NIST requests review and comments on Special Publication (SP) 800-46 Revision 2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security. This document presents recommendations for safeguarding the technologies used for telework and remote access.
The public comment period is open through October 30, 2020. See the call for comments for a list of planned objectives for updating the SP. Please submit your comments to telework@nist.gov. Note that all comments are subject to release under the Freedom of Information Act (FOIA).
A new community of interest on this topic is also being created, and a new project—Telework: Working Anytime, Anywhere—is now available on CSRC.
Background
Originally published in 2002, SP 800-46 was most recently updated in 2016. Work-from-home and other forms of telework—performing work from locations other than an employer’s facilities—have been on the rise for some time, but sharply increased in 2020 because of the COVID-19 pandemic. For many, telework is now the only way to get work done, and the original concept of “telework” has evolved into being able to work anytime, anywhere.
The technologies used for telework have also evolved since 2016. Examples of this include the ubiquity of mobile devices, the expectation to be able to access information from anywhere at any time, and the highly distributed nature of data and apps across end user devices, data centers, and clouds. Telework and zero-trust architecture may even be converging in the near future.
All of these recent changes are affecting cybersecurity and privacy risks, and organizations need to be aware of and manage these risks. Accordingly, NIST is soliciting public feedback on this Special Publication to identify areas that industry, government, and others deem most important to revise or add. NIST would also like suggestions of existing resources related to telework cybersecurity and privacy that could help inform the update of SP 800-46. Please send all comments to telework@nist.gov.
Community of Interest
NIST is also building a community of interest so that interested individuals and organizations can follow the progress of NIST telework cybersecurity and privacy publications and can provide input on them. To join the community of interest, please send a request to telework@nist.gov.
Planned Updates
See the call for comments for a list of planned objectives for updating SP 800-46 Rev. 2.
Call for Comments and planned objectives for SP 800-46 Rev. 2:
https://csrc.nist.gov/publications/detail/sp/800-46/rev-3/draft
https://csrc.nist.gov/publications/detail/sp/800-46/rev-3/draft#planned_updates
New project on CSRC—”Telework: Working Anytime, Anywhere”:
https://csrc.nist.gov/projects/telework-working-anytime-anywhere
