Analysis of the NIST Mobile Device Security Practice Guide's Applicability to Australia

Abstract

The Australian Cyber Security Growth Network (AustCyber) contracted with The MITRE Corporation (MITRE) to assess the applicability of the National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide for Mobile Device Security: Cloud and Hybrid Builds (the Practice Guide) to organizations within Australia to consider opportunities for standards harmonization and proactive regulatory reform. Mobile devices, most frequently in the form of smartphones and tablets, are a key feature of Australia's society and its business activities-securing those devices and the data they carry is critical. While MITRE has considered the role of government and larger enterprises in this report, considerable attention is paid to small and medium-size enterprises (SMEs) due to their important role in the Australian economy. Many of these organizations have limited operational knowledge of cybersecurity. Australian organizations, and particularly SMEs, need practical advice that helps them understand their need for cybersecurity, along with easily consumable guidelines that are affordable and easy to implement. MITRE found that the abundance of standards and guidelines available to Australian organizations at both the federal and state/territory level caused confusion around what advice should be adopted. "Cyberaware" organizations are overregulating, doing nothing, or applying a mixture of domestic and international standards for guidelines. The result is inefficient and is a barrier to improving Australia's cyber resilience. The Australian government can begin to address this issue by taking steps to harmonize the guidelines it provides to industry and other levels of Australian government.

Document Details

Document Type

Technical Report

Publication Date

Mar 01, 2018

Accession Number

AD1108041

Entities

Tags