Guidelines for mobile devices security

Wednesday, 17 July, 2013

The Information Technology Laboratory (ITL) at the US National Institute of Standards and Technology (NIST) has published revised guidelines for managing the security of mobile devices.

Written by Murugiah Souppaya of NIST and Karen Scarfone of Scarfone Cybersecurity, NIST Special Publication 800-124 Revision 1, Guidelines for Managing the Security of Mobile Devices in the Enterprise, will assist organisations in centrally managing the security of mobile devices such as smart phones and tablets.

The document describes the security issues inherent in mobile device use and gives recommendations for selecting, implementing and using centralised management technologies to secure mobile devices throughout their life cycles.

To improve the security of mobile devices, organisations should:

  • develop a mobile device security policy. The policy should define what types of organisational resources can be accessed via mobile devices, what types of mobile devices are permitted, degrees of access, and how provisioning should be handled;
  • develop system threat models for mobile devices and the resources accessed through such devices. Threat modelling helps organisations to identify security requirements and to design effective solutions;
  • consider the merits of each provided security service, determine the needed services, and design and acquire solutions which provide the services. Categories of services to be considered include general policy, data communication and storage, user and device authentication, and applications;
  • implement and test a pilot of the mobile device solution before putting the solution into production. Consider connectivity, protection, authentication, application functionality, solution management, logging and performance of the mobile device solution;
  • fully secure each organisation-issued mobile device before allowing access. This ensures a basic level of trust in the device before it is exposed to threats; and
  • maintain mobile device security on a regular basis. Organisations should periodically assess mobile device policies and procedures to ensure that users are properly following them.

The document can be downloaded from the NIST site (PDF link).

Related News

6G-REFERENCE project envisions cell-free comms in urban areas

The solution envisioned by 6G-REFERENCE consists of ultra-dense, cell-free deployments for joint...

Sanctions on Hytera halted by appeals court

The sanctions follow a years-long trade secrets and copyright infringement dispute between the...

MXene-based compound to enable 3D-printed antennas

The integration of MXene onto 3D-printed nylon-based parts allows a channel-like structure to...

Content from other channels on our network

Robotic lab enhances battery manufacturing

Machine learning used to create fabric-based touch sensor

Hybrid sodium-ion battery can be charged in a few minutes

Researchers develop energy-efficient probabilistic computer

Wearable sensor measures real skin feel

Cobalt Iron earns patent on analytics-based dynamic authorisation control

Shoalhaven City Council uses AI to deliver safer roads to the community

Smart technologies: helping councils improve community services and sustainability

Infrastructure projects a funding black hole without asset management

Gartner announces top government technology trends

HPE launches Wi-Fi 7 access points

Big AI in big business: three pillars of risk

Cradlepoint launches 5G-ready SASE solution

Veeam buys ransomware response company Coveware

Cognizant and Microsoft forge AI partnership

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd