Email this Article Email   

CHIPS Articles: NIST ‘Bring Your Own Device Practice Guide’ Open for Comment

NIST ‘Bring Your Own Device Practice Guide’ Open for Comment
By CHIPS Magazine - March 19, 2021
Many organizations now support their employees' use of personal mobile devices to remotely perform work-related activities. This increasingly common practice, known as BYOD (Bring Your Own Device), provides employees with increased flexibility to telework and access organizational information resources. Helping ensure that an organization's data is protected when it is accessed from personal devices, while ensuring employee privacy, poses unique challenges and threats, however.

The new National Institute of Standards and Technology Mobile Device Security: Bring Your Own Device Practice Guide provides an example solution demonstrating how to enhance security and privacy in Android and Apple smartphone BYOD deployments, NIST announced.

Incorporating BYOD capabilities into an organization can provide greater flexibility in how employees work and increase the opportunities and methods available to access organizational resources, said NIST officials. For some organizations, the combination of traditional in-office processes with mobile device technologies enables portable communication approaches and adaptive workflows. For others, it fosters a mobile first approach in which their employees communicate and collaborate primarily using their mobile devices. Many organizations and employees agree this new paradigm can increase productivity and greater employee satisfaction.

Conversely, some of the features that make BYOD mobile devices increasingly flexible, functional and convenient also present unique security and privacy challenges to both work organizations and device owners, NIST explained. The unique nature of these challenges is driven by the diverse range of devices available that vary in type, age, operating system (OS), and level of risk posed.

In other words, enabling BYOD capabilities in enterprise networks and applications introduces new cybersecurity risks to organizations. Solutions that are designed to secure corporate devices and on-premises data do not provide an effective cybersecurity solution for BYOD, NIST cautioned. Finding an effective solution can be challenging due to the unique risks that BYOD deployments impose. Additionally, enabling BYOD capabilities introduces new privacy risks to employees by providing their employer a degree of access to their personal devices, opening up the possibility of observation and control that would not otherwise exist.

To assist organizations and employees alike in benefitting from BYOD’s flexibility while providing critical security and privacy, NIST’s Practice Guide provides an example solution using standards-based, commercially available products and step-by-step implementation guidance.

As always, NIST is eager to hear suggestions and comments. Please see below.

NIST is asking for specific feedback on the following questions:

Does the guide meet your needs?

Can you put this solution to practice?

Are specific sections more/less helpful?

Publication:
Draft SP 1800-22
Submit comments

Supplemental Material:
Submit comments (web)
Project homepage (web)

Comments Due: May 3, 2021
Email Comments to: mobile-nccoe@nist.gov

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer