App for a Smartphone or Ipad to Scan Barcodes and Enter Into MyOps...?

[Check Pilot/Tow Pilot]

Show me the regulation the prohibits this.

Show me where common sense says to let third party unaudited applications access government systems. But start with CAPR 110-1 discussing following all applicable .gov domain guidelines, then go through those guidelines for the answer to your question.

In short, don't give third party applications that aren't approved access to government systems. It is a security risk. You are putting the .gov domain registration at risk by doing so.


A short article outlining the risks you are exposing CAP to:
https://www.veracode.com/blog/2015/10/third-party-application-security-risks-modern-companies-sw

Trend Micro with the same advice and IRL risks that have occurred:

http://blog.trendmicro.com/trendlabs-security-intelligence/the-hidden-dangers-in-third-party-app-sites/

Add in just how many phones are compromised these days due to a lack of antivirus on phones and updates for security issues being pushed to phones... This is a high risk.

CAPR 110-1 read and nothing mentioned addressing this.

Article 1 and associated study was relating to third party code and the inherent risks with integrating it into company applications, not related to this.

Article 2 related to downloading apps from third party app sites, not related to this.

Again you stated that CAP would lose their ATO for .gov for an application that scans a CAPID and fills one search field. Again, show me where in the regulations that you can't do that.

No iOS phone compromised from App Store installs. Android is another story, I don't use Android because it's a security nightmare.

If you can't then it's just your opinion and you should just state that instead of coming across as an "authority".

P.S. Just being an IT Officer at a SQ/GP, working in IT is not enough, because there are plenty of us that have that experience.

[Check Pilot/Tow Pilot]

Show me the regulation the prohibits this.

Show me where common sense says to let third party unaudited applications access government systems. But start with CAPR 110-1 discussing following all applicable .gov domain guidelines, then go through those guidelines for the answer to your question.

In short, don't give third party applications that aren't approved access to government systems. It is a security risk. You are putting the .gov domain registration at risk by doing so.


A short article outlining the risks you are exposing CAP to:
https://www.veracode.com/blog/2015/10/third-party-application-security-risks-modern-companies-sw

Trend Micro with the same advice and IRL risks that have occurred:

http://blog.trendmicro.com/trendlabs-security-intelligence/the-hidden-dangers-in-third-party-app-sites/

Add in just how many phones are compromised these days due to a lack of antivirus on phones and updates for security issues being pushed to phones... This is a high risk.

CAPR 110-1 read and nothing mentioned addressing this.

Article 1 and associated study was relating to third party code and the inherent risks with integrating it into company applications, not related to this.

Article 2 related to downloading apps from third party app sites, not related to this.

Again you stated that CAP would lose their ATO for .gov for an application that scans a CAPID and fills one search field. Again, show me where in the regulations that you can't do that.

If you can't then it's just you opinion and you should just state it instead of coming across as an "authority".

P.S. Just being an IT Officer at a SQ/GP, working in IT is not enough, because there are plenty of us that have that experience.

If you want to continue espousing unsafe practices, I'll call you out on it regardless of regulation. Both of those articles explain the risks involved. Un-audited applications accessing our systems expose our systems to risk. This is information security 101.

Great you agree it's your opinion, nothing more.

Back to uniform issues 😬

[Holding Pattern]

Great you agree it's your opinion, nothing more.

Back to uniform issues 😬

It's opinion that third party applications steal information from companies? So you didn't read the articles.

You'll also find it under the principle of least privilege, which is covered in the comptia security+ certification, the most basic of the vendor neutral security courses.

[Check Pilot/Tow Pilot]

Great you agree it's your opinion, nothing more.

Back to uniform issues 😬

It's opinion that third party applications steal information from companies? So you didn't read the articles.

You'll also find it under the principle of least privilege, which is covered in the comptia security+ certification, the most basic of the vendor neutral security courses.

It's your opinion that using this app to scan a CAPID and paste it into a search field will "Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure"

And that it's your opinion that "If/When CAP gets an API for WMIRS, that will be acceptable..."

You want to come across as an authority then cite regulations, if not then say it's in your opinion.

[Holding Pattern]

Great you agree it's your opinion, nothing more.

Back to uniform issues 😬

It's opinion that third party applications steal information from companies? So you didn't read the articles.

You'll also find it under the principle of least privilege, which is covered in the comptia security+ certification, the most basic of the vendor neutral security courses.

It's your opinion that using this app to scan a CAPID and paste it into a search field will "Get CAPs ATO for their .gov network revoked for giving un-audited software access to critical infrastructure"

And that it's your opinion that "If/When CAP gets an API for WMIRS, that will be acceptable..."

You want to come across as an authority then cite regulations, if not then say it's in your opinion.

No, it is my opinion that accessing government systems with unaudited software will do that. I'm fairly certain that you've not done a code review of the software or a packet analysis to make sure that the app in question is only doing what it says it does.

Put it differently, you've given this software permission to interact with a website that has my PII in it. I'm not ok with that.

