Date Published: March 2016
Comments Due:
Email Questions to:
Author(s)
Murugiah Souppaya (NIST), Karen Scarfone (Scarfone Cybersecurity)
Announcement
NIST requests public comments on two draft Special Publications (SPs) on telework and BYOD security: Draft SP 800-46 Revision 2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security, and Draft SP 800-114 Revision 1, User's Guide to Telework and Bring Your Own Device (BYOD) Security. Organizations are increasingly threatened, attacked, and breached through compromised telework devices used by their employees, contractors, business partners, and vendors. These publications make recommendations for organizations (in SP 800-46 Revision 2) and users (in SP 800-114 Revision 1) to improve their telework and BYOD security practices.
For many organizations, their employees, contractors, business partners, vendors, and/or others use enterprise telework or remote access technologies to perform work from external locations. All components of these technologies, including organization-issued and bring your own device (BYOD) client devices, should be secured against expected threats as identified through threat models. This publication provides information on security considerations for several types of remote access solutions, and it makes recommendations for securing a variety of telework, remote access, and BYOD technologies. It also gives advice on creating related security policies.
For many organizations, their employees, contractors, business partners, vendors, and/or others use enterprise telework or remote access technologies to perform work from external locations. All components of these technologies, including organization-issued and bring your own device (BYOD) client...
See full abstract
For many organizations, their employees, contractors, business partners, vendors, and/or others use enterprise telework or remote access technologies to perform work from external locations. All components of these technologies, including organization-issued and bring your own device (BYOD) client devices, should be secured against expected threats as identified through threat models. This publication provides information on security considerations for several types of remote access solutions, and it makes recommendations for securing a variety of telework, remote access, and BYOD technologies. It also gives advice on creating related security policies.
Hide full abstract
Keywords
information security; network security; remote access; telework; host security; bring your own device (BYOD)
Control Families
Access Control; Configuration Management; Contingency Planning; Identification and Authentication; Media Protection; Risk Assessment; System and Communications Protection; System and Information Integrity
