The Office of Inspector General (OIG) at the Department of Transportation (DOT) is to review the Department’s management of mobile device security.
In 2020, DOT reported the use of almost 22,000 mobile devices. While mobile devices can increase efficiency and productivity, they can also leave sensitive data vulnerable to increased and more diverse cybersecurity threats, such as mobile malicious software and vulnerabilities that span the device (e.g., operating systems and mobile applications).
Moreover, with the increased use of telework, Federal agencies have increased their adoption and use of mobile technologies, adding to the mobile threat landscape.
In 2022, the Office of Management and Budget issued a Federal zero trust architecture (ZTA) strategy, including guidance for mobile devices. A zero-trust strategy envisions a Federal Government where the devices that Federal staff use to do their jobs are consistently tracked and monitored, and the security posture of those devices is taken into account when granting access to internal resources.
Given the increased use of mobile devices within the Department, DOT’s transition to ZTA, and the increased cybersecurity risks associated with the use of these devices, OIG will conduct the audit to determine whether DOT has established and implemented effective controls to manage and secure its mobile devices.