Mobile device features are constantly changing, so it is difficult to define the term “mobile device”. However, as features change, so do threats and security controls, so it is important to establish a baseline of mobile device features. NIST provides the following hardware and software characteristics collectively to define a mobile device. A small form factor ; At least one wireless network interface for network access (data communications). This interface uses Wi-Fi, cellular networking, or other technologies that connect the mobile device to network infrastructures with connectivity to the Internet or other data networks; Local built-in (non-removable) data storage; An operating system that is not a full-fledged desktop or laptop operating system; Applications available through multiple methods (provided with the mobile device, accessed through web browser, acquired and installed from third parties). (Source)
This article from CIO provides seven best practices to help companies secure their mobile envrionments. The NCCoE mobile device security efforts are dedicated to solving businesses most pressing mobile cybersecurity challenges. This NIST Special Publication helps organizations centrally manage and secure mobile devices against a variety of threats. In this course, you'll learn what mobile device management (MDM) is, and how it can be used to secure your environment and create a great user experience. This SANS course will prepare you to effectively evaluate the security of iOS and Android mobile devices, assess and identify flaws in mobile applications, and conduct a mobile device penetration test, which are all critical skills required to protect and defend mobile device deployments. You will learn how to pen test the biggest attack surface in your organization; dive deep into evaluating mobile apps and operating systems and their associated infrastructure; and better defend your organization against the onslaught of mobile device attacks. Some simple steps to keep you and your devices safe and secure. This article provides companies with ideas on how to mitigate the risk that mobiles carry with them as attackers turn to target them.
This document provides assessment guidance for Level 1 of the Cybersecurity Maturity Model Certification (CMMC). This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2. The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171.