By Molly Bernhart Walker
Smartphones and tablets lack the “strong roots of trust” that are baked into laptops and other technology, according to a report (.pdf) published by the National Institute of Standards and Technology Aug. 23.
“These roots of trust are hardware and software components that are secure by design and are trusted to perform one or more security-critical functions,” writes NIST.
The agency is working to identify what capabilities roots of trust need in order to secure next-generation mobile devices. Projects underway at the agency will examine boot firmware protections, secure storage, device authentication, and application and data isolation, among other topics, says NIST.
The report was required as part of the White House’s Digital Government Strategy. The agency was tasked with reporting on its ongoing work in mobility and outlining how NIST’s standards and guidelines apply to mobile devices and platforms.
According to NIST, some of the key NIST publications relevant to mobile security include:
- SP 800-53, which is the principal catalog of security controls used by federal agencies, coupling privacy controls with security controls;
- FIPS 140-2 (.pdf) and FIPS 201; and
- SP 800-124, which says federal agencies should use mobile device management software to manage workers’ smartphones and tablets.
Report authors say NIST will publish more mobile-related guidance later this year with SP 800-114 Revision 1, “User’s Guide to telework and Bring Your Own Device,” and SP 800-46 Revision 2, “Guide to Enterprise Telework, remote Access and bring Your Own Devices (BYOD) Security.”
For more: – download the report, “The Role of the National Institute of Standards and Technology in Mobile Security” (.pdf)