Guidelines for mobile devices security

Wednesday, 17 July, 2013

The Information Technology Laboratory (ITL) at the US National Institute of Standards and Technology (NIST) has published revised guidelines for managing the security of mobile devices.

Written by Murugiah Souppaya of NIST and Karen Scarfone of Scarfone Cybersecurity, NIST Special Publication 800-124 Revision 1, Guidelines for Managing the Security of Mobile Devices in the Enterprise, will assist organisations in centrally managing the security of mobile devices such as smart phones and tablets.

The document describes the security issues inherent in mobile device use and gives recommendations for selecting, implementing and using centralised management technologies to secure mobile devices throughout their life cycles.

To improve the security of mobile devices, organisations should:

  • develop a mobile device security policy. The policy should define what types of organisational resources can be accessed via mobile devices, what types of mobile devices are permitted, degrees of access, and how provisioning should be handled;
  • develop system threat models for mobile devices and the resources accessed through such devices. Threat modelling helps organisations to identify security requirements and to design effective solutions;
  • consider the merits of each provided security service, determine the needed services, and design and acquire solutions which provide the services. Categories of services to be considered include general policy, data communication and storage, user and device authentication, and applications;
  • implement and test a pilot of the mobile device solution before putting the solution into production. Consider connectivity, protection, authentication, application functionality, solution management, logging and performance of the mobile device solution;
  • fully secure each organisation-issued mobile device before allowing access. This ensures a basic level of trust in the device before it is exposed to threats; and
  • maintain mobile device security on a regular basis. Organisations should periodically assess mobile device policies and procedures to ensure that users are properly following them.

The document can be downloaded from the NIST site (PDF link).

Related News

Govt funds mobile coverage boost for regional Vic, NSW

The Australian Government is improving mobile coverage on our regional roads and highways with...

Optus fined $12m for Triple Zero outage

The ACMA found Optus failed to provide access to the emergency call service for 2145 people...

Cognitive monitoring network service to improve mine safety

The cognitive monitoring network service enables performance, reliability and safety enhancements...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd