NIST released DRAFT NIST Interagency (NISTIR) 8144, Assessing Threats to Mobile Devices & Infrastrucutre: the Mobile Threat Catalogue. The Mobile Threat Catalogue outlines a catalogue of threats to mobile devices and associated mobile infrastructure to support development and implementation of mobile security capabilities, best practices, and security solutions to better protect enterprise information technology (IT). Threats are divided into broad categories, primarily focused upon mobile applications and software, the network stack and associated infrastructure, mobile device and software supply chain, and the greater mobile ecosystem. Each threat identified is catalogued alongside explanatory and vulnerability information where possible, and alongside applicable mitigation strategies.
NISTIR 8144 provides background information on mobile information systems and their attack surface is provided to assist readers in understanding threats contained within the Mobile Threat Catalogue. The NISTIR also outlines the structure of the Mobile Threat Catalogue. The Mobile Threat Catalogue is a separate document located at the Computer Security Resource Center (CSRC).
Mobile security engineers and architects can leverage these documents to inform risk assessments, build threat models, enumerate the attack surface of their mobile infrastructure, and identify mitigations for their mobile deployments.
Email comments to: nistir8144@nist.gov (Subject: "Comments on Draft NISTIR 8144")
Comments due by: October 12, 2016
NIST Public Affairs Office also issued a press release on Draft NISTIR 8144.
DRAFT Mobile Threat Catalogue (GitHub)