Assessing Threats to Mobile Devices & Infrastructure: the Mobile Threat Catalogue

Franklin, Joshua; Brown, Christopher; Dog, Spike; McNab, Neil; Voss-Northrop, Sharon; Peck, Michael; Stidham, Bart

July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to csrc-inquiry@nist.gov. [12:20 pm ET - If you received "Page Not Found" errors recently, please retry accessing those files. File synchronization should now be complete.]

NIST IR 8144 (Initial Public Draft)

Assessing Threats to Mobile Devices & Infrastructure: the Mobile Threat Catalogue

Documentation Topics

Date Published: September 2016
Comments Due: October 12, 2016 (public comment period is CLOSED)
Email Questions to: nistir8144@nist.gov

Author(s)

Joshua Franklin (NIST), Christopher Brown (MITRE), Spike Dog (MITRE), Neil McNab (MITRE), Sharon Voss-Northrop (MITRE), Michael Peck (MITRE), Bart Stidham (STS Mobile)

Announcement

The Mobile Threat Catalogue outlines a catalogue of threats to mobile devices and associated mobile infrastructure to support development and implementation of mobile security capabilities, best practices, and security solutions to better protect enterprise information technology (IT). Threats are divided into broad categories, primarily focused upon mobile applications and software, the network stack and associated infrastructure, mobile device and software supply chain, and the greater mobile ecosystem. Each threat identified is catalogued alongside explanatory and vulnerability information where possible, and alongside applicable mitigation strategies.

Draft NISTIR 8144 provides background information on mobile information systems and their attack surface is provided to assist readers in understanding threats contained within the Mobile Threat Catalogue (see link below). The NISTIR also outlines the structure of the Mobile Threat Catalogue.

Mobile security engineers and architects can leverage these documents to inform risk assessments, build threat models, enumerate the attack surface of their mobile infrastructure, and identify mitigations for their mobile deployments.

Abstract

Mobile devices pose a unique set of threats, yet typical enterprise protections fail to address the larger picture. In order to fully address the threats presented by mobile devices, a wider view of the mobile security ecosystem is necessary. This document discusses the Mobile Threat Catalogue, which describes, identifies, and structures the threats posed to mobile information systems.

Keywords

mobile; mobile device; mobile security; mobile device management; mobility management; telecommunications ; ; enterprise mobility; cellular security

Control Families

System and Communications Protection

Documentation

Publication:
Draft NISTIR 8144 (pdf)

Supplemental Material:
Mobile Threat Catalogue (GitHub)
Press Release

Related NIST Publications:
SP 1800-12 (Draft)
SP 1800-12 (Draft)

Document History:
09/12/16: IR 8144 (Draft)

Topics

Security and Privacy

risk assessment, threats, vulnerability management

Technologies

mobile

Applications

communications & wireless