News and Events

July 18, 2017

NCCoE Security Engineer Joshua Franklin will participate in a panel discussion titled "A Defense-in-Depth Approach to Mobile Security" from 11:30am to 12:10pm. This session will explore the different dimensions of mobile security and how they must be managed in a comprehensive approach. Topics include mobile device management, authentication strategies, and the mobile threat landscape. The Mobility Summit will be held in Washington, D.C. and will provide federal IT leaders with insights into the foundations of the mobile ecosystem: Productivity tools, apps, devices, management strategies, and defense-in-depth cybersecurity.

June 07, 2017

NCCoE Security Engineer Josh Franklin will present NIST's Mobile Security Best Practices & Guidelines at the 4th Annual Mobile Security for Defense and Government Summit in Arlington, VA at the AUSA Conference Center on June 7 from 9am to 9:40am. This presentation will explore breaking down the Mobile Threat Catalogue (MTC) and how to identify the greatest areas of need for protecting vulnerable mobile device networks; current NIST Guidelines for Mobile Device Management platforms; and moving towards a secure mobile enterprise.

June 02, 2017

With consumers increasingly using their mobile devices for all electronic transactions, including banking, there is growing concern about the security of mobile devices. The National Cybersecurity Center of Excellence, part of the Commerce Department, says ensuring the security of the information that a mobile device accesses, stores, and processes is a difficult cybersecurity challenge with no easy solution.

May 19, 2017

A recent Department of Homeland Security (DHS) report on improving the federal government’s approach to mobile device security could also have potential impact on healthcare’s mobile approach. The report is based off of a study conducted in coordination with NIST and its National Cybersecurity Center of Excellence (NCCoE).

May 11, 2017

NCCoE security engineer, Joshua Franklin, will be speaking at the GSA's 3rd Annual Enterprise Mobility Program Workshop and Showcase on his work in mobile security. Joshua's work includes managing the NCCoE's Mobile Device Security projects, producing and publishing the Mobile Threat Catalogue, and supporting the recent Department of Homeland Security's Study on Mobile Device Security.

May 09, 2017

The Department of Homeland Security (DHS) has submitted a report to Congress detailing current and emerging threats to the federal government’s use of mobile devices. The report recommended security improvements within the “mobile device ecosystem.” DHS’s Science and Technology Directorate (S&T) led the study in coordination with the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) with support from the Department of Defense and General Services Administration.

May 08, 2017

The Study on Mobile Device Security published last Thursday by the Department of Homeland Security (DHS) Science and Technology Directorate and the National Institute of Standards and Technology (NIST) affirms that mobile security is critically important for our nation's cybersecurity.

May 05, 2017

The U.S. Department of Homeland Security (DHS) sent Congress a study on Thursday warning it of security threats to members’ mobile devices and a need for increased device security. The report, Study on Mobile Device Security, was mandated by the Cybersecurity Act of 2015 and compiled by the DHS Science and Technology Directorate with the National Institute of Standards and Technology and the National Cybersecurity Center of Excellence. 

May 05, 2017

The DHS Science and Technology Directorate (S&T) led the study in coordination with the National Institute of Standards and Technology (NIST) and its National Cybersecurity Center of Excellence. The DHS Science and Technology Directorate (S&T) led the study in coordination with the National Institute of Standards and Technology (NIST) and its National Cybersecurity Center of Excellence.

May 05, 2017

A study led by the Department of Homeland Security‘s science and technology directorate has offered recommendations for the federal government to manage the security of mobile devices being used by agency employees. DHS said Thursday it submitted the report titled “Study on Mobile Device Security” to Congress in accordance with the Cybersecurity Act of 2015. DHS S&T led the study in collaboration with the National Institute of Standards and Technology and NIST’s National Cybersecurity Center of Excellence.

May 05, 2017

Mobile devices pose a special risk to the security of government systems and data, in part because commercial carriers aren't subject to the security controls that can be applied to federal networks. The Cybersecurity Act of 2015 required DHS to explore security gaps that arise from government's use of commercial mobile devices and recommend security improvements within the mobile device ecosystem.

May 04, 2017

The Department of Homeland Security (DHS) has submitted a report to Congress that details current and emerging threats to the Federal government’s use of mobile devices and recommends security improvements within the mobile device ecosystem. The DHS Science and Technology Directorate (S&T) led the study in coordination with the National Institute of Standards and Technology and its National Cybersecurity Center of Excellence.

March 07, 2017

The 2017 RSA Conference offered great opportunities, as usual, for the NCCoE staff to learn from the cyber community and engage with industry. The conference supported an entire track of mobile security talks, and common themes included the intersection of mobile security/IoT, and the (lack) of privacy within mobile ecosystems. As the NCCoE continues its work in mobile device security, we were excited to see mobile security gaining more traction at the RSA Conference.

December 09, 2016

The NCCoE will be hosting a conference call for individuals from industry, academy, and government interested in identifying mobile security challenges, providing practical mobile security expertise, and helping guide NCCoE mobile security projects. 

We intend for this Community of Interest to meet once a month for about an hour via teleconference. The first call will be on Friday, December 9 at 2pm ET. A portion of the call will be used to decide a more convenient time for regular Mobile Security Community of Interest meetings. We will also brief on past efforts and solicit input on new areas of interest.

October 06, 2016

On September 13, 2016, the National Cybersecurity Center of Excellence (NCCoE) hosted a workshop to review the recently released Mobile Threat Catalogue (MTC) with industry partners and identify missing areas of interest, new countermeasures, and potential mitigations. More than 50 mobile security industry members participated, including hardware manufacturers, operating system developers, malware detection companies, and mobile network operators. There was definitely expertise to go around!

September 20, 2016

The National Institute of Standards and Technology's National Cybersecurity Center of Excellence on Tuesday announced public comment periods on three cybersecurity projects addressing mobile devices and law enforcement vehicle systems. The NCCoE will accept comments on its Assessing Threats to Mobile Devices and Infrastructure and Mobile Threat Catalogue until Oct. 7. Those two projects are aimed at identifying “a set of security controls and countermeasures that address mobile threats in a holistic manner.”

September 19, 2016

The National Institute of Standards and Technology has published a "mobile threat catalogue" that broadly sketches out parts of a mobile device strategy that need special attention, including securing physical access to smartphones and tablets, as well as authenticating who is using the device with passwords, fingerprints or voice recognition.

September 14, 2016

The National Institute of Standards and Technology has introduced new resources intended to help organizations protect their mobile devices and computer systems from malware threats. NIST said Wednesday the draft Mobile Threat Catalogue and the draft Assessing Threats to Mobile Devices and Infrastructure seek to respond to the public and private organizations’ request for information on threats and how to mitigate the attacks.

September 14, 2016

The National Institute of Standards and Technology (NIST) has released a new resource which aims to help organizations protect their systems from mobile threats. The paper, which is currently at a draft stage and is requesting feedback, lists potential threats in a variety of areas, from authentication to supply chains, physical access to payments, as well as network protocols and infrastructure.

September 13, 2016

IT security departments have used guidance from NIST and other sources to help them defend the vulnerable connections between mobile devices and enterprise computer systems from malware, viruses and other types of attacks. Recently, organizations from both the public and private sectors have requested more specific information on threats and ways to mitigate them.

The draft Mobile Threat Catalogue (MTC) and the accompanying draft Assessing Threats to Mobile Devices & Infrastructure (NIST Interagency Report 8144 seek to answer those requests. To strengthen the catalogue, the authors request practitioners and experts in the field to review the catalogue and provide feedback and additional information. Please send comments on both projects to Nistir8144@nist.gov by October 12,...