Compliance for Mobile Devices
What is it ?
The National Institute of Standards and Technology is a non-regulatory federal agency within the U.S. Department of Commerce. Companies that provide products and services to the federal government need to meet certain security mandates set by NIST.
It’s purpose ?
The stated goal of the NIST report is that mobile devices need to achieve three primary security goals:
1. Confidentiality: any transmitted or stored data must be protected against unauthorized third-parties 2. Integrity: any transmitted or stored data need to be confirmed as uncorrupted 3. Availability: although devices must be protected, they also need to be functional and allow right users to access company resources
NIST recommendations to strengthen mobile cybersecurity:
- Install a mobile device security policy: the more consistent this policy is with existing security policy for non-mobile systems, the better - Develop System Threat Models for mobile devices: mobile devices are more highly exposed to threats due to their portability. Public/unprotected Wi-Fi, third-party applications, malware and adware are all potential means for attacks. By developing a system of threat models, most likely threats vulnerabilities can be highlighted - Ensure that company-issued devices are fully secure