U.S. flag   An official website of the United States government

Telework: Working Anytime, Anywhere

Telework Cybersecurity and Privacy Resources

NIST's telework cybersecurity and privacy resources are listed in the tables below, with common topics that organizations or teleworkers might need, with relevant resources for each ("SP" is a NIST Special Publication).

Work is currently underway to improve these resources. Suggestions for enhancements are welcome, as are ideas for other topics related to telework cybersecurity and privacy where additional resources would be helpful. Please send your feedback and input to us at telework@nist.gov.

Organization Resources
What does my organization need for telework security and privacy? Where can I find it?
Security policies for telework

Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security (SP 800-46 Rev. 2)

Remote access servers and architectures, like virtual private networks (VPNs) and web portals

Quick overview:
Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions (ITL Bulletin)

In-depth information:
Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security (SP 800-46 Rev. 2)

SSL VPNs/web portals:
Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations (SP 800-52 Rev. 2)

IPsec VPNs:
Guide to IPsec VPNs (SP 800-77 Rev. 1)

Secure file exchange

Overview:
Security Considerations for Exchanging Files Over the Internet (ITL Bulletin)

Infographic:
Play the Secure File Exchange Game

Telework client device security

Section 4 of Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security (SP 800-46 Rev. 2)

In-depth information on mobile devices:
Guidelines for Managing the Security of Mobile Devices in the Enterprise (Draft SP 800-124 Rev. 2)

Example solution of protecting sensitive data for mobile devices:
Mobile Device Security: Cloud and Hybrid Builds (SP 1800-4)

Example solution of using tools to meet mobile device security needs:
Mobile Device Security: Corporate-Owned Personally-Enabled (COPE) (Draft SP 1800-21)

Security configurations and checklists:
National Checklist Program Repository

Use of derived Personal Identity Verification (PIV) credentials on client devices:
Guidelines for Derived Personal Identity Verification (PIV) Credentials (SP 800-157) and Derived Personal Identity Verification (PIV) Credentials (DPC) Proof of Concept Research (IR 8055)

Mappings to SP 800-53 controls and Cybersecurity Framework Subcategories Appendixes A and B of Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security (SP 800-46 Rev. 2)
Teleworker Resources
What do teleworkers need to do? Where can I find it?
Improve telework security in general

Blog post:
Telework Security Basics

Infographic:
Telework Security Overview and Tip Guide

In-depth information:
User's Guide to Telework and Bring Your Own Device (BYOD) Security (SP 800-114 Rev. 1)

Protect videoconferences and teleconferences

Blog post:
Preventing Eavesdropping and Protecting Privacy on Virtual Meetings

Infographic:
Tips for Securing Conference Calls  

Improve home network security

Section 4 of the User's Guide to Telework and Bring Your Own Device (BYOD) Security (SP 800-114 Rev. 1)

Secure BYOD desktops, laptops, and mobile devices

Sections 5 and 6 of the User's Guide to Telework and Bring Your Own Device (BYOD) Security (SP 800-114 Rev. 1)

Additional Pages

Resources

Contacts

Murugiah Souppaya
murugiah.souppaya@nist.gov

Jeff Greene
jeffrey.greene@nist.gov

Karen Scarfone
karen.scarfone@nist.gov

Topics

Applications: enterprise, telework

Created September 02, 2020, Updated September 11, 2020