Use of Wearable Devices DoD Accredited Spaces with FAQ

ATTACHMENT

GUIDANCE FOR INTRODUCTION AND USE OF WEARABLE FITNESS DEVICES

WITHIN DOD ACCREDITED SPACES AND FACILITIES

For the purpose of this memorandum, wearable fitness devices are defined as wearable fitness

devices which are commercially available in the United States and Military Exchange stores

globally and marketed as fitness devices for the primary purpose of tracking fitness related

activities (e.g. step counting, heart rate, sleep tracking, etc.). Headphones are wired headphones

(i.e. not wireless) which can be plugged into a computing device to listen to audio media (e.g.

music, Defense Collaboration Services, etc.).

1. Wearable fitness devices are authorized for introduction and use within DoD offices,

work spaces, and facilities accredited up-to TOP SECRET collateral. This includes

common areas, restricted areas, and collateral open storage areas, under the following

circumstances:

a. The device must be:

i. Commercially available in the U.S. or at a U.S. Military Exchange; and

ii. Marketed primarily as a fitness or sleep device;

iii. Capable of disabling wireless communication capabilities including any

propriety synchronization capability which pairs the wearable fitness device

with a mobile device or smartphone;

NOTE: Bluetooth capabilities are exempt from this requirement.

iv. Designated as a Federal Communication Commission (FCC)-Class B digital

device or FCC Class B exempt.

b. Authorized personal wearable fitness devices shall receive only vendor-supplied

software updates.

c. The device cannot contain the following capabilities or characteristics:

i. Photographic or video capture/recording capabilities;

ii. Microphone or audio recording capabilities.

d. The following restrictions apply to wearable fitness devices:

i. Personnel shall be cleared, at a minimum, to the same level of the facility in

which the device will be introduced. (e.g. If the facility is accredited at the

secret level, the user shall have at least a secret clearance.)

ii. Accessories including the charging cables and/or any universal serial bus

(USB) accessories (e.g. Bluetooth dongle) are not authorized within DoD

accredited spaces.

iii. The devices shall not be connected to any government Information System

(IS). This includes connections for charging and synchronization.

iv. All wireless and/or connectivity capabilities shall be disabled. If the device

has wireless or connectivity capabilities which cannot be disabled, they are

not authorized into the space.

NOTE: Bluetooth capabilities are not required to be disabled.

ATTACHMENT

GUIDANCE FOR INTRODUCTION AND USE OF WEARABLE FITNESS DEVICES

WITHIN DOD ACCREDITED SPACES AND FACILITIES

2. Headphones are authorized for introduction and use within accredited DoD offices, work

spaces, and facilities accredited up-to TOP SECRET collateral. This includes common,

restricted areas, and collateral open storage areas, under the following circumstances:

a. The use of headphones on Government IS under the purview of the DoD CIO is

authorized provided that:

i. Headphones are not wireless;

ii. They do not connect to a USB port;

iii. They do not contain a microphone;

NOTE: Government furnished headphones with a microphone can be

connected to government information systems for meetings (e.g. Defense

Collaboration Services) where two-way communication is required.

iv. They do not contain noise cancellation capabilities.

b. Such headphones can be used on a system with any classification level and once

disconnected, the headphones are not considered classified. All headphones must be

disconnected from the IS when not in use. Headphones that meet the allowed criteria

are not considered portable electronic devices.

3. Personnel bringing wearable fitness devices and headphones into DoD accredited spaces

are consenting to inspection and monitoring of the devices. Wearable fitness devices and

headphones in DoD accredited spaces are subject to inspection and, if necessary,

technical evaluation. In addition, the emanations of authorized wearable fitness devices

in DoD accredited spaces are subject to monitoring.

4. The local Cognizant Security Authority (CSA) may deem an accredited space exempt

from this memo and continue to restrict wearable fitness devices and headphones if the

following criteria applies:

a. Any space that substantially or entirely involves the use of classified material

acquired by another intelligence agency and that agency requests/supports the

restriction.

b. Any space accommodating another intelligence agency or foreign intelligence

partner and that agency or partner requests/supports the restriction; or

c. Any space wherein the activity and/or discussion involves support to clandestine

or covert operations.

5. Authorized wearable fitness devices and headphones can be removed and re-introduced

to accredited DoD offices, work spaces, and facilities on a daily basis.

