NIST has released draft guides for mobile security threats, such as a 2019 draft guide (SP 1800-21) that outlines how to secure mobile devices against network attacks, malicious apps, and phishing. This guide, developed with industry collaborators, focuses on addressing mobile-specific risks and offers an example solution using commercially available technologies for organizations. It covers protecting against mobile-specific attacks, reducing risks through privacy protections, and providing an example solution using standards-based, commercial technologies.
Key takeaways from NIST’s mobile security guidance
- Focus on mobile-specific threats:The guides address the unique vulnerabilities of mobile devices, such as “always-on” network connections, risky apps, and phishing attempts targeting user credentials.
- Holistic approach:The guidance includes a dual focus on both technical security measures and individual privacy protections.
- Standards-based solutions:NIST has provided example solutions to demonstrate how organizations can meet their security and privacy needs using industry standards and available technologies.
- Public comment period:In the past, NIST has opened draft documents for public comment to incorporate feedback before finalizing the guides.
NIST’s relevant publications on mobile security
- A draft guide focusing on addressing the unique threats posed by mobile devices in the enterprise, including network attacks, malicious apps, and phishing.
- Provides practical advice on managing the security of mobile devices in the enterprise, focusing on securing corporate data.