BYOD Smartphone and Tablet Security Guidelines

BYOD smartphone and tablet security policy guidelines as told by NIST

“Many mobile devices, particularly those that are personally owned (bring your own device [BYOD]), are not necessarily trustworthy. Current mobile devices lack the root of trust features (e.g., TPMs) that are increasingly built into laptops and other types of hosts. There is also frequent jailbreaking and rooting of mobile devices, which means that the built-in restrictions on security, operating system use, etc. have been bypassed,” write the co-authors of the NIST document, Murugiah Souppaya, computer scientist at NIST and outside consultant Karen Scarfone, principle at Scarfone Cybersecurity. “Organizations should assume that all phones are untrusted unless the organization has properly secured them before user access and monitors them continuously while in use with enterprise applications or data.”

If a business has mixture of devices because of outside consultant that you provide access to networks are that are on-site in your facility you need to provide the strict guidelines for the presence of devices in confidential meeting particularly those conducted with in a SCIF.  All devices should be secured outside the SCIFF / meeting facility to mitigate the opportunity for the device to become a listening / transmitter from within the SCIFF.