NIST addresses mobile security threats in catalog

The National Institute of Standards and Technology (NIST) has issued a catalog of mobile threats in response to IT security departments’ requests for more guidance on how to address the risks they face.

The draft catalog includes information on threats in various areas, such as authentication, supply chain management, and ecosystem and network protocols, and addresses areas such as Wi-Fi, Bluetooth and mobile payments. It also looks at more common problems, such as mobile malware, and presents countermeasures that can be taken against them, according to an announcement.

While the catalog is not specific to healthcare, many healthcare organizations use the NIST cybersecurity framework, which has been mapped to HIPAA.

The catalog expands upon the draft “how-to” guide for mobile developers that NIST released in November. NIST also previously published a guide to help healthcare providers secure patient data on mobile devices.

NIST seeks to broaden its perspective on mobile security to include the entire ecosystem to cover threats that occur, for example, through cellular networks, cloud infrastructure and app stores. It’s urging security practitioners to submit feedback on the draft catalog through Oct. 12.

NIST and the Department of Homeland Security Science & Technology Directorate worked together on the catalog, which is part of a study on mobile device security due to be presented to Congress in December.