Addressing NIST and DOD Requirements for Mobile Device Management (MDM) – Essential Capabilities for Secure Mobility

The National Institute for Standards and Technology (NIST) and the Defense Information Systems
Agency (DISA) have taken leading roles in exploring requirements for Mobile Device Management
(MDM) systems for government agencies.

Mobile devices, particularly smartphones, are exceptionally vulnerable to security breaches. They
are easily lost, are filled with unknown applications, communicate over untrusted networks, and are
often purchased by users without regard to IT standards and security features.
MDM products and platforms can help mitigate these vulnerabilities. But managing mobile devices
is a complex subject with many sub-topics, including policy management, secure communications,
secure storage, device authentication, remediation and auditing.

In this white paper we will look at NIST and DISA efforts to articulate requirements for Mobile
Device Management. We will:
• Review the special risks of managing mobile devices described in the NIST draft report
Guidelines for Managing and Securing Mobile Devices in the Enterprise (NIST Special
Publication 800-124 Revision 1, draft, July 2012).

• Outline high-level capabilities that should be provided by MDM systems, as listed in the same
document.

• Look at a selection of the detailed MDM requirements listed in Mobile Device Management
(MDM) Server Security Requirements Guide, draft version 1 from DISA.

• See how an MDM platform, Fiberlink, an IBM company’s MaaS360, can help organizations
address those requirements.