NIST Guidance: Teleworking Security

The National Institute of Standards and Technology (NIST) has released a new IT Laboratory Bulletin on Telework Security. The bulletin draws from the original 2016 NIST Special Publication 800-46 Revision 2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device Security.

The release reviews guidance to help mitigate risk and develop secure IT practices for organizations utilizing remote access servers and devices. The following are general security measures provided by NIST to help protect IT systems and networks:

  • Develop and enforce a telework security policy, such as having tiered levels of remote access.
  • Require multi-factor authentication for enterprise access
  • Use validated encryption technologies to protect communications and data stored on the client devices (see FIPS 140-2)
  • Ensure that remote access servers are secured effectively and kept fully patched.
  • Secure all types of telework client devices—including desktop and laptop computers, smartphones, and tablets—against common threats.

The document also covers critical topics and areas that need to be addressed in addition to deploying sound security such as Remote Access Methods (Tunneling, Portals, Direct Application Access, Remote Desktop Access) and Security Concerns (Physical Security, Unsecured Networks, External Access to Internal Restricted Resources).

For more information and the full details on how to protect your environment during teleworking, review the NIST ITL found here.

About Corsec Security, Inc.

For two decades Corsec has assisted companies through the IT security certification process for FIPS 140-2, Common Criteria (CC) and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

Connect With Us

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

###

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com