[etodd]

At last month's SAREX I attended, a Cadet used a bar code scanner to check everyone in. But looking at the laptop it looked like it was just going into a spreadsheet. I 'don't think" it was straight into WMIRS. My assumption is that later that Cadet would then manually enter it into WMIRS.

Double work and inefficient. Its the government way. Always has been and always will be.  If you want to be ahead of the curve, efficient and using top of the line gear .... you're in the wrong place.

As the newbie in my Squadron, the old timers keep telling me to slow down and 'get accustomed to CAP's pace'.  As a business owner and entrepreneur who is accustomed to seeing a problem or need and jumping feet first into quickly solving the issue .... its frustrating trying to get accustomed to CAP's pace.  But I will.  LOL

[Luis R. Ramos]

Agree with you.

If it went directly into a spreadsheet to be entered later, it is inefficient.

[Check Pilot/Tow Pilot]

No, it is my opinion that accessing government systems with unaudited software will do that. I'm fairly certain that you've not done a code review of the software or a packet analysis to make sure that the app in question is only doing what it says it does.

Put it differently, you've given this software permission to interact with a website that has my PII in it. I'm not ok with that.

Great thank you for clarifying that it is your opinion I believe that it's important that when making authoritative statements in CAPTalk that we be honest and state it's our opinion unless backing it up with specific regulations or indicating that we are in a position of authority and will be making a written and disseminated policy that has been approved by the National Commander.

Since you brought it up, what PII does WMIRS have of yours?

[Holding Pattern]

Great thank you for clarifying that it is your opinion I believe that it's important that when making authoritative statements in CAPTalk that we be honest and state it's our opinion unless backing it up with specific regulations or indicating that we are in a position of authority and will be making a written and disseminated policy that has been approved by the National Commander.

Since you brought it up, what PII does WMIRS have of yours?

Those same credentials for WMIRS get you into eServices. Usually WMIRS is launched from eServices.

[Check Pilot/Tow Pilot]

At last month's SAREX I attended, a Cadet used a bar code scanner to check everyone in. But looking at the laptop it looked like it was just going into a spreadsheet. I 'don't think" it was straight into WMIRS. My assumption is that later that Cadet would then manually enter it into WMIRS.

Double work and inefficient. Its the government way. Always has been and always will be.  If you want to be ahead of the curve, efficient and using top of the line gear .... you're in the wrong place.

As the newbie in my Squadron, the old timers keep telling me to slow down and 'get accustomed to CAP's pace'.  As a business owner and entrepreneur who is accustomed to seeing a problem or need and jumping feet first into quickly solving the issue .... its frustrating trying to get accustomed to CAP's pace.  But I will.  LOL

etodd, just FYI I've never gone at a slow pace in CAP and I've never listened to old timers that told me to slow down.

This organization needs hard chargers just like any organization.

I was the DC in my first year and CC in my third.  I've only been in for seven years and you can see what I've done below.

[PHall]

At last month's SAREX I attended, a Cadet used a bar code scanner to check everyone in. But looking at the laptop it looked like it was just going into a spreadsheet. I 'don't think" it was straight into WMIRS. My assumption is that later that Cadet would then manually enter it into WMIRS.

Double work and inefficient. Its the government way. Always has been and always will be.  If you want to be ahead of the curve, efficient and using top of the line gear .... you're in the wrong place.

As the newbie in my Squadron, the old timers keep telling me to slow down and 'get accustomed to CAP's pace'.  As a business owner and entrepreneur who is accustomed to seeing a problem or need and jumping feet first into quickly solving the issue .... its frustrating trying to get accustomed to CAP's pace.  But I will.  LOL

etodd, just FYI I've never gone at a slow pace in CAP and I've never listened to old timers that told me to slow down.

This organization needs hard chargers just like any organization.

I was the DC in my first year and CC in my third.  I've only been in for seven years and you can see what I've done below.

And I predict burnout by 10 years and non-renewal by 12 years.   
Over the course of 40+ years in CAP I've seen the "Hard Chargers" come and I've seen them go. Very few last longer then 10 - 12 years.

[etodd]

Over the course of 40+ years in CAP I've seen the "Hard Chargers" come and I've seen them go. Very few last longer then 10 - 12 years.

And thats a shame. In most other organizations, they are usually the one's with the most spark, imagination and have the best 'lets get it done' attitudes. And the ones that usually, because of their enthusiasm, can bring in the most new members.

But, its not the CAP way. I'll get accustomed.

[etodd]

Very few last longer then 10 - 12 years.

Yet probably accomplish and contribute more in those 10 years than most who stay 30-40 years.

Longevity only counts when measuring seniority in a union job. LOL

[Eclipse]

Over the course of 40+ years in CAP I've seen the "Hard Chargers" come and I've seen them go. Very few last longer then 10 - 12 years.

And that's not enough?  Is dying in office the only way to "win" CAP?

How long is the average military career?  Civilian employment?

A - significantly less on both counts these days then 10-12 years.

Putting in a decade of "hard charging" and then moving on to "other" or "couch" shouldn't be viewed
as "quitting".

