News and Events

Mobile Security Landscape Continues to Evolve

March 07, 2017

The 2017 RSA Conference offered great opportunities, as usual, for the NCCoE staff to learn from the cyber community and engage with industry. The conference supported an entire track of mobile security talks, and common themes included the intersection of mobile security/IoT, and the (lack) of privacy within mobile ecosystems. As the NCCoE continues its work in mobile device security, we were excited to see mobile security gaining more traction at the RSA Conference.

Mobile Security Community of Interest Teleconference

December 09, 2016

The NCCoE will be hosting a conference call for individuals from industry, academy, and government interested in identifying mobile security challenges, providing practical mobile security expertise, and helping guide NCCoE mobile security projects. 

We intend for this Community of Interest to meet once a month for about an hour via teleconference. The first call will be on Friday, December 9 at 2pm ET. A portion of the call will be used to decide a more convenient time for regular Mobile Security Community of Interest meetings. We will also brief on past efforts and solicit input on new areas of interest.

NCCoE Hosts Mobile Threats and Defenses Workshop

October 06, 2016

On September 13, 2016, the National Cybersecurity Center of Excellence (NCCoE) hosted a workshop to review the recently released Mobile Threat Catalogue (MTC) with industry partners and identify missing areas of interest, new countermeasures, and potential mitigations. More than 50 mobile security industry members participated, including hardware manufacturers, operating system developers, malware detection companies, and mobile network operators. There was definitely expertise to go around!

NIST seeks comment on mobile device security, vehicle systems authentication projects

September 20, 2016

The National Institute of Standards and Technology's National Cybersecurity Center of Excellence on Tuesday announced public comment periods on three cybersecurity projects addressing mobile devices and law enforcement vehicle systems. The NCCoE will accept comments on its Assessing Threats to Mobile Devices and Infrastructure and Mobile Threat Catalogue until Oct. 7. Those two projects are aimed at identifying “a set of security controls and countermeasures that address mobile threats in a holistic manner.”

Evil Charging Stations, Smartphone Hackers: NIST Outlines Mobile Threats

September 19, 2016

The National Institute of Standards and Technology has published a "mobile threat catalogue" that broadly sketches out parts of a mobile device strategy that need special attention, including securing physical access to smartphones and tablets, as well as authenticating who is using the device with passwords, fingerprints or voice recognition.

NIST report encourages wider view of mobile security ecosystem

September 14, 2016

The National Institute of Standards and Technology (NIST) has released a new resource which aims to help organizations protect their systems from mobile threats. The paper, which is currently at a draft stage and is requesting feedback, lists potential threats in a variety of areas, from authentication to supply chains, physical access to payments, as well as network protocols and infrastructure.

NIST Unveils New Mobile Security Resources; Joshua Franklin Comments

September 14, 2016

The National Institute of Standards and Technology has introduced new resources intended to help organizations protect their mobile devices and computer systems from malware threats. NIST said Wednesday the draft Mobile Threat Catalogue and the draft Assessing Threats to Mobile Devices and Infrastructure seek to respond to the public and private organizations’ request for information on threats and how to mitigate the attacks.

New NIST Resources Help Organizations Protect Systems from Mobile Threats

September 13, 2016

IT security departments have used guidance from NIST and other sources to help them defend the vulnerable connections between mobile devices and enterprise computer systems from malware, viruses and other types of attacks. Recently, organizations from both the public and private sectors have requested more specific information on threats and ways to mitigate them.

The draft Mobile Threat Catalogue (MTC) and the accompanying draft Assessing Threats to Mobile Devices & Infrastructure (NIST Interagency Report 8144 seek to answer those requests. To strengthen the catalogue, the authors request practitioners and experts in the field to review the catalogue and provide feedback and additional information. Please send comments on both projects to Nistir8144@nist.gov by October 12,...

NIST and NCCoE Assess Threats to Mobile Devices and Infrastructure

September 12, 2016

NIST and NCCoE have identified and categorized potential threats and mitigations, drawing from various sources. They seek public input to validate their initial work, and to help them develop a final Mobile Threat Catalogue and NISTIR 8144 publication.

