Date Published: March 2020
Comments Due: June 26, 2020 (public comment period is CLOSED)
Email Questions to: 800-124comments@nist.gov
Today mobile devices are ubiquitous, and they are often used to access enterprise networks and systems to process sensitive data. This draft guideline assists organizations in managing and securing mobile devices against the ever-evolving threats. To address these threats, this publication describes technologies and strategies that can be used as countermeasures and mitigations. Draft SP 800-124 Rev. 2 also provides recommendations for secure deployment, use, and disposal of mobile devices throughout the mobile device life-cycle. The scope of this publication includes mobile devices, centralized device management, and endpoint protection technologies, while including both organization-provided and personally-owned (bring your own device) deployment scenarios.
NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
System and Services Acquisition
Publication:
SP 800-124 Rev. 2 (Draft) (DOI)
Local Download
Supplemental Material:
None available
Document History:
03/24/20: SP 800-124 Rev. 2 (Draft)
05/17/23: SP 800-124 Rev. 2 (Final)
Security and Privacy
access control; asset management; audit & accountability; awareness training & education; configuration management; continuous monitoring; intrusion detection & prevention; maintenance; malware; planning; risk assessment
Technologies
mobile
Applications
enterprise; Internet of Things; telework