARC WASON/MAJ/MCRC G6/TEL: (703) 398-8093/EMAIL: MARC.WASON@USMC.MIL//

GENTEXT/REMARKS/1. Situation. This MARADMIN provides guidance to all users in possession of government-furnished equipment (GFE) mobile devices regarding the need to be cognizant of applications downloaded and residing on these mobile devices. 

2. Background. Commercial mobile applications are critical enablers for the Marine Corps and provide new opportunities to improve mission effectiveness. The collection, use, and disposition of information for account creation or made available through mobile applications (e.g., physical locations, significant life events, images, videos, etc.) is a privacy and security concern. 


2.a. Approved and Prohibited Mobile Applications. The following web links contain lists of prohibited and approved managed USMC mobile applications. These lists will be updated as required. The same lists of prohibited and approved mobile applications are maintained at two locations:

2.a.1. MCSC Viper Mobile User Guides (case sensitive): https:(slash)(slash)go.usa.gov/xyc6r

2.a.2. O365 Mobile User Guides (case sensitive, MCEN access required):

https:(slash)(slash)usmc.sharepoint-
mil.us/:f:/s/USMCMCENMobileComputing/EtP91sCtYvNBjmdcvH4kJMIBpu2hLJ1-u2KfGv7hN7Bkrg?e=G1jifJ

2.b. Prohibited Apps. Users will not see or be able to install prohibited applications to their GFE device from Google Play or the Apple Store. If the user has an app installed that later becomes prohibited, it will be automatically removed/blocked by the management server. The following categories of apps are prohibited as they are inappropriate for GFE issued devices:

2.b.1. Games
2.b.2. Dating
2.b.3. Gambling
2.b.4. Security/Monitoring Bypass Tools
2.b.5. Root/Jailbreak Kits, Beta OS Test Kits* (*Designated Mobile Computing team testers in the USMC are authorized for Beta OS & application testing.)
2.b.6. Bitcoin/Cryptocurrency Mining Tools
2.b.7. Applications expressly designed to access work-inappropriate content of an obscene or illegal nature.
2.c. Approved managed apps. There is no user required action other than to download and use the approved mobile applications. The managed versions of these applications are not designed for personal use.
3. User Actions. While there are automated means by which prohibited applications are normally prevented from being installed, if the user has a GFE mobile device and discovers a prohibited application loaded on it, submit a trouble ticket to MCCOG EDM and the application will be blacklisted. Include the user and the full application name.
4. User Guidance. Users should consider the following factors when selecting applications to install on their personal mobile devices:
4.a. Consult the list of prohibited applications in PARA
2.b.1-7. Users are strongly encouraged to delete any apps from their personal devices that the US Government has deemed a risk.
4.b. Use caution if the application records video, takes pictures using the phone's camera, or records voice using the phone’s microphone. 
4.c. Use caution if the application requests to monitor the Global Positioning System (GPS) to send and receive notifications when the device's location changes. This could disclose user location, travel habits, or OPSEC information regarding Marine Corps installations or facilities. 
4.s. Use caution if the application has access to the user's contacts or calendar. This may result in the potential to share private information without the consent of the user.
4.e. Determine any risk to shared data. Users should be aware that data provided to the app may include personal data including Personally Identifiable Information/Protected Health Information (PII/PHI).
5. Any questions may be directed to the Mobile Computing Support Training mailbox (MCST@usmc.mil).
6. Release authorized by BGen Lorna M. Mahlock, Director, Information, Command, Control, Communications, and Computers (C4) Division.//

No comments: