CIS Critical Security Controls v8 Mobile Companion Guide

The security challenges facing the usage of mobile devices in the enterprise warrant additional attention. While many of the core security concerns of enterprise IT systems are shared by mobile devices and their management systems, unique challenges exist.

This guide offers a consistent approach for analyzing CIS Critical Security Controls in the context for mobile. For each of the CIS Controls, the following information is provided:

Applicability — The applicability field assesses the degree to which a CIS Control functions within the mobile space.

Deployment Considerations — Deployment considerations analyze if specific mechanisms are needed for a particular mobile deployment model, such as BYOD or fully-managed. Unmanaged deployment models are not addressed, as all mobile devices used for work tasks should be managed in some way, either via technical and/or procedural means, or via policy.

Additional Discussion — This is a general area for any guidance that also needs to be noted. For instance, relevant tools, products, or threat information that could be of use can be placed here.