CISA's Mobile Device Cybersecurity Checklist SOC 2 (Service Organization Control 2)

What is the CISA's Mobile Device Cybersecurity Checklist?

The Cybersecurity and Infrastructure Security Agency (CISA) provides a checklist designed to assist individuals and organizations in improving the security posture of their mobile devices. The checklist covers device configuration, network connections, Software Updates, App Security, Data Protection, Mobile Device Management (MDM), Phishing and Social Engineering.

CISA’s principles applying to mobile device fleets protection

Good app security

Companies should use curated and official app stores, the apps in these stores are safer than those in unofficial stores. They should isolate enterprise apps from personal apps in a separate environment. This is especially good practice for personally owned devices. Businesses should ensure an app vetting strategy is in place for enterprise-developed applications. 

Security-focused device management

CISA’s checklist specifies that platforms such as operating systems should always be updated to the latest version. A company should make sure all devices connected to company servers are trusted. They should be updated to the latest platform patch level, properly configured to enterprise standards, not jailbroken or rooted and continuously monitored.

Protected network communications

Every network connection to a device is a potential point of entry that can be exploited to exfiltrate data, attack a device, or even surreptitiously gain control over the device. Disabling bluetooth, Wi-Fi, GPS, NFC, … or securing these connections with an MTD is best practice. Use secure communication apps and protocols.

Protected devices

CISA’s checklist recommends protecting your devices with a Mobile Threat Defense (MTD) system to monitor their behaviours and configurations.

Meet CISA’s mobile security checklist

One of CISA’s checkpoints is to protect your devices with an MTD system. Pradeo’s Mobile Threat Defense is top of the range, it will protect your companies’ mobile fleet and give the administrator the tools needed to monitor security. For devices that are used both for business and personal, an MDM keeps apps with business information in a separate environment than those for personal use. You can then protect your business environment against outside threats with an MTD solution. A private store is the best solution for a 100% personally owned device that is sometimes used for business. It regroups company apps, resources and data in one secure white label app. Companies that develop or market their own app, need a solution from the app suite. CISA asks businesses to ensure an app vetting strategy is in place for enterprise-developed applications. Pradeo’s Static Application Security Testing is an easy-to-use solution to vet and secure all your apps in one place.