NIST, NCCoE release 'how to' draft guide for mobile device security

Two cybersecurity groups have released a "how to" draft guide for organizations to keep private and sensitive information stored on employees' mobile devices secure.

The guide, from the National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence (NCCoE), includes ways to keep data secure "throughout the mobile device lifecycle," according to an executive summary.

In addition, the guide "demonstrates a standards-based reference design and provides users with the information they need to replicate this approach to mobile device security."

Securing the information on, or being accessed by, mobile devices is becoming increasingly important in the healthcare industry due to the sensitive nature of the data, and the increase in "bring your own device" policies at provider organizations. In fact, a majority of nurses, responding to a June survey on device use, say they are using their own tablets, smartphones and other tools daily at work, FierceMobileHealthcare previously reported. 

NCCoE says it used commercial products to address security challenges and create the guide, but does not endorse those specific products.

The guide, Mobile Device Security: Cloud and Hybrid Builds, includes information on:

  • How to reduce risks to sensitive data being accessed or stored on mobile devices by identifying needed security characteristics
  • Standards and best practices from NIST and others on security characteristics
  • A solution for device security, with steps on how to install, configure and integrate the solution into IT infrastructures

Feedback on the guide is welcome, according to the NCCoE, and can be submitted through Jan. 8, 2016.

Personal mobile devices also can easily be lost, stolen or misplaced, which makes keeping the information stored in them secure even more important. Thirty-nine percent of healthcare security incidents in the past nine years have involved a device loss or theft. The incidents accounted for nearly 80 percent of all reported data breaches involving healthcare records.

To learn more:
- here's the executive summary
- check out the draft guide