NIST updates guidelines for mobile device security

Jul 11, 2012

The National Institute of Standards and Technology (NIST) has released a proposed update to its guidelines for securing mobile devices—such as smart phones and tablets—that are used by the federal government. NIST is asking for public comment on the draft document.

Mobile devices allow workers, including government employees, to work in multiple locations and to improve their efficiency. But the same features that make these devices desirable make them a security challenge. Mobile devices can easily be lost or stolen, and users may be tempted to download nonsecure apps that might conceal "malware" that could be used to steal confidential data. Since security is minimal for mobile devices, a thief can retrieve sensitive data directly from the device, or use the phone or tablet to access an organization's computer network remotely.

The revised guidelines recommend using a software technology that centralizes device management at the organization level to secure both agency-issued and personally owned devices that are used for government business. Centralized programs manage the configuration and security of mobile devices and provide secure access to an organization's computer network. They are typically used to manage the smart phones that many agencies issue to staff. The new NIST guidelines offer recommendations for selecting, implementing, and using centralized management technologies for securing mobile devices.

"Mobile devices need to support multiple security objectives: confidentiality, integrity and availability, so they need to be secured against a variety of threats," explains co-author and NIST guest researcher Karen Scarfone. This publication provides specific recommendations for securing mobile devices and is intended to supplement federal government security controls specified in NIST's fundamental IT security document, Recommended Security Controls for Federal Information Systems and Organizations (Special Publication 800-53).

The draft guidelines also recommend developing system threat models for and those resources accessed through them, instituting a mobile device security policy, implementing and testing a prototype of the mobile device solution before putting it into production, securing each organization-issued mobile device before allowing a user to access it, and maintaining device security regularly.

Originally published as Guidelines on Cell Phone and PDA Security, the revision has been updated for today's technology. The do not cover laptops because the security controls available for laptops today are quite different than those available for smart phones and tablets. Basic cell phones are not covered because of the limited options available and threats they face.

Explore further: Using video games to model real life outbreaks

More information: NIST requests comments on Guidelines for Managing and Securing Mobile Devices in the Enterprise (SP 800-124 Revision 1). The document can be found at csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf. Comments should be sent to 800-124comments@nist.gov by Friday, Aug. 17, 2012, with the subject "SP 800-124 Comments."

Related Stories

Wake-up call: Draft security pub looks at cell phones, PDAs

Jul 10, 2008

In recent years cell phones and PDAs—"Personal Digital Assistants"—have exploded in power, performance and features. They now often boast expanded memory, cameras, Global Positioning System receivers and the ability to ...

Improving Security of Handheld IT Devices

Aug 29, 2005

Handheld devices such as personal digital assistants are becoming indispensable tools for today’s highly mobile workforce. Small and relatively inexpensive, these devices can be used for many functions, including sending ...

Recommended for you

Using video games to model real life outbreaks

Jun 30, 2015

Those of you who know me know that I'm a video game nerd. And comic book nerd. And just nerdy nerd in general. So when I read an article that used World of Warcraft to model disease outbreaks, I jumped on ...

Railroad official asks digital map makers to mark crossings

Jun 29, 2015

The federal agency that oversees railroads has asked digital mapping companies to alert drivers as they approach track crossings in the hope that visual and audio cues will lead to greater awareness of potential dangers.

Learning early about late flights

Jun 25, 2015

A new study published in the Articles in Advance section of Transportation Science, a journal of the Institute for Operations Research and the Management Sciences (INFORMS), improves how air traffic managers cope with unexpe ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.