NIST Publishes Proposal to Secure BYOD Devices

Responding to the BYOD (Bring Your Own Device) trend, the National Institute of Standards and Technology (NIST) has issued a proposal for the secure use of mobile devices such as smartphones and tablets by federal government workers.

The proposal discusses high-level threats, including a lack of physical security controls, the use of untrusted networks, devices and untrusted content as well as location services. The NIST suggests the deployment of centralized device management software to allow the use of both personal and agency-owned mobile devices.

"Mobile devices need to support multiple security objectives: confidentiality, integrity and availability, so they need to be secured against a variety of threats," said co-author and NIST guest researcher Karen Scarfone. "This publication provides specific recommendations for securing mobile devices and is intended to supplement federal government security controls specified in NIST's fundamental IT security document, "Recommended Security Controls for Federal Information Systems and Organizations." While intended to become a guideline update, the proposal is currently in its draft and public comment stage.

According to the document, central software management at the organization level is critical to protect information when mobile devices are lost or stolen, and users are lured into downloading insecure apps that could carry malware. NIST stated that it believes that the security level of mobile devices is considered to be "minimal" at this time, which represents a considerable threat to federal government.

The draft can be downloaded as a PDF file from the NIST Web site.