NIST 800-46

The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the US Commerce Department, tasked with researching and establishing standards across all federal agencies.

NIST 800-46 helps organizations regardless of business size, sector, or industry to protect their IT systems and information from the security risks that accompany the use of telework and remote access technologies including the security of Bring Your Own Device (BYOD) technologies.

Although not mandatory, complying with NIST 800-46 is considered good practice, especially given that telework and remote access technologies often need additional protection due to their higher exposure to external threats.

NIST 800-46 compliance includes deployment of some or all of the following security measures:

  • Developing and enforcing a telework security policy, such as tiered levels of remote access

  • Requiring multi-factor authentication for enterprise access

  • Using validated encryption technologies to protect communications and data stored on the client devices

  • Ensuring that remote access servers are secured effectively and kept fully patched

  • Securing all types of telework client devices—including desktop and laptop computers, smartphones, and tablets—against common threats