Mobile device features are constantly changing, so it is difficult to define the term “mobile device”. However, as features change, so do threats and security controls, so it is important to establish a baseline of mobile device features. NIST provides the following hardware and software characteristics collectively to define a mobile device. A small form factor ; At least one wireless network interface for network access (data communications). This interface uses Wi-Fi, cellular networking, or other technologies that connect the mobile device to network infrastructures with connectivity to the Internet or other data networks; Local built-in (non-removable) data storage; An operating system that is not a full-fledged desktop or laptop operating system; Applications available through multiple methods (provided with the mobile device, accessed through web browser, acquired and installed from third parties). (Source)
This article from CIO provides seven best practices to help companies secure their mobile envrionments. The NCCoE mobile device security efforts are dedicated to solving businesses most pressing mobile cybersecurity challenges. This NIST Special Publication helps organizations centrally manage and secure mobile devices against a variety of threats. In this course, you'll learn what mobile device management (MDM) is, and how it can be used to secure your environment and create a great user experience. This SANS course is designed to give you the skills you need to understand mobile device security strengths and weaknesses. This article from SANS provides some simple steps to keep you and your devices safe and secure.
This Handbook provides a step-by-step guide to assessing a small manufacturer’s information systems against the security requirements in NIST SP 800-171 rev 1. The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171. Compliance with the security requirements is addressed in CUI guidance and the CUI Federal Acquisition Regulation (FAR) or as supplemented by federal agencies (e.g., Department of Defense Federal Acquisition Regulation). Organizations can use the assessment procedures to generate evidence to support the assertion that the security requirements have been satisfied.