NIST updates guidelines for mobile device security

July 11, 2012

The National Institute of Standards and Technology (NIST) has released a proposed update to its guidelines for securing mobile devices—such as smart phones and tablets—that are used by the federal government. NIST is asking for public comment on the draft document.

Mobile devices allow workers, including government employees, to work in multiple locations and to improve their efficiency. But the same features that make these devices desirable make them a security challenge. Mobile devices can easily be lost or stolen, and users may be tempted to download nonsecure apps that might conceal "malware" that could be used to steal confidential data. Since security is minimal for mobile devices, a thief can retrieve sensitive data directly from the device, or use the phone or tablet to access an organization's computer network remotely.

The revised guidelines recommend using a software technology that centralizes device management at the organization level to secure both agency-issued and personally owned devices that are used for government business. Centralized programs manage the configuration and security of mobile devices and provide secure access to an organization's computer network. They are typically used to manage the smart phones that many agencies issue to staff. The new NIST guidelines offer recommendations for selecting, implementing, and using centralized management technologies for securing mobile devices.

"Mobile devices need to support multiple security objectives: confidentiality, integrity and availability, so they need to be secured against a variety of threats," explains co-author and NIST guest researcher Karen Scarfone. This publication provides specific recommendations for securing mobile devices and is intended to supplement federal government security controls specified in NIST's fundamental IT security document, Recommended Security Controls for Federal Information Systems and Organizations (Special Publication 800-53).

The draft guidelines also recommend developing system threat models for and those resources accessed through them, instituting a mobile device security policy, implementing and testing a prototype of the mobile device solution before putting it into production, securing each organization-issued mobile device before allowing a user to access it, and maintaining device security regularly.

Originally published as Guidelines on Cell Phone and PDA Security, the revision has been updated for today's technology. The do not cover laptops because the security controls available for laptops today are quite different than those available for smart phones and tablets. Basic cell phones are not covered because of the limited options available and threats they face.

Explore further: Improving Security of Handheld IT Devices

More information: NIST requests comments on Guidelines for Managing and Securing Mobile Devices in the Enterprise (SP 800-124 Revision 1). The document can be found at csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf. Comments should be sent to 800-124comments@nist.gov by Friday, Aug. 17, 2012, with the subject "SP 800-124 Comments."

Related Stories

Improving Security of Handheld IT Devices

August 29, 2005

Handheld devices such as personal digital assistants are becoming indispensable tools for today’s highly mobile workforce. Small and relatively inexpensive, these devices can be used for many functions, including sending ...

Wake-up call: Draft security pub looks at cell phones, PDAs

July 10, 2008

In recent years cell phones and PDAs—"Personal Digital Assistants"—have exploded in power, performance and features. They now often boast expanded memory, cameras, Global Positioning System receivers and the ability to ...

NIST releases two wireless security guides, requests comment

October 26, 2011

The National Institute of Standards and Technology (NIST) has issued for public review and comment two draft guides to securing wireless communication networks. NIST is requesting comments on the two publications—one ...

Recommended for you

Not another new phone! But Nextbit's Robin is smarter

September 2, 2015

San Francisco-based Nextbit wants you to meet Robin, which they consider as the smarter smartphone. Their premise is that no one is making a smart smartphone; when you get so big it's hard to see the forest through the trees. ...

Team develops targeted drug delivery to lung

September 2, 2015

Researchers from Columbia Engineering and Columbia University Medical Center (CUMC) have developed a new method that can target delivery of very small volumes of drugs into the lung. Their approach, in which micro-liters ...

Team creates functional ultrathin solar cells

August 27, 2015

(Phys.org)—A team of researchers with Johannes Kepler University Linz in Austria has developed an ultrathin solar cell for use in lightweight and flexible applications. In their paper published in the journal Nature Materials, ...

Magnetic fields provide a new way to communicate wirelessly

September 1, 2015

Electrical engineers at the University of California, San Diego demonstrated a new wireless communication technique that works by sending magnetic signals through the human body. The new technology could offer a lower power ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.