The Information Technology Laboratory, a component of the NIST Computer Resource Center, has issued a bulletin that reiterates NIST standards for teleworking. Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions summarizes key concepts and recommendations from NIST SP 800-46, a more comprehensive guide published in 2016. It includes deploying some or all of the following security measures:
- Developing and enforcing a telework security policy, such as having tiered levels of remote access
- Requiring multi-factor authentication for enterprise access
- Using validated encryption technologies to protect communications and data stored on the client devices
- Ensuring that remote access servers are secured effectively and kept fully patched
- Securing all types of telework client devices—including desktop and laptop computers, smartphones, and tablets—against common threats