6. This Memorandum does not apply to the introduction of wearable fitness devices and

headphones within Sensitive Compartmented Information Facilities (SCIFs) or Special

Access Program Facility (SAPF). For introduction and use of wearable fitness devices in

SCIFs, refer to appropriate and applicable Intelligence Community Directives and

Memorandums. For SCIFs accredited by DIA and NSA see References (a) and (b)

ATTACHMENT

GUIDANCE FOR INTRODUCTION AND USE OF WEARABLE FITNESS DEVICES

WITHIN DOD ACCREDITED SPACES AND FACILITIES

respectively. Subsequent guidance may be issued by the DoD or Component Special

Access Program Central Offices (SAPCOs).

7. CSAs are responsible for updating all appropriate signage to reflect the authorization of

wearable fitness devices and headphones within accredited DoD offices, work spaces,

and facilities.

Wearable Fitness Devices and Headphones

Frequently Asked Questions (FAQ)

Updated: 2016-08-09

Subject: DoD CIO Memorandum, “Introduction and Use of Wearable Fitness Devices and

Headphones within DoD Accredited Spaces and Facilities”, March 21, 2016.

Overview

The intent of this Frequently Asked Questions (FAQ) document is to provide clarification of the

subject memorandum based on inquires received from the DoD CIO. As stated on the signature

page, the memorandum s’ focus is on personal wearable devices and headphones. The

memorandum is not intended to enforce other policies regarding classified spaces, device

approval (e.g. USB Bluetooth devices), or physical access.

The follow is a list of questions with responses to provide clarification to the subject

memorandum.

Q1. Please provide the references listed in the memorandum.

A1. Response: Please contact the technical POC’s listed at the end of this FAQ.

Q2. In para 2.a.iv of the attachment, it states that [headphones] do not contain noise cancelling

technology. Are headphones with noise cancelling capabilities specifically banned from use in

DOD accredited spaces and facilities?

A2. Response: No. The intent of the memorandum is not to prohibit headphones with noise

cancelling capabilities embedded in them. The memorandum does not include these types of

headphones in the blanket approval based on the following factors:

1. Both NSA and DIA prohibit these types of devices in SCIFs (see references listed in the

memorandum). Noise cancelling headphones have embedded microphones.

2. The DoD CIO allows the use of devices which meet the criteria described in the subject

memorandum without further approval.

3. If your cognizant security authority (CSA) approves noise cancelling headphones in your

space, you are able to use them. Your CSA would have to accept the risk and document

the use case if approved.

Both NSA and DIA based their decision on risk assessments. We coordinated the subject

memorandum with NSA and the USD(I) teams prior to formally staffing to ensure the

memorandum received proper scrutiny.

Q3. Please provide clarification as to whether or not government issued headphones that use the

USB port can be used within accredited DoD offices.

A3. The focus of DoD CIO signed memorandum is on wearable fitness devices and headphones

and based on both the DIA and NSA policies (references in Q1). While these policies are

specific to SCIF's, most of their recommendations were also suitable for DoD accredited secure

spaces (TS collateral and below).

Frequently Asked Questions

Introduction and Use of Wearable Fitness Devices

and Headphones within DoD Accredited Spaces and Facilities

The intent of the DoD CIO signed memorandum is not to prohibit headphones from connecting

to USB ports. The subject memorandum only provides approval for devices which meet the

criteria contained herein. In other words, if you have a wearable fitness device or headphones

which meet the criteria in the memo, they are approved for use. If a device in question does not

meet the criteria in the memorandum (e.g. headphones which plug into a USB port), then your

normal approval process shall be followed. This memorandum is NOT intended to prohibit any

devices. If you have already approved connecting headphones with or without microphones to

the USB port of your computer, this memorandum does NOT impact this approval.

Q4. Was it the intent of this new policy to prohibit the use of USB headphones regardless of

whether they are personal or government furnished?"

A4. No. The intent was to provide approval of wearable fitness devices and headphones which

meet the criteria in our memorandum. Both headphones (with or without a USB connector) and

wearable fitness devices may be government furnished or personally owned. See also Q3 and

A3.

Q5. Does this memorandum cover smartwatches (e.g. Apple Watch, Samsung Gear, etc.)?

A5. No. The memorandum’s focus is on wearable fitness devices. Smartwatches often contain

cellular capabilities, cameras, and microphones, in addition to fitness tracking capabilities.

Watches which meet the criteria of the subject memorandum are the only watches approved

through this memorandum. If the watch serves a mission purpose, the local CSA has the

authority to accept the risk and approve the use.

Q6. Which SCIFs are covered under this memorandum?

A6. None. This memorandum doesn’t cover SCIFs because they are out of the authority of the

DoD CIO. Combatant commands, services, and agencies which accredit their own SCIFs are

encouraged to adopt either the NSA or DIA policy on wearables which apply to SCIFs in support

of reciprocity. See also item #6 in the subject memo.

Q7. If I was able to wear my fitness device or use headphones previously, do I need to do

anything different now? Does this memorandum prohibit wireless headphones or headsets?

