The NCCoE Buzz: Essential Resources—Your Mobile Device Strategy


The NCCoE Buzz: Mobile Security Edition

Enterprise Mobile Device Security: Essential Resources—Your Mobile Device Strategy

From data leaks to phishing attacks, mobile security threats are on the rise. In a previous edition of the Buzz from the National Cybersecurity Center of Excellence (NCCoE), we provided insights into how to prioritize mobile threats using the NIST Mobile Threat Catalogue (MTC).

Concept art of mobile device users and mobile devices.

Did you also know…?

NIST’s MTC provides links to mobile threats highlighted in the Department of Homeland Security’s sponsored Common Vulnerabilities and Exposures (CVE®) database, which identifies, defines, and catalogs publicly disclosed cybersecurity vulnerabilities. This additional detail is likely to prove very useful in prioritizing mobile threats.

Joining forces: NIST Mobile Threat Catalogue and MITRE ATT&CK®

NIST collaborates with The MITRE Corporation on finding solutions to pressing cybersecurity issues. Thanks to this synergy, a crosswalk back to NIST’s Mobile Threat Catalogue can be found in MITRE’s ATT&CK® for Mobile. MITRE’s ATT&CK® for Mobile highlights adversarial tactics, techniques, and procedures to help secure mobile devices and detect adversarial behavior as part of the larger MITRE ATT&CK® knowledgebase. For administrators running two common phone types in their organization, they will be happy to know that MITRE ATT&CK® for Mobile documents both Android and iOS adversarial techniques. 

How do you use these resources together?

NIST’s MTC identifies over 200 current threats, including carrier and application threats. The catalog also identifies physical device, supply chain, and additional threats that are cross-referenced in MITRE ATT&CK® for Mobile. The MTC’s links to the Common Vulnerabilities and Exposures (CVE®) database provide additional depth of information when needed.

We hope this information provides a great place to start as you develop your mobile device security strategy for a safer working environment.