Story updated on March 28
The National Institute of Standards and Technology has prepared two draft frameworks that seek to help companies address security risks associated with mobile devices and monitor access to facilities and systems.
NIST’s proposals include cyber strategies for different private sector industries and how to incorporate the plans into industry-specific use cases at the NIST-run national cybersecurity center of excellence, the agency said in February.
The “Attribute Based Access Control Building Block” document proposes a method for enterprises to verify employees’ identities and share data with other organizations.
NIST says this approach encourages companies to enforce a risk-based policies for managing a non-employee’s access to corporate assets.
Greg Gardner, chief architect of NetApp‘s defense solutions, has noted that in the pursuit of security, performance and usability, “you can fully have two but not all three,” the Washington Business Journal reported.
“Mobile applications that embrace both innovation and security must be thoughtfully crafted to provide an excellent user experience,” Gardner added.
“It’s a very tough challenge.”
The “Mobile Device Security for Enterprises Building Block” paper suggests a range of commercial mobile security platforms that are built to protect corporate networks, the agency states.
Stakeholders submit feedback on recommendations contained in the two draft publications in late March.