ATARC Federal Mobile Computing Summit

April 05, 2016

NCCoE IT Security Specialist Joshua Franklin will co-present "Mobile App Vetting Strategy" at the ATARC Federal Mobile Computing Summit at the Grand Hyatt in Washington, D.C.

Understanding HIPAA Regulations and Mobile Devices

March 08, 2016

One of the recent tools created to help organizations stay compliant with their mobile devices was released toward the end of last year.

The National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence (NCCoE) developed a guideline for implementing mobile security measures on both personal and organization-owned mobile devices.

The cybersecurity practice guide, “Mobile Device Security: Cloud & Hybrid Builds,” was designed to help combat the increasing security threat as more facilities implement mobile and cloud options.

RSA Conference 2016

February 28, 2016

The NCCoE will be participating with NIST at the RSA Conference 2016 at Moscone Center in San Francisco, CA.

Standards Groups Release Guide on Workplace Mobile Device Security

November 08, 2015

The National Institute of Standards and Technology and the National Cybersecurity Center of Excellence have released a guide to keeping personal information secure on workers' mobile devices...

New federal guidance on cybersecurity for mobile devices

November 08, 2015

The Mobile Device Security guidance was issued by NIST’s National Cybersecurity Center of Excellence (“NCCoE”), a partnership among NIST and companies in the technology industry. The guidance emerged from NIST’s collaboration with Microsoft, Intel, Lookout and Symantec.

NIST’s new draft guidance maps out in some detail how companies might mitigate the security risks caused by employee use of mobile devices. This makes it quite different from the NIST Framework, which speaks more in terms of broad categories of issues and tends to leave implementation details to a company’s discretion.

NIST, NCCoE release 'how to' draft guide for mobile device security

November 05, 2015

Two cybersecurity groups have released a "how to" draft guide for organizations to keep private and sensitive information stored on employees' mobile devices secure.

The guide, from the National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence (NCCoE), includes ways to keep data secure "throughout the mobile device lifecycle," according to an executive summary.

NIST Guide Aims to Help Companies Protect Mobile Data

November 05, 2015

The National Institute of Standards and Technology has released draft guidance on how private enterprises can manage the cybersecurity of sensitive business data that employees store or access in mobile devices.

NIST said Wednesday the agency-run National Cybersecurity Center of Excellence provided in the guide several methods for organizations to configure, install and embed commercial mobile device security technology into their systems.

NIST requests feedback on mobile cybersecurity guide

November 04, 2015

Government scientists are asking for feedback on a new guide they've developed to help companies establish a secure framework for their employees' mobile devices — increasingly a key component of business models around the country.

The National Cybersecurity Center of Excellence, part of the National Institute of Standards and Technology, Wednesday issued “Mobile Device Security: Cloud & Hybrid Builds.”

NIST, NCCoE Develop Mobile Device Security Draft Guide

November 04, 2015

As mobile devices have fully integrated into everyday life, they are permeating into the healthcare sphere as well. While these devices share the computing power and other advantages of traditional health IT, they present a major risk.

To combat issues of mobile device security, the National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence (NCCoE) have developed a guideline for implementing mobile security measures on both personal and organization-owned mobile devices.

New guide maps NIST, industry security standards to mobile devices

November 04, 2015

The National Institute of Standards and Technology is seeking public comment on a new guide that maps NIST and other standards organizations’ cybersecurity standards to mobile devices.

The NIST National Cybersecurity Center of Excellence guideMobile Device Security: Cloud and Hybrid Builds, applies existing standards to help organizations reduce their cyber risk and increase awareness of cybersecurity issues, according to NIST.

NIST Invites Comments on Practice Guide for Improving Mobile Device Security

November 03, 2015

The National Cybersecurity Center of Excellence (NCCoE) requests comments on a draft guide to help organizations better secure and manage their mobile devices.

The draft NIST Cybersecurity Practice Guide Mobile Device Security: Cloud & Hybrid Builds (Special Publication 1800-4) demonstrates how commercially available technologies can help companies secure sensitive data accessed by and/or stored on mobile devices used by employees.