NIST presents building blocks for mobile security
NIST's National Cybersecurity Center of Excellence has proposed two new cybersecurity building blocks, one to help organizations develop capabilities for attribute-based access control, and the other to help address enterprise security issues that result from the use of mobile devices to access company resources.
Building blocks are cybersecurity implementations that apply to multiple industry sectors and are expected to be incorporated into many of the center's sector-specific use cases, the agency said in its announcement.
The draft Attribute Based Access Control building block proposes an identity management system that allows multiple enterprises to exchange and validate employee attributes such as title, division, certifications and training. This would allow an organization like a disaster recovery team to grant a visiting doctor access to a range of hospital resources using risk-based policy enforcement.
The technology demoed in this building block will use commercially available technologies and be modular, allowing organizations flexibility in their implementations based on their network infrastructures. Comments should be submitted to firstname.lastname@example.org by March 28, 2014.
The draft Mobile Device Security for Enterprises building block proposes a system of commercially available technologies that provide enterprise-class protection for mobile platforms that access corporate resources.
The building block will examine security technologies that can enable enterprise risk management for users to work inside and outside the corporate network using a securely configured mobile device. It will also incorporate a layered approach that allows enterprises to tailor solutions to their business needs. Comments should be submitted to email@example.com by March 28, 2014.
Posted by GCN Staff on Feb 26, 2014 at 10:03 AM