Receive industry and products news from the market categories that matter to you most.
Stay up to date on industry news and trends, product announcements and the latest innovations.
NIST updates recommendations for telework data security.
Press Release Summary:
Feb 27, 2009 - NIST has updated its guide on maintaining data security while teleworking with Special Publication 800-46 Revision 1, Guide to Enterprise Telework and Remote Access Security. It recommends that organization's remote access servers be located and configured in ways that protect organization and that home-based devices used for telework be configured with proper security measures. Companion publication offers advice for individuals on securing their mobile devices.
Original Press Release
Updated Recommendations for Protecting Wireless, Remote Access Data
Press release date: Feb 24, 2009
The revised guide offers advice for protecting the wide variety of private and mobile devices from threats that have appeared since the first edition appeared in August 2002. Together with the preponderance of dangerous malware on the Web, the vulnerability of wireless transmissions from mobile devices has created dramatic new security challenges.
"In terms of remote access security, everything has changed in the last few years. Many Web sites plant malware and spyware onto computers, and most networks used for remote access contain threats but aren't secured against them," says Karen Scarfone of NIST's Computer Security Division. "However, even if teleworkers are using unsecured networks, the guide shows the steps organizations can take to protect their data."
Among these steps is the recommendation that an organization's remote access servers-the computers that allow outside hosts to gain access to internal data-be located and configured in ways that protect the organization. Another is to ensure that all mobile and home-based devices used for telework be configured with security measures so that exchanged data will maintain its confidentiality and integrity. Above all, Scarfone says, an organization's policy should be to expect trouble and plan for it.
"You should assume external environments contain hostile threats," she says. "This is a real philosophy shift from several years ago, when the attitude was essentially that you could trust the home networks and public networks used for telework."
The new guide provides recommendations for organizations. A companion publication* offers advice for individual users on securing their own mobile devices.
While intended primarily for U.S. federal government agencies, the guide has been written in broad language in order to be helpful to any group that engages in telework. Formally titled Special Publication 800-46 Revision 1, Guide to Enterprise Telework and Remote Access Security, it is available at the NIST Computer Security Resource Center's draft publication Web site: http://csrc.nist.gov/publications/PubsDrafts.html.
* SP 800-114, User's Guide to Securing External Devices for Telework and Remote Access, http://csrc.nist.gov/publications/nistpubs/800-114/SP800-114.pdf.
Media Contact: Chad Boutin, firstname.lastname@example.org, (301) 975-4261
Don't miss the latest news!