Reference Design to Help Enterprises Strengthen Security of Mobile Devices
Appthority, IBM, Kryptowire, Lookout, Mobileiron, and Qualcomm, have joined the National Cybersecurity Center of Excellence (NCCoE) as technology collaborators in the Mobile Device Security for Enterprises project (MDSE).*
In response to a call in the Federal Register, these companies submitted capabilities that aligned with desired solution characteristics listed in the project description. These technology collaborators were extended a Cooperative Research and Development Agreement (CRADA; see example) enabling them to participate in a consortium where they will contribute expertise and hardware or software to help refine a reference design and build an example standards-based implementation.
This collaboration will result in two separate publicly available Cybersecurity Practice Guides (NIST Special Publication 1800 series) that will document different management technologies, each detailing how commercially available technologies can be used to secure mobile devices.
Making Mobile Devices More Secure
While mobile devices can increase organizations’ efficiency and effectiveness, it can also leave sensitive data vulnerable. Built-in mobile protections may not be enough to fully mitigate the security challenges associated with mobile information systems. Usability, privacy, and regulatory requirements each influence which mobile security technologies and security controls are going to be well-suited to meet the needs of an organization’s mobility program.
The MDSE project aims to help organizations across business sectors develop a series of clear and repeatable reference mobile architectures that any organization can adapt and adopt to ease design, accelerate deployment, and build in security for their mobility program from the outset. All products incorporated into the reference design will be standards-based and commercially available products.
The NCCoE worked closely with industry to demonstrate different management technologies, which detail how commercially available technologies can be used to manage and secure mobile devices while supporting two usage scenarios:
- Scenario 1- in which strong data confidentiality is implemented using certified and validated technologies
- Scenario 2 - in which business productivity tools are deployed to mobile users with a variety of risk profiles
Collaborating on an Innovative Strategy
In partnership with technology collaborators, the NCCoE will build two reference designs in a lab environment. The following high-level architectures depict the two usage scenarios, including the commercially available products to be implemented in the build.
How to Participate
Interested parties are encouraged to engage with us at though our project web page.
If you have additional comments, questions, or would like to join the Community of Interest helping to guide this project and provide feedback, please email us at firstname.lastname@example.org.
*Certain commercial entities, equipment, products, or materials may be identified in order to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST or NCCoE, nor is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.