Advanced steps – XProtect Mobile client
SP 800-124 revision 1 (https://csrc.nist.gov/publications/detail/sp/800-124/rev-1/final) provides guidance that is specifically for mobile devices. The information it contains applies to all topics in this section.
Always use the XProtect Mobile client on secure devices
Milestone recommends that you always use the XProtect Mobile client on secure devices that are configured and maintained according to a security policy. For example, ensure that mobile devices do not allow users to install software from unauthorized sources. An enterprise app store is one example of a way to constrain device applications as part of overall mobile device management.
Learn more
The following control(s) provide additional guidance:
- NIST SP 800-53 SC-7 Boundary Protection
- NIST SP800-53 CM-6 Configuration Settings
Download the XProtect Mobile client from authorized sources
Milestone recommends that you download the XProtect Mobile client from one of these sources:
- Google Play Store
- Apple App Store
- Microsoft Windows Store.
Learn more
The following control(s) provide additional guidance:
- NIST SP 800-53 SC-7 Boundary Protection
- NIST SP 800-53 CM-6 Configuration Settings
Mobile devices should be secured
If you want to access the VMS with a mobile device over a public or untrusted network, Milestone recommends that you do so with a secure connection, use proper authentication and Transport Layer Security (TLS) (https://datatracker.ietf.org/wg/tls/charter/) (or connect through VPN (https://datatracker.ietf.org/wg/ipsec/documents/)) and HTTPS. This helps protect communications between the mobile device and the VMS.
Milestone recommends that mobile devices use screen-lock. This helps prevent unauthorized access to the VMS, for example, if the smart phone is lost. For maximum security, implement a security policy to prohibit the XProtect Mobile client from remembering the user name and password.
Learn more
The following control(s) provide additional guidance:
- NIST SP 800-53 AC-2 Account Management
- NIST SP 800-53 AC-17 Remote Access
- NIST SP 800-53 CM-6 Configuration Settings