NSF needs tighter controls on agency-owned iPhones

The agency has mobile device management software but could be using it better.
(iStock photo)

The National Science Foundation could stand to be a bit more strict while enforcing rules governing the appropriate use of agency-owned mobile phones and tablets, a recent report by the agency’s inspector general finds.

The independent federal agency provides iPhones and iPads to some employees on the basis of business need. All in all, the IG found, NSF owned 321 iPhones and 337 iPads as of July 2018.

These devices are provided for work purposes, so there are various agency rules governing appropriate use. For example, accessing pornographic content is prohibited, as is using the device for gambling. The devices are supposed to be used only for work purposes, and only by the intended owner.

NSF uses mobile device management software, currently called “Intelligent Hub,” to monitor devices and the apps installed on those devices. This software has the ability to detect when prohibited apps are installed, but the IG says NSF could do a better job utilizing this software.


“We identified 102 NSF-owned iPhones and iPads that were either not enrolled or enrolled incorrectly in mobile device management software,” the IG writes.

In some cases, NSF-owned phones were incorrectly identified as personal devices, for example, and vice-versa. Part of the issues, the IG suggests, may be that employees themselves are in charge of managing this enrollment. “NSF allows mobile device users to enroll in [Intelligent Hub] themselves, as opposed to requiring enrollment by a central point of service, such as IT Help Central,” the document explains. “NSF does not have a mechanism to ensure NSF staff complete the enrollment process or enroll in [Intelligent Hub] correctly.”

The IG also found various apps installed on NSF-owned devices that seem to violate NSF policy. These include, for example, children’s entertainment apps and games. The IG notes that while Intelligent Hub has the ability to flag apps that violate agency policy, NSF hasn’t really used this capability. “By limiting its use of [Intelligent Hub], NSF may have missed opportunities to detect and deter inappropriate use of NSF-owned mobile devices, which could discredit NSF or damage its public reputation,” the report states.

The IG report gives seven recommendations, including that NSF clarify rules around enrollment in the agency’s mobile device management software, clarify which apps should not be downloaded to agency-owned devices and develop a policy for app review.

The NSF concurred with all recommendations and is developing an “action plan” to address them.

Latest Podcasts