Guidelines for mobile devices security

Wednesday, 17 July, 2013

The Information Technology Laboratory (ITL) at the US National Institute of Standards and Technology (NIST) has published revised guidelines for managing the security of mobile devices.

Written by Murugiah Souppaya of NIST and Karen Scarfone of Scarfone Cybersecurity, NIST Special Publication 800-124 Revision 1, Guidelines for Managing the Security of Mobile Devices in the Enterprise, will assist organisations in centrally managing the security of mobile devices such as smart phones and tablets.

The document describes the security issues inherent in mobile device use and gives recommendations for selecting, implementing and using centralised management technologies to secure mobile devices throughout their life cycles.

To improve the security of mobile devices, organisations should:

  • develop a mobile device security policy. The policy should define what types of organisational resources can be accessed via mobile devices, what types of mobile devices are permitted, degrees of access, and how provisioning should be handled;
  • develop system threat models for mobile devices and the resources accessed through such devices. Threat modelling helps organisations to identify security requirements and to design effective solutions;
  • consider the merits of each provided security service, determine the needed services, and design and acquire solutions which provide the services. Categories of services to be considered include general policy, data communication and storage, user and device authentication, and applications;
  • implement and test a pilot of the mobile device solution before putting the solution into production. Consider connectivity, protection, authentication, application functionality, solution management, logging and performance of the mobile device solution;
  • fully secure each organisation-issued mobile device before allowing access. This ensures a basic level of trust in the device before it is exposed to threats; and
  • maintain mobile device security on a regular basis. Organisations should periodically assess mobile device policies and procedures to ensure that users are properly following them.

The document can be downloaded from the NIST site (PDF link).

Related News

$6.1m in govt funding to improve NSW rural connectivity

The funding will improve connectivity to around 1500 premises across the central west and...

Govt funds comms for Navy, Wi-Fi for evacuation centres

The government is upgrading communication systems on Royal Australian Navy ships, and also...

Call to standardise physical security of comms infrastructure

A new white paper from TCCA seeks to catalyse the creation of a global standard for the physical...

Content from other channels on our network

Computational model enhances battery safety

A surprise contender for cooling computers: lasers

A fluid battery that can take any shape

Ultra-thin cooling solution for mobile devices

Scientists unveil flexible OLED panel with built-in speaker

AI microgrid solutions coming to NT

Powering research with community batteries

Electrical retailers fined for non-compliant appliances

Research aims to increase energy efficiency in mobile networks

The case for standalone power

Illumio launches AI-powered threat detection platform

Cloudflare unveils VPC solutions for developers

Australia ahead on GenAI but skills and security threaten value: report

Ericsson unveils new wireless branch architecture

How AI agents will transform enterprise IT operations

  • All content Copyright © 2025 Westwick-Farrow Pty Ltd