Compliance for Mobile Devices

NIST

What is it ?

The National Institute of Standards and Technology is a non-regulatory federal agency within the U.S. Department of Commerce. Companies that provide products and services to the federal government need to meet certain security mandates set by NIST.

It’s purpose ?

The stated goal of the NIST report is that mobile devices need to achieve three primary security goals:

1. Confidentiality: any transmitted or stored data must be protected against unauthorized third-parties
2. Integrity: any transmitted or stored data need to be confirmed as uncorrupted
3. Availability: although devices must be protected, they also need to be functional and allow right users to access company resources

NIST recommendations to strengthen mobile cybersecurity:

- Install a mobile device security policy: the more consistent this policy is with existing security policy for non-mobile systems, the better
- Develop System Threat Models for mobile devices: mobile devices are more highly exposed to threats due to their portability. Public/unprotected Wi-Fi, third-party applications, malware and adware are all potential means for attacks. By developing a system of threat models, most likely threats vulnerabilities can be highlighted 
- Ensure that company-issued devices are fully secure