NIST draft security publication for cell phones, PDAs

Draft guidelines published, comments solicited


In recent years cell phones and PDAs—“Personal Digital Assistants”—have exploded in power, performance and features. They now often boast expanded memory, cameras, Global Positioning System receivers and the ability to record and store multimedia files and transfer them over wireless networks—in addition to the cell phone system—using WiFi, infrared and Bluetooth communications. Oh, yes, and make phone calls.

On July 7, the National Institute of Standards and Technology (NIST) published for comment draft guidelines on security considerations for cell phones and PDAs. Part of a series of publications on computer security issues, the draft guidelines provide an overview of cell phones and PDA devices in use today and the growing security threats that they face and propose a framework that organizations can use to manage the security risks.

“The security issues for cell phones and PDAs range beyond those of other computer equipment,” the NIST authors observe. “Moreover, many common safeguards available for desktop and networked computers are generally not as readily available across a broad spectrum of handheld device types.” The draft document notes that some security enhancements better known in the personal computer world are becoming available for PDAs and smart phones, including stronger user authentication systems based on biometrics, and firewall, antivirus and intrusion detection software.

Comments on the draft document are due by Aug. 8, 2008, and should be submitted by e-mail to 800-124comments@nist.gov with “Comments SP 800-124” in the subject line.

Draft NIST computer security publications including Guidelines on Cell Phone and PDA Security (Special Publication 800-124 Draft) are available online from the NIST Computer Security Resource Center.