Editor’s Note: NIST Special Publication 800-124 Revision 1, “Guidelines for Managing the Security of Mobile Devices in the Enterprise,” is available here. The following is from the Executive Summary.
From: NIST SP 800-124
Organizations should fully secure each organization-issued mobile device before allowing a user to access it.
This ensures a basic level of trust in the device before it is exposed to threats. For any already-deployed organization-issued mobile device with an unknown security profile (e.g., unmanaged device), organizations should fully secure them to a known good state (for example, through deployment and use of enterprise mobile device management technologies). Supplemental security controls should be deployed as risk merits, such as antivirus software and data loss prevention (DLP) technologies.
Leave a Reply