CISA's Mobile Device Cybersecurity Checklist compliance

The Cybersecurity and Infrastructure Security Agency (CISA) provides a checklist to help individuals and organizations strengthen the security of their mobile devices. The checklist covers key areas such as device configuration, network connections, software updates, application security, data protection, mobile device management (MDM), phishing, and social engineering.

CISA’s principles applying to mobile and application security

Good app security

Companies should use curated and official app stores, as their applications are more secure than those from unofficial sources. Enterprise applications should be isolated from personal ones, especially on personally owned devices. Organizations should also implement an application vetting strategy for internally developed applications.

Security-focused device management

CISA recommends always updating operating systems to the latest version. All devices connected to company servers should be trusted, updated with the latest security patches, configured to enterprise standards, not jailbroken or rooted, and continuously monitored.

Protected network communications

Each network connection to a mobile device is a potential attack vector. To prevent exploitation, connections such as Bluetooth, Wi-Fi, GPS, and NFC should be disabled when not needed or protected using a Mobile Threat Defense (MTD) solution. Secure protocols and communication applications are also recommended.

Protected devices

Devices should be monitored using an MTD solution to detect suspicious behaviors and misconfigurations. This continuous protection is key to maintaining mobile fleet security.

How to comply

To meet CISA’s checklist, organizations should deploy a Mobile Threat Defense solution like Pradeo’s, which monitors device behavior, configurations, and defends against malware, phishing, and network exploits. For devices used for both personal and business purposes, combining an MDM with MTD enables secure separation of work apps from personal ones.

Finally, organizations developing their own mobile applications must implement a vetting strategy. Pradeo’s Application Security Testing (AST) enables easy and centralized analysis and protection of all enterprise-developed applications.

 

For fully personal devices occasionally used for business, a private store is recommended. This secure, white-label application gathers all company applications, resources, and data in one protected space.

Scroll to Top