The National Institute of Standards and Technology (NIST) released SP 1800-4A, a guide on how organizations can secure mobile devices used for work, on Thursday, offering suggested solutions for enterprise mobility management and mobile device management.
Titled Mobile Device Security: Cloud and Hybrid Builds and published by the National Cybersecurity Center of Excellence (NCCoE) within NIST, the document offers a reference design on how to secure mobile devices within an organization, acting as a practice guide for network architects.
The benefits of implementing a similar solution include reduced risk, access from any network, enabling bring-your-own-device policies, and enhancing visibility for sysadmins, according to the guidance.
Adhering to the principles of previous guidance like the NIST Cybersecurity Framework, Risk Management Framework, and Critical Infrastructure Framework, the guide maps out the steps needed to implement a secure solution.
The guide “demonstrates how commercially available technologies can meet your organization’s needs to secure sensitive enterprise data accessed by and/or stored on employees’ mobile devices,” NIST writes.
NIST’s approach includes two example solutions, one for an all-cloud environment and one for a hybrid cloud environment. The examples include instructions for installing into existing IT infrastructures, using devices and systems from partners who agreed to participate in creating the guide, that meet NIST’s standards.