If CAP had more folks in for a 10-spot who could leave with a smile, instead of the small number
who hang on just to keep the doors open, CAP would be a lot better off and have a much better reputation
among alumni.

[Check Pilot/Tow Pilot]

At last month's SAREX I attended, a Cadet used a bar code scanner to check everyone in. But looking at the laptop it looked like it was just going into a spreadsheet. I 'don't think" it was straight into WMIRS. My assumption is that later that Cadet would then manually enter it into WMIRS.

Double work and inefficient. Its the government way. Always has been and always will be.  If you want to be ahead of the curve, efficient and using top of the line gear .... you're in the wrong place.

As the newbie in my Squadron, the old timers keep telling me to slow down and 'get accustomed to CAP's pace'.  As a business owner and entrepreneur who is accustomed to seeing a problem or need and jumping feet first into quickly solving the issue .... its frustrating trying to get accustomed to CAP's pace.  But I will.  LOL

etodd, just FYI I've never gone at a slow pace in CAP and I've never listened to old timers that told me to slow down.

This organization needs hard chargers just like any organization.

I was the DC in my first year and CC in my third.  I've only been in for seven years and you can see what I've done below.

And I predict burnout by 10 years and non-renewal by 12 years.   
Over the course of 40+ years in CAP I've seen the "Hard Chargers" come and I've seen them go. Very few last longer then 10 - 12 years.

Not this cat. I did 23 years in the Royal Canadian Air Cadets, concurrent 15 years in the Royal Canadian Air Force all as a hard charger. I've done all I can in CAP ES now it's over to DOV.

I love CAP, besides where else can I fly over 100 hours of meaningful flying for my community and country.

[Check Pilot/Tow Pilot]

Over the course of 40+ years in CAP I've seen the "Hard Chargers" come and I've seen them go. Very few last longer then 10 - 12 years.

And thats a shame. In most other organizations, they are usually the one's with the most spark, imagination and have the best 'lets get it done' attitudes. And the ones that usually, because of their enthusiasm, can bring in the most new members.

But, its not the CAP way. I'll get accustomed.

I disagree, be enthusiastic when recruiting new members, and you will attract members like yourself. Soon you will be surrounded by a core of like members. Long in the CAP tooth members will get excited by the enthusiasm. This is what we did in our Squadron. We work hard and we play hard.

[Check Pilot/Tow Pilot]

Over the course of 40+ years in CAP I've seen the "Hard Chargers" come and I've seen them go. Very few last longer then 10 - 12 years.

And that's not enough?  Is dying in office the only way to "win" CAP?

How long is the average military career?  Civilian employment?

A - significantly less on both counts these days then 10-12 years.

Putting in a decade of "hard charging" and then moving on to "other" or "couch" shouldn't be viewed
as "quitting".

If CAP had more folks in for a 10-spot who could leave with a smile, instead of the small number
who hang on just to keep the doors open, CAP would be a lot better off and have a much better reputation
among alumni.

Since that fun day at NESA you have always been the voice of reason 😄

[Storm Chaser]

Over the course of 40+ years in CAP I've seen the "Hard Chargers" come and I've seen them go. Very few last longer then 10 - 12 years.

And that's not enough?  Is dying in office the only way to "win" CAP?

How long is the average military career?  Civilian employment?

A - significantly less on both counts these days then 10-12 years.

Putting in a decade of "hard charging" and then moving on to "other" or "couch" shouldn't be viewed
as "quitting".

If CAP had more folks in for a 10-spot who could leave with a smile, instead of the small number
who hang on just to keep the doors open, CAP would be a lot better off and have a much better reputation
among alumni.

I agree. I was a "hard charger" for many years. When my participation and interest started dwindling, I let my membership lapse. I then got involved with other things. I came back a few years ago and became a "hard charger" again. But I realize now that I can't keep this pace forever without burning out. At some point in the future either I'll slow down or move to other things. Were my years of service and contributions any less significant if I decide to take a break and try other things? I hope not. CAP is a great organization, but it doesn't need to become our lives and biggest/only priority.

[JeffDG]

Show me the regulation the prohibits this.

Show me where common sense says to let third party unaudited applications access government systems. But start with CAPR 110-1 discussing following all applicable .gov domain guidelines, then go through those guidelines for the answer to your question.

Like any web browser available right now?  They now have "unaudited" access to CAP systems.

In short, don't give third party applications that aren't approved access to government systems. It is a security risk. You are putting the .gov domain registration at risk by doing so.

OK, so we're killing access to Firefox, IE, Chrome, Chromium, Opera, etc. then?

[JeffDG]

No, it is my opinion that accessing government systems with unaudited software will do that. I'm fairly certain that you've not done a code review of the software or a packet analysis to make sure that the app in question is only doing what it says it does.

Put it differently, you've given this software permission to interact with a website that has my PII in it. I'm not ok with that.

You've done a code-review and packet audit of IE and Chrome then?

Because those are just as much "third party applications" as IMS or anything else.