In today’s blog post we’re going to cover the NIST control AC-19, Access Control for Mobile Devices. First, what counts as a mobile device? A mobile device is defined on the NIST website as a computing device that is small enough that is can easily be carried by a single person, is designed to operate wirelessly, possesses data storage, and has a self-contained power source. This would include laptops, tablets, cell phones, or even E-readers, along with many others.
Due to the wide variety of mobile devices and capabilities, it is very important that any device in an organization’s environment is authorized and not a threat. There are precautions an organization can establish to help promote safe mobile device usage:
- Usage restrictions, configuration requirements, connection requirements, implementation guidance for organization-controlled mobile devices
- Ex. Mandatory protective software like malicious code detection or firewall
- Ex. Requiring virus protection software be updated
- Ex. Scanning for critical software updates and patches
- Authorizing the connection of mobile devices to organizational information systems
- Ex. Needing approval for having email access on a cell phone
- Ex. Putting restrictions on being able to use personal devices for work purposes
Awareness, training and proper policies and procedures is key when using mobile devices into your environment!
Learn how BlueOrange Compliance can help you protect your organization and the people you serve by calling 855.500.6272, or request a free consult.