Executive Summary
Mobile devices, like all enterprise devices, need to support the security objectives of confidentiality, integrity, and availability.
To achieve these objectives, mobile devices should be secured against a variety of threats. General security recommendations for any IT technology are provided in National Institute of Standards and Technology (NIST)Special Publication (SP) 800-53, Revision 5, “Security and Privacy Controls for Information Systems and Organizations.”
Specific recommendations for securing mobile devices are presented in this publication and are intended to supplement the controls specified in NIST SP 800-53. Additional specific guidance on mobile devices and applications can be found in the current NIST SP 800-124, Revision 1, “Guidelines for Managing the Security of Mobile Devices in the Enterprise.” This guide is built upon the framework outlined in each.
