Reporting Requirements
Per NIST SP 800-53, “A mobile device is a computing device that has a small form factor such that it can easily be carried by a single individual; is designed to operate without a physical connection; possesses local, non-removable or removable data storage; and includes a self-contained power source.”
Specifically, Per AC-19 of NIST SP 800-53, organizations are to “Establish configuration requirements, connection requirements, and implementation guidance for organization-controlled mobile devices, to include when such devices are outside of controlled areas…” The keyword here is “establish”, which means you need a policy and procedure for AC-19.
Specifically, Per AC-19 of NIST SP 800-53, organizations are to “Establish configuration requirements, connection requirements, and implementation guidance for organization-controlled mobile devices, to include when such devices are outside of controlled areas…” The keyword here is “establish”, which means you need a policy and procedure for AC-19.
How to Get Started
Start by downloading our world-class mobile devices policy and procedures template, along with additional NIST RMF information security and privacy policies and procedures at the Arlington Security Portal (ASP).
