NIST Guidelines for Mobile Devices

This week, NIST (National Institute of Standards and Technology) has release the guidelines for managing and securing of mobile devices in the enterprise (Guidelines for Managing and Securing Mobile Devices in the Enterprise - SP 800-124 Revision 1). The purpose of this publication is to provide recommendation to help organizations centrally manage and secure their mobile devices against various threats.

This document is intended for technical staffs such as security engineers and those who are responsible in planning, implementing and maintaining the security of the mobile devices.

It covers the type of mobile devices that are applicable such as smart phone and tablets. Basic cell phones and laptops are out of scope as their threat level and security control options are different.

It also talks about the different high-level threats and vulnerabilities related to these devices, as they are generally higher risk exposure that other client devices such as desktop and laptop. These threats are,

• Lack of physical security controls

• Use of untrusted mobile devices

• Use of untrusted networks

• Use of applications created by unknown parties

• Interaction with other systems

• Use of untrusted content

• Use of location services

The next section of the document provides an overview of the current state of the MDM (Mobile Device Management) technologies, which mainly comprise of the components, the architectures and the capabilities. For components, it talks about the type of MDM solution between the solution from same vendor of the mobile device and using third party product that can manage one or more types of mobile devices.

Please read our "Terms" before making a comment.