Lockheed Martin and iPhone
This is what Lockheed Martin has to say:
iPhones for LM Business
Protection of Lockheed Martin (LM) information and computing resources is vital
to maintaining and growing Lockheed Martins reputation. Over the past few
months there has been an increase in requests by LM employees to purchase and
utilize the Apple iPhone for conducting LM business.
Based on a review of the commercial iPhone device, the Corporate Information Security Office (CISO) has determined the iPhone currently lacks basic security controls required by LM policy.
Current generation of iPhone is designed for consumer marketplace
Lacks basic security controls required by LM policy
Not permitted to store or transmit LM sensitive information
LM employees may use the voice capabilities of iPhones in accordance with CPS-710 and in line with local site policies regarding the use of mobile devices on-site. For more detailed information and examples on the acceptable use of iPhones within LM please see:
Apple iPhone Frequently Asked Questions
UPDATED: JULY 16, 2008
Note: The following also applies to the latest version of the iPhone.
As noted in the July 3, 2007 article Apple iPhone, Keep it at Home, the Apple iPhone lacks appropriate security controls, creating a significant security risk to the Corporation. The following FAQs on the iPhone should be helpful:
1. Why is CISO singling out the Apple iPhone?
Aggressive and successful direct-to-consumer marketing campaigns have created great demand for the Apple iPhone. The popularity of the iPhone provides us with an opportunity to reinforce the Corporations commitment to mobile device security. All mobile devices including but not limited to the iPhone, Palm Treo, Microsoft Mobile, and Symbian based operating systems that contain Lockheed Martin Sensitive Information must be properly secured. For information protection requirements and solutions for several different mobile devices, visit CISO Guidelines for Safe Mobile Device Use.
2. What if I want to use the iPhone for personal use?
CISO recognizes the ubiquitous nature of cell phone usage. However, some Lockheed Martin businesses do not permit personal devices to be brought on site. Please refer to the iPhone article on the Information Protection website for additional information.
3. I own a personal iPhone. Do I need to leave it home?
Each Lockheed Martin Business Unit and facility may impose specific restrictions concerning the use of personal devices on Lockheed Martin premises. If you are unsure of your Business Units position, please contact your LMIPC representative.
4. Can I sync my Calendar, Inbox, address book, and iTunes music to my iPhone?
Address book entries may be synced to an iPhone provided no sensitive information is contained in the address book entry. Additionally, users that work on sensitive programs or projects should think twice before syncing their address book. In the aggregate, address book entries can provide key information to malicious individuals, organizations, and governments.
Calendar entries must not be synced to an iPhone or any other unprotected device. Calendar entries contain conference call numbers and passcodes for participants and hosts that could allow a malicious person to listen into sensitive discussions. Additionally, calendar entries may contain attachments that are sensitive in nature.
Inbox and e-mail synchronization allows mobile users to have real-time access to their Lockheed Martin e-mail accounts while away from their laptop or desktop. E-mail redirection and forwarding services provided by wireless carriers are prohibited from being used. Examples of prohibited services include, but are not limited to:
· Wireless Sync from Verizon Wireless
· Xpress Mail from Cingular/AT&T
Carrier-provided e-mail services do not provide security controls to protect Lockheed Martin Sensitive Information. Currently, the only approved method of e-mail synchronization is that provided by the RIM BlackBerry service. For more information on the BlackBerry service, visit the BlackBerry IT Services & Solutions page. Using software, such as Apple's iTunes, to purchase legal audio files for personal use on Lockheed Martin computing resources is acceptable provided that all use complies with CPS-007 Personal Use of Lockheed Martin Assets and all licensing complies with any software agreements as stated in IRM-001 Software License Agreement Compliance.
5. What is CISO doing to allow the iPhone to be used for work purposes?
CISO and CTO are working together with Apple, Inc. on two fronts. The first is to determine exactly how an iPhone can be used to support our mobile workforce while protecting Sensitive Information. Secondly, we are working with Apple, Inc. by providing them our requirements for enterprise scale usage scenarios.
