NIST Issues Mobile Threat Guidance

The National Institute of Standards and Technology recently released its guidance on the proliferation of mobile-related threats to network security.  NIST’s recent guidance can be found here:

 As noted in the guidance, “[m]obile devices pose a unique set of threats to enterprises.  Typical enterprise protections, such as isolated enterprise sandboxes and the ability to remote wipe a device, may fail to fully mitigate the security challenges associated with these complex mobile information systems.  With this in mind, a set of security controls and countermeasures that address mobile threats in a holistic manner must be identified, necessitating a broader view of the entire mobile security ecosystem.  This view must go beyond devices to include, as an example, the cellular networks and cloud infrastructure used to support mobile applications and native mobile services.”

The guidance goes on to “outline[] a catalogue of threats to mobile devices and associated mobile infrastructure to support development and implementation of mobile security capabilities, best practices, and security solutions to better protect enterprise information technology (IT).”

The guidance is intended for public and private audiences alike, and comes on the heels of the FTC’s recent acknowledgment of the NIST Cybersecurity Framework as a good place for businesses to start when thinking about cybersecuritySee for our recent blog post on this issue.  With the FTC’s favorable view of the NIST Cybersecurity Framework, private entities would be well served to consider other NIST guidance on cybersecurity issues, when assessing cyber risk and appropriate information security response.

FBI Asks You to Report Ransomware Attacks: Should...
DFS Releases Sweeping Draft Regulations Concerning...


This website presents only general information not intended as legal advice. Although we encourage calls, letters and emails from prospective clients, please keep in mind that merely contacting Harter Secrest & Emery LLP (HSE) does not establish an attorney-client relationship between us. Confidential information should not be sent to HSE until you have been notified in writing by HSE that a formal attorney-client relationship has been established. Information sent to us before then may not be treated as confidential by HSE or the court.

I have read this and agree     Cancel

Our website uses cookies. By continuing to use our site, you agree to our use of cookies in accordance with our Privacy Policy.