Mobile device features are constantly changing, so it is difficult to define the term “mobile device”. However, as features change, so do threats and security controls, so it is important to establish a baseline of mobile device features. NIST provides the following hardware and software characteristics collectively to define a mobile device. A small form factor ; At least one wireless network interface for network access (data communications). This interface uses Wi-Fi, cellular networking, or other technologies that connect the mobile device to network infrastructures with connectivity to the Internet or other data networks; Local built-in (non-removable) data storage; An operating system that is not a full-fledged desktop or laptop operating system; Applications available through multiple methods (provided with the mobile device, accessed through web browser, acquired and installed from third parties). (Source)
This article from CIO provides seven best practices to help companies secure their mobile envrionments. The NCCoE mobile device security efforts are dedicated to solving businesses most pressing mobile cybersecurity challenges. This NIST Special Publication helps organizations centrally manage and secure mobile devices against a variety of threats. In this course, you'll learn what mobile device management (MDM) is, and how it can be used to secure your environment and create a great user experience. This SANS course is designed to give you the skills you need to understand mobile device security strengths and weaknesses. Some simple steps to keep you and your devices safe and secure. This article provides companies with ideas on how to mitigate the risk that mobiles carry with them as attackers turn to target them.
This document provides assessment guidance for Level 1 of the Cybersecurity Maturity Model Certification (CMMC). This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 3 and Level 2. This Handbook provides a step-by-step guide to assessing a small manufacturer’s information systems against the security requirements in NIST SP 800-171 rev 1. The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171.