The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the US Commerce Department, tasked with researching and establishing standards across all federal agencies.
NIST 800-46 helps organizations regardless of business size, sector, or industry to protect their IT systems and information from the security risks that accompany the use of telework and remote access technologies including the security of Bring Your Own Device (BYOD) technologies.
Although not mandatory, complying with NIST 800-46 is considered good practice, especially given that telework and remote access technologies often need additional protection due to their higher exposure to external threats.
NIST 800-46 compliance includes deployment of some or all of the following security measures:
Developing and enforcing a telework security policy, such as tiered levels of remote access
Requiring multi-factor authentication for enterprise access
Using validated encryption technologies to protect communications and data stored on the client devices
Ensuring that remote access servers are secured effectively and kept fully patched
Securing all types of telework client devices—including desktop and laptop computers, smartphones, and tablets—against common threats