NIST Special Publication 1800-4

Citation
National Institute of Standards and Technology, (DRAFT) Mobile Device Security: Cloud & Hybrid Builds (NIST Special Publication 1800-4) (Nov. 5, 2015) (full-text).

Overview
Mobile devices allow employees to access information resources wherever they are, whenever they need. The constant Internet access available through a mobile device's cellular and Wi-Fi connections has the potential to make business practices more efficient and effective. As mobile technologies mature, employees increasingly want to use mobile devices to access corporate enterprise services, data, and other resources to perform work-related activities. Unfortunately, security controls have not kept pace with the security risks that mobile devices can pose. If sensitive data is stored on a poorly secured mobile device that is lost or stolen, an attacker may be able to gain unauthorized access to that data. Even worse, a mobile device with remote access to sensitive organizational data could be leveraged by an attacker to gain access to not only that data, but also any other data that the user is allowed to access from that mobile device. The challenge lies in ensuring the confidentiality, integrity, and availability of the information that a mobile device accesses, stores, and processes. Despite the security risks posed by today's mobile devices, enterprises are under pressure to accept them due to several factors, such as anticipated cost savings and employees' demand for more convenience. This Practice Guide demonstrates how commercially available technologies can meet an organization's needs to secure sensitive enterprise data accessed by and/or stored on employees' mobile devices.