Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

CISA Releases Guidance on Securing Enterprise Mobile Devices

The United States Cybersecurity and Infrastructure Security Agency (CISA) last week published a Capacity Enhancement Guide (CEG) to help organizations secure mobile devices and their access to enterprise resources.

The United States Cybersecurity and Infrastructure Security Agency (CISA) last week published a Capacity Enhancement Guide (CEG) to help organizations secure mobile devices and their access to enterprise resources.

The Enterprise Mobility Management (EMM) system checklist is meant to help businesses mitigate vulnerabilities and increase overall enterprise protections by implementing a series of best practices for securing enterprise-managed mobile devices.

In this regard, CISA recommends the use of devices that meet enterprise requirements, enabling automatic updates through a Mobile Device Management (MDM) system, implementing a trusted devices policy (for updated, unrooted, and EMM-configured devices), and denying access for untrusted devices.

Enforcing strong authentication (including PINs of at least 6 digits) on the enterprise-trusted devices is another easy-to-implement policy that boosts overall device security, the same as the use of two-factor authentication (2FA) when enabling access to enterprise networks.

CISA’s CEG also encourages enterprises to practice good app security, including the use of curated app stores, isolating enterprise applications, minimizing the amount of personally identifiable information (PII) in apps, disabling sensitive permissions, vetting enterprise-developed applications, and restricting OS/app synchronization, to prevent data leaks.

Furthermore, organizations are advised to disable radios such as Bluetooth, GPS, NFC, and Wi-Fi when they are not in use, as well as to disable user certificates and to employ secure communication apps and protocols, such as VPNs, when mobile devices connect to the enterprise network.

Ensuring that mobile devices are protected at all times is also essential to securing the enterprise network, CISA says. Thus, organizations are advised to use Mobile Threat Defense (MTD) systems, to ensure that only trusted chargers and cables are used for charging devices, and that the lost device function is enabled.

Ultimately, organizations of all types should also make sure that mobile devices do not connect to critical systems, as any infected device could lead to the compromise of business-critical ancillary systems.

Separately, CISA published a CEG for consumers looking to improve the security of their mobile devices, with recommendations that should be applied to any device, especially those that organizations allow employees to connect to enterprise networks.

Related: CISA Releases Incident and Vulnerability Response Playbooks

Related: NSA, CISA Issue Guidance on Selecting and Securing VPNs

Related: New CISA Tool Helps Organizations Assess Insider Threat Risks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.