NCCoE Issued a Mobile Device Security Guidance for COPE Gadgets

The National Cybersecurity Center of Excellence (NCCoE) published the latest draft NIST mobile device security guidance to aid institutions to reduce the risks brought in by corporate-owned personally enabled (COPE) gadgets.

Mobile gadgets enable workers to access information required to perform their job, regardless of where those persons are found. So, the devices enable organizations to boost work productivity and efficiency, however, the devices bring hazards to an institution.

The gadgets are generally always connected to the web and the gadgets quite often lack the strong security controls which are employed to the devices including desktop computers. Malicious or high-risk apps may be downloaded to mobile gadgets by users without the IT department’s knowledge or permission. Downloading applications may bring in malware and application permissions can result in the unapproved access to sensitive information.

Companies thus should have complete visibility into all mobile gadgets that employees use for doing work and they need to make sure that security risks to mobile gadgets are successfully mitigated. Otherwise, threat actors could exploit vulnerabilities to access sensitive information and network assets.

The goal of the new guidance known as (NIST) Special Publication 1800-21 is to aid companies in determining and handling risks and enhancing mobile device security to reduce the possibility of unauthorized gadget access and theft or loss of information.

The guidance comprises how-to guides and an illustrated solution designed in a laboratory setting making use of commercially accessible mobile management tools that companies could use to protect their Android and iOS gadgets and networks while lessening the effect on operational functions.

NIST and technology associates Kryptowire, Appthority, Lookout, MobileIron, Qualcomm and Palo Alto Networks created the guidance that could be downloaded here. Submit your feedback on or before September 23, 2019. Additional guidance on mobile device security for Bring Your Own Device (BYOD) is now being developed.