In today’s blog post we’re going to cover the NIST control AC-19, Access Control for Mobile Devices. First, what counts as a mobile device? A mobile device is defined on the NIST website as a computing device that is small enough that is can easily be carried by a single person, is designed to operate wirelessly, possesses data storage, and has a self-contained power source. This would include laptops, tablets, cell phones, or even E-readers, along with many others.
Due to the wide variety of mobile devices and capabilities, it is very important that any device in an organization’s environment is authorized and not a threat. There are precautions an organization can establish to help promote safe mobile device usage:
- Usage restrictions, configuration requirements, connection requirements, implementation guidance for organization-controlled mobile devices
- Ex. Mandatory protective software like malicious code detection or firewall
- Ex. Requiring virus protection software be updated
- Ex. Scanning for critical software updates and patches
- Authorizing the connection of mobile devices to organizational information systems
- Ex. Needing approval for having email access on a cell phone
- Ex. Putting restrictions on being able to use personal devices for work purposes
Awareness, training and proper policies and procedures is key when using mobile devices into your environment!
