NIST: Mobile devices inherently insecure

From: FierceGovernmentIT

By Molly Bernhart Walker

Smartphones and tablets lack the “strong roots of trust” that are baked into  laptops and other technology, according to a report  (.pdf) published by the National Institute of Standards and Technology Aug.  23.

“These roots of trust are hardware and software components that are secure by  design and are trusted to perform one or more security-critical functions,”  writes NIST.

The agency is working to identify what capabilities roots of trust need in  order to secure next-generation mobile devices. Projects underway at the agency  will examine boot firmware protections, secure storage, device authentication,  and application and data isolation, among other topics, says NIST.

The report was required as part of the White House’s Digital  Government Strategy. The agency was tasked with reporting on its ongoing  work in mobility and outlining how NIST’s standards and guidelines apply to  mobile devices and platforms.

According to NIST, some of the key NIST publications relevant to mobile  security include:

  • SP  800-53, which is the principal catalog of security controls used by federal  agencies, coupling privacy controls with security controls;
  • FIPS 140-2  (.pdf) and FIPS 201; and
  • SP  800-124, which says federal agencies should use mobile device management  software to manage workers’ smartphones and tablets.

Report authors say NIST will publish more mobile-related guidance later this  year with SP 800-114 Revision 1, “User’s Guide to telework and Bring Your Own  Device,” and SP 800-46 Revision 2, “Guide to Enterprise Telework, remote Access  and bring Your Own Devices (BYOD) Security.”

For more: – download  the report, “The Role of the National Institute of Standards and Technology in  Mobile Security” (.pdf)

Leave a Reply

Please Answer: *