navigation-background arrow-down-circle Reply Icon Show More Heart Delete Icon wiki-circle wiki-square wiki arrow-up-circle add-circle add-square add arrow-down arrow-left arrow-right arrow-up calendar-circle chat-bubble-2 chat-bubble check-circle check close contact-us credit-card drag menu email embed facebook-circle snapchat-circle facebook-square facebook faq-circle faq film gear google-circle google-square googleplus history home instagram-circle instagram-square instagram linkedin-circle linkedin-square linkedin load monitor Video Player Play Icon person pinterest-circle pinterest-square pinterest play readlist remove-circle remove-square remove search share share2 sign-out star trailer trash twitter-circle twitter-square twitter youtube-circle youtube-square youtube

NIST updates BYOD guidance for teleworking feds

March 15, 2016 (Photo Credit: GSA)

Most agencies have some kind of bring-your-own-device policy, ranging from prohibition to qualified acceptance. However, when federal employees are teleworking, some BYOD creep can’t be helped — even if an employee is using a government laptop, they’re connecting over their personal WiFi.

At the same time, instances of malware tend to spike during holidays, snowstorms and any other time people are spending more time than usual at home.

To help agencies cope, the National Institute of Standards and Technology recently updated its telework BYOD guidance.

“Organizations are realizing that many data breaches occur when attackers can steal important information from a network by first attacking computers used for telework,” said Murugiah Souppaya, a NIST computer scientist. “To prevent breaches when people are teleworking, organizations need to have stronger control over their sensitive data that can be accessed by — or stored on — telework devices.”

The updated NIST documents — 800-46 and 800-114 — outline the new threat space created by the spread of BYOD and offers two new technologies that can help agencies manage the risks.

The first is a virtual mobile infrastructure (VMI), similar to a virtual desktop environment but engineered for mobile devices like phones and tablets. The virtue of a VMI solution is the temporary environment and the data used within are destroyed after the session ends, limiting what thieves can access through the device.

The second is a mobile device management (MDM) program, which pushes security policies down onto mobile devices from a central point, like an agency security operations center.

Along with tips for agencies, the draft documents also advises employees to thoroughly understand their department’s BYOD policies.

The two documents are open for comment through April 15.

Next Article