Ad Image

NIST Releases 2013 Best Practices for Security of Mobile Devices in the Enterprise

Mobile Device Management Best Practices for Enterprise Security NIST BYOD 2013

Mobile Device Management Best Practices for Enterprise Security NIST BYOD 2013The National Institute of Standards and Technology (NIST) just released its latest mobile device management recommendations on how enterprises can best achieve the multiple security objectives: confidentiality, integrity, and availability. In the the Executive Summary, NIST is quite clear “To achieve these objectives, mobile devices should be secured against a variety of threats.for what organizations should implement the following guidelines to improve the security of their mobile devices.”

In this reports, NIST provides a very straight-forward set of recomendations that include:

  1. Organizations should have a mobile device security policy.
  2. Organizations should develop system threat models for mobile devices and the resources that are accessed through the mobile devices.
  3. Organizations deploying mobile devices should consider the merits of each provided security service, determine which services are needed for their environment, and then design and acquire one or more solutions that collectively provide the necessary services.
  4. Organizations should implement and test a pilot of their mobile device solution before putting the solution into production.
  5. Organizations should fully secure each organization-issued mobile device before allowing a user to access it.
  6. Organizations should regularly maintain mobile device security.
  7. Organizations should periodically perform assessments to confirm that their mobile device policies, processes, and procedures are being followed properly.

This is a great piece of free information on best practices with regard to security of mobile devices in the enterprise and is intended for Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), and security managers, engineers, administrators, and others who are responsible for planning, implementing, and maintaining the security of mobile devices. It assumes that readers have a basic understanding of mobile device technologies and enterprise security principles.

Share This

Related Posts