Final Mobile Device Security Guide Released by NIST NCCoE

The National Cybersecurity Center of Excellence (NCCoE) recently published final guidance on mobile device security to assist organizations keep their mobile device ecosystem secure and avert data breaches.

Mobile devices are extensively used in healthcare. They allow healthcare organizations to cut costs, they improve the speed of communication, and allow patient information to be accessed from any location. fast access to data and rapid communication can help to improve the level of care provided to patients and can improve patient outcomes. However, while convenient, the use of mobile devices introduces security risks.

If the smartphone, tablet, or laptop of a healthcare employee is stolen, it could be used to gain access to email accounts, contacts lists, calendars, and sensitive data stored on the device or on healthcare networks to which the device is authorized to connect.

In the healthcare industry, securing mobile devices and safeguarding sensitive information can be a major challenge. The HHS’ Office for Civil Rights breach portal includes many examples of data breaches that have resulted from the loss or theft of healthcare devices. Several of those data breaches have resulted in a financial penalty due to the failure to assess and manage the risks associated with the devices.

To help healthcare organizations and businesses in other industry sectors improve mobile device security, NIST/NCCoE developed its Mobile Device Security Practice Guide. The Guide – entitled NIST Special Publication 1800-4 Mobile Device Security: Cloud & Hybrid Builds – provides practical advice on using commercially accessible technologies for creating a business mobile device management system and ensure that mobile devices are configured to securely access sensitive data from within and outside the corporate network, without having a major impact on the user experience.

Organizations can use the guide to ensure that employees can access essential information securely from almost any place, over any network, using a variety of mobile devices, while reducing security risks.

The guide may be utilized to securely implement BYOD policies and take advantage of cloud services to increase security, provide full visibility for system administrators, generate alerts regarding security events, and make internal policies available to mobile devices and enforce those policies via operating systems or mobile apps.

The guide includes several “how to” examples which detail how standards-based technologies can be applied in real life scenarios to minimize the threat of unauthorized data access and intrusions.

The guide is available for download from NIST/NCCoE.