WavebreakMediaMicro - Fotolia

Should IT consider NIAP-certified products for MDM?

The average organization may not require military-grade security for its endpoint management platform, but IT pros should take note of which products meet that standard.

As cyberattacks grow more sophisticated and privacy regulations increase, organizations must work harder than ever to ensure their data remains protected.

The National Information Assurance Partnership oversees the evaluation of commercial IT products for national security systems. Enterprise organizations, especially those that prioritize security in industries such as finance and healthcare, should consider NIAP-certified products and management platforms due to their advanced security features.

What standards do NIAP certified products have to meet?

The NIAP is responsible for the implementation of the Common Criteria Evaluation and Validation Scheme for IT Security (CCEVS) standard -- also known as International Organization for Standards 15408 -- which defines the criteria on which security evaluations are based.

As part of its program, the NIAP develops protection profiles, evaluation methodologies and policies for setting requirements that are achievable, repeatable and testable. Products that the NIAP certifies with the CCEVS standard appear on the program's Product Compliant List (PCL).

Products on the PCL are categorized by NIAP-defined protection profiles that provide context on how they are used in a government or enterprise setting. NIAP-compliant products must meet the demands of a specific protection profile to be included on the list. For example, the Protection Profile for Mobile Device Management Version 4.0 (PP_MDM_v4.0) covers mobile device management software that "provides administration of the mobile device policies and reporting on mobile device behavior."

NIAP-certified products for mobile device management

Samsung SDS enterprise mobility management (EMM) became the first product certified as compliant with PP_MDM_v4.0. The certification means the product meets U.S. federal government requirements for handling sensitive data in secure, classified and tactical environments.

NIAP-certified products provide customers with a level of security comparable to that required by the U.S. government.

Samsung SDS EMM is an enterprise-focused platform to centrally manage Android, Tizen, iOS and Windows 10 devices. NIAP-certified products provide customers with a level of security comparable to that required by the U.S. government. As a result, administrators can feel confident that the EMM platform they're using to manage mobile devices will deliver a high level of security.

More recently, the NIAP certified VMware Workspace One's unified endpoint management capabilities as compliant with PP_MDM_v4.0, making it the second product to achieve this distinction. Workspace One provides endpoint management capabilities across a variety of platforms and is one of the top UEM platforms on the market.

The NIAP certifications demonstrate that VMware and Samsung clearly understand the important role security plays in choosing a device management platform.

Dig Deeper on Mobile security

Unified Communications