CONFERENCE Watch Now: Threat Detection & Incident Response (TDIR) Summit - Watch Event On-Demand
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

CISA Releases Guidance on Securing Enterprise Mobile Devices

The United States Cybersecurity and Infrastructure Security Agency (CISA) last week published a Capacity Enhancement Guide (CEG) to help organizations secure mobile devices and their access to enterprise resources.

The United States Cybersecurity and Infrastructure Security Agency (CISA) last week published a Capacity Enhancement Guide (CEG) to help organizations secure mobile devices and their access to enterprise resources.

The Enterprise Mobility Management (EMM) system checklist is meant to help businesses mitigate vulnerabilities and increase overall enterprise protections by implementing a series of best practices for securing enterprise-managed mobile devices.

In this regard, CISA recommends the use of devices that meet enterprise requirements, enabling automatic updates through a Mobile Device Management (MDM) system, implementing a trusted devices policy (for updated, unrooted, and EMM-configured devices), and denying access for untrusted devices.

Enforcing strong authentication (including PINs of at least 6 digits) on the enterprise-trusted devices is another easy-to-implement policy that boosts overall device security, the same as the use of two-factor authentication (2FA) when enabling access to enterprise networks.

CISA’s CEG also encourages enterprises to practice good app security, including the use of curated app stores, isolating enterprise applications, minimizing the amount of personally identifiable information (PII) in apps, disabling sensitive permissions, vetting enterprise-developed applications, and restricting OS/app synchronization, to prevent data leaks.

Furthermore, organizations are advised to disable radios such as Bluetooth, GPS, NFC, and Wi-Fi when they are not in use, as well as to disable user certificates and to employ secure communication apps and protocols, such as VPNs, when mobile devices connect to the enterprise network.

Ensuring that mobile devices are protected at all times is also essential to securing the enterprise network, CISA says. Thus, organizations are advised to use Mobile Threat Defense (MTD) systems, to ensure that only trusted chargers and cables are used for charging devices, and that the lost device function is enabled.

Ultimately, organizations of all types should also make sure that mobile devices do not connect to critical systems, as any infected device could lead to the compromise of business-critical ancillary systems.

Advertisement. Scroll to continue reading.

Separately, CISA published a CEG for consumers looking to improve the security of their mobile devices, with recommendations that should be applied to any device, especially those that organizations allow employees to connect to enterprise networks.

Related: CISA Releases Incident and Vulnerability Response Playbooks

Related: NSA, CISA Issue Guidance on Selecting and Securing VPNs

Related: New CISA Tool Helps Organizations Assess Insider Threat Risks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.