BSI minimum standard for Mobile Device Management
In recent years, smartphones, phablets and tablets have proved increasingly popular in the world of business. This is also true within the Federal Administration, which has an increased need for mobile end device usage that also permits the storage and processing of sensitive information. The type and scope of the data involved necessarily creates the potential for a wide range of threats and risks. Another important factor influencing the potential threat landscape is complexity – which results from the plethora of installed applications and a wide range of technical ecosystems. This complexity must also be met by technical resources.
With the help of systems for Mobile Device Management (MDM), mobile end devices can be integrated into the IT infrastructure of a federal office and managed centrally. In terms of security, the primary function of the MDM system is the effective enforcement of defined security policies and configuration parameters on the mobile end devices. Accordingly, the minimum standard defines functional and non-functional minimum security requirements that an MDM system must fulfil if it is to be deployed at a federal office. These requirements can therefore already be applied as part of the procurement procedure.
The minimum standard also specifies security requirements for the operation of the MDM system. By implementing technical and organisational measures, the minimum standard enables the achievement of a minimum level of security when deploying an MDM system.