Telework: Working Anytime, Anywhere
Telework Cybersecurity and Privacy Resources
NIST's telework cybersecurity and privacy resources are listed in the tables below, with common topics that organizations or teleworkers might need, with relevant resources for each ("SP" is a NIST Special Publication).
Work is currently underway to improve these resources. Suggestions for enhancements are welcome, as are ideas for other topics related to telework cybersecurity and privacy where additional resources would be helpful. Please send your feedback and input to us at telework@nist.gov.
Organization Resources
What does my organization need for telework security and privacy? |
Where can I find it? |
Security policies for telework |
Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security (SP 800-46 Rev. 2)
|
Remote access servers and architectures, like virtual private networks (VPNs) and web portals |
Quick overview:
Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions (ITL Bulletin)
In-depth information:
Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security (SP 800-46 Rev. 2)
SSL VPNs/web portals:
Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations (SP 800-52 Rev. 2)
IPsec VPNs:
Guide to IPsec VPNs (SP 800-77 Rev. 1)
|
Secure file exchange |
Overview:
Security Considerations for Exchanging Files Over the Internet (ITL Bulletin)
Infographic:
Play the Secure File Exchange Game
|
Telework client device security |
Section 4 of Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security (SP 800-46 Rev. 2)
In-depth information on mobile devices:
Guidelines for Managing the Security of Mobile Devices in the Enterprise (SP 800-124 Rev. 2)
Example solution of protecting sensitive data for mobile devices:
Mobile Device Security: Cloud and Hybrid Builds (SP 1800-4)
Example solution of using tools to meet mobile device security needs:
Mobile Device Security: Corporate-Owned Personally-Enabled (COPE) (SP 1800-21)
Security configurations and checklists:
National Checklist Program Repository
Use of derived Personal Identity Verification (PIV) credentials on client devices:
Guidelines for Derived Personal Identity Verification (PIV) Credentials (SP 800-157) and Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research (IR 8055)
|
Mappings to SP 800-53 controls and Cybersecurity Framework Subcategories |
Appendixes A and B of Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security (SP 800-46 Rev. 2) |
Project Links
Additional Pages
Created September 02, 2020, Updated September 25, 2024