Date Published: September 10, 2020
Comments Due: October 30, 2020 (public comment period is CLOSED)
Email Questions to: telework@nist.gov
Summary
NIST requests review and comments on Special Publication (SP) 800-46 Revision 2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security. This documents presents recommendations for safeguarding the technologies used for telework and remote access.
The public comment period is open through October 30, 2020. See the planned objectives (below) for updating the SP. Please submit your comments to telework@nist.gov. Note that all comments are subject to release under the Freedom of Information Act (FOIA).
Background
Originally published in 2002, SP 800-46 was most recently updated in 2016. Work-from-home and other forms of telework—performing work from locations other than an employer’s facilities—have been on the rise for some time, but sharply increased in 2020 because of the COVID-19 pandemic. For many, telework is now the only way to get work done, and the original concept of "telework" has evolved into being able to work anytime, anywhere.
The technologies used for telework have also evolved since 2016. Examples of this include the ubiquity of mobile devices, the expectation to be able to access information from anywhere at any time, and the highly distributed nature of data and apps across end user devices, data centers, and clouds. Telework and zero-trust architecture may even be converging in the near future.
All of these recent changes are affecting cybersecurity and privacy risks, and organizations need to be aware of and manage these risks. Accordingly, NIST is soliciting public feedback on this Special Publication to identify areas that industry, government, and others deem most important to revise or add. NIST would also like suggestions of existing resources related to telework cybersecurity and privacy that could help inform the update of SP 800-46. Please send all comments to telework@nist.gov.
Community of Interest
NIST is also building a community of interest so that interested individuals and organizations can follow the progress of NIST telework cybersecurity and privacy publications and can provide input on them. To join the community of interest, please send a request to telework@nist.gov.
Reviewers are welcome to comment and suggest changes and enhancements to any parts of the publication. We are particularly interested in comments on our planned objectives for updating SP 800-46, which are listed in the table below along with the high-level changes each objective is intended to address. Reviewers are encouraged to provide feedback on the contents of the table, citing the relevant objectives and changes by number and letter, respectively. After we review all comments and finalize the table, it will serve as the basis of determining what needs to be revised in SP 800-46 and other NIST publications on telework cybersecurity and privacy.
Objective | High-Level Changes to Address |
---|---|
Objective 1: Reflect changes in how telework is performed. |
|
Objective 2: Reflect changes in the role of remote access technologies. |
|
Objective 3: Update all references and mappings to references. |
|
Objective 4: Shorten SP 800-46 to improve its readability. |
|
None selected
Publication:
None available
Supplemental Material:
None available
Related NIST Publications:
Document History:
09/10/20: SP 800-46 Rev. 3 (Draft)
Security and Privacy
general security & privacy
Technologies
internet
Applications
enterprise; telework