Revised Security Guidelines Provide Strategy for Government Mobile Device Management
From NIST Tech Beat: June 25, 2013
Contact: Evelyn Brown
The National Institute of Standards and Technology (NIST) has published a mobile device management guide for federal agencies seeking secure methods for workers to use smart phones and tablets.
Employees want to be connected to work through mobile devices for flexibility and efficiency, and managers can appreciate that. However, the technology that delivers these advantages also provides challenges to an agency's security team because these devices can be more vulnerable.
For example, a smartphone or tablet could be stolen or lost, potentially allowing unauthorized individuals access to an agency's network and its sensitive information. Also, an employee can unknowingly infect its agency's network by downloading an application containing malware.
Guidelines for Managing the Security of Mobile Devices in the Enterprise helps federal agencies and other organizations struggling with this dilemma. Originally issued in 2008 as Guidelines on Cell Phone and PDA Security, the new guidelines have been extensively updated and reflect comments received on a draft version issued a year ago.
The revised guidelines recommend using centralized device management at the organization level to secure both agency-issued and individually owned devices used for government business.
Centralized programs manage the configuration and security of mobile devices and provide secure access to an organization's computer networks. Many agencies currently use this type of system to manage the smartphones they issue to staff. The new NIST guidelines offer recommendations for selecting, implementing and using centralized management technologies for securing mobile devices.
Other key recommendations include instituting a mobile device security policy, implementing and testing a prototype of the mobile device solution before putting it into production, securing each organization-issued mobile device before allowing a user to access it, and maintaining mobile device security.
Guidelines for Managing the Security of Mobile Devices in the Enterprise (NIST Special Publication 800-124 Revision 1) is available at www.nist.gov/manuscript-publication-search.cfm?pub_id=913427.