NIST Releases Draft Guide on Mobile Device Security for Cloud and Hybrid Builds | Practical Law

NIST Releases Draft Guide on Mobile Device Security for Cloud and Hybrid Builds | Practical Law

The National Institute of Standards and Technology (NIST) is seeking comments on Mobile Device Security: Cloud & Hybrid Builds, a draft cybersecurity practice guide intended to demonstrate how organizations can use commercially available technologies to secure data stored on and accessible through mobile devices in corporately-owned and Bring Your Own Device to Work (BYOD) situations.

NIST Releases Draft Guide on Mobile Device Security for Cloud and Hybrid Builds

Practical Law Legal Update w-000-7434 (Approx. 3 pages)

NIST Releases Draft Guide on Mobile Device Security for Cloud and Hybrid Builds

by Practical Law Intellectual Property & Technology
Published on 10 Nov 2015USA (National/Federal)
The National Institute of Standards and Technology (NIST) is seeking comments on Mobile Device Security: Cloud & Hybrid Builds, a draft cybersecurity practice guide intended to demonstrate how organizations can use commercially available technologies to secure data stored on and accessible through mobile devices in corporately-owned and Bring Your Own Device to Work (BYOD) situations.
On November 4, 2015, the National Cybersecurity Center of Excellence (NCCoE), part of the National Institute of Standards and Technology (NIST), issued a press release announcing the publication of its cybersecurity practice draft, Mobile Device Security: Cloud & Hybrid Builds.
With the rise of Bring Your Own Device to Work, and corporately-owned and personally-enabled scenarios in the workplace, the guide was developed to demonstrate how companies can use commercially available technologies to secure data stored on or accessible through mobile devices.
In particular, the guide:
  • Defines security characteristics needed to manage the risks created when using mobile devices within an enterprise environment.
  • Maps those security characteristics to standards and best practices from NIST and others.
  • Describes and evaluates a detailed hypothetical solution applicable to organizations of all sizes, with technical instructions installing, configuring, and integrating the solution into existing IT infrastructures.
  • Identifies mobile devices and enterprise mobility management systems that meet the defined security characteristics.
Additionally, the guide provides technical instructions on how organizations can:
  • Configure trusted devices.
  • Maintain reasonable separation between organization and employee personal data stored on or accessible through mobile devices.
  • Remove mobile devices that should no longer have enterprise access, for example, when a device is lost or stolen, or an employee leaves the organization.
Interested parties may submit comments through the NCCoE website through January 8, 2016.