The National Institute of Standards and Technology has issued a draft guide to security considerations in “bring your own device” situations in which employees use personal devices in work settings and/or for work-related purposes away from the workplace—an increasingly common practice in federal agencies as well as in the private sector.
That practice “provides employees with increased flexibility to access organizational information resources” but raises issues of protecting the organization’s data, it said. IGs of several agencies have pointed out such concerns in recent times.
The guide covers topics including security and privacy of mobile devices and their applications; mobile device security and privacy best practices and standards; risks associated with remotely accessing organizational data; protection of data from unauthorized access if a device is stolen or misplaced; protect information when using a selection of communication networks and personally owned mobile devices; visibility into compliance of security practices; identifying compromises of devices and data; and privacy protections for employees’ personal mobile devices.
The guide is at https://www.nccoe.nist.gov/projects/building-blocks/mobile-device-security/bring-your-own-device.