Fandom

The IT Law Wiki

Telework client device

32,199pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definition Edit

A telework client device is "[a] PC or consumer device used by a teleworker for performing telework."[1]

Security Edit

There are many threats to telework client devices, including malware and device loss or theft. Generally, telework client devices should include all the local security controls used in the organization’s secure configuration baseline[2] for its non-telework client devices.

Examples are applying operating system and application updates promptly, disabling unneeded services, and using anti-malware software and a personal firewall. However, because telework devices are generally at greater risk in external environments than in enterprise environments, additional security controls are recommended, such as encrypting sensitive data stored on the devices, and existing security controls may need to be adjusted. For example, if a personal firewall on a telework client device has a single policy for all environments, then it is likely to be too restrictive in some situations and not restrictive enough in others. Whenever possible, organizations should use personal firewalls capable of supporting multiple policies for their telework client devices and configure the firewalls properly for the enterprise environment and an external environment, at a minimum.

Organizations should ensure that all types of telework client devices are secured, including PCs, cell phones, and PDAs. For PCs, this includes physical security (for example, using cable locks to deter theft). For devices other than PCs, security capabilities and the appropriate security actions vary widely by device type and specific products, so organizations should provide guidance to device administrators and users who are responsible for securing telework consumer devices on how they should secure them.

References Edit

  1. NIST, Guide to Enterprise Telework and Remote Access Security, at A-1 (NIST Special Publication 800-46) (June 2009) (full-text).
  2. The National Checklist Repository (http://checklists.nist.gov/) is a source of security configuration baseline information.

Also on Fandom

Random Wiki