A7. For good housekeeping measures, check with your local CSA to ensure you are complying

with local and DoD guidance set forth in this memorandum. Local policies take precedent when

more restrictive. This memorandum does NOT prohibit wireless headphones or headsets.

Q8. If my agency already has a policy which allows headphones and wearable fitness devices,

do I need to comply with the DoD policy?

A8. Yes. The subject DoD memorandum covers the DoD and the spaces in which it is

authoritative. Your agency can only strengthen DoD policy. As an example, if your agency

currently allows noise cancelling headphones within DoD accredited spaces, your local CSA

Frequently Asked Questions

Introduction and Use of Wearable Fitness Devices

and Headphones within DoD Accredited Spaces and Facilities

would need to review the subject DoD memorandum and document the residual risk in allowing

headphones in DoD accredited spaces.

Q9. Is there a list of fitness device and headphones authorized in these areas? Are

Bases/Locations required to come up with their own list of devices?

A9. No. The wearable fitness device market is evolving at a faster pace than the mobile device

market. The intent of the memorandum is to provide the minimal technical requirements for

introduction and use of wearable fitness devices and headphones in DoD accredited facilities. If

your local command or agency does not wish to allow the devices in, you are able to prohibit

them with local or agency policy (see #4 on page 2 of the memorandum).

Q10. Are Bluetooth keyboard and mice approved for use in these accredited spaces?

A10. The subject memorandum does not cover Bluetooth keyboards or mice. Contact the

technical POCs at the end of this FAQ for a copy of the DoD CIO signed Memorandum,

“Wireless Peripherals Guidance”, October 6, 2014.

Q11. If the facility in which users will be introducing wearable fitness devices has areas cleared

at a higher level than the staff member, are they able to wear their fitness device in areas in

which they are cleared to access?

A11. Yes. In accordance with the memorandum para1.d.i users are required to be cleared at the

same level of the facility to which the devices will be introduced. Users of wearable fitness

devices shall only be allowed to wear devices which meet the requirements of the subject

memorandum in areas (e.g. offices, work locations, buildings, etc.) in which they are cleared for

access.

Q12. Are interim clearances sufficient in meeting the requirement listed in the memo?

A12. The local CSA is responsible for making all security decisions for the facility in which

they are responsible for. Generally speaking, if the user with the interim clearance has

unescorted access to the accredited space in which they will be wearing the fitness device, it

would meet the intent of this memorandum. If the facility does not allow users with interim

clearances unescorted access, it would not meet the intent of this memorandum.

Q13. Are wearable fitness devices compliant with the guidance which utilize GPS authorized?

A13. Yes. Bluetooth, GPS, and NFC are all acceptable capabilities in wearable fitness devices.

Q14. Are wearable fitness devices allowed to sync with mobile devices in DoD Accredited

Spaces and Facilities?

A14. No. Wearable fitness devices approved for introduction and use in DoD Accredited

Spaces and Facilities (classified spaces) are not approved to synchronize with any device in or

near the classified facility. Devices paired to an approved wearable fitness device stored outside

Frequently Asked Questions

Introduction and Use of Wearable Fitness Devices

and Headphones within DoD Accredited Spaces and Facilities

the facility shall have the synchronization capability disabled. We recommend turning off the

device completely. However, since most devices synchronize using Bluetooth or NFC, you can

also disable that capability.

Q15. Are wearable Garmin devices marketed as fitness devices authorized?

A15. All devices, regardless of manufacturer, which meet the criteria of the attachment in the

subject memorandum, are approved for introduction and use in DoD accredited spaces.

Q16. Can you please clarify why Bluetooth capabilities are not required to be disabled?

A16. The subject memorandum was modeled after both the NSA and DIA policy (references in

the subject memo) on the same subject which allows Bluetooth. Their policy specifically applies

to SCIFs. We collaborated with both NSA and Under Secretary of Defense for Intelligence

while drafting our memorandum to ensure it was well coordinated. A risk determination was

made to allow bluetooth based on the NSA and DIA policies.

Q17. Does the subject memorandum prohibit wireless headsets or headphones in unclassified

spaces?

A17. No. The memorandum, per the cover page, scope covers areas where classified

information is stored, processed, or transmitted.

Government POC’s for the subject memorandum:

Mr. Komaroff, Mitchell at [email protected] and 703-697-3314

Ms. Santos-Logan, Carmen J. [email protected] and 571-372-4692

Technical POC’s for this FAQ and subject memorandum:

Mr. Alberts, Will at [email protected] and 571-372-4727

Mr. Rossero, Stephen J at [email protected] and 571-372-4907