Home Mobile

Below are the M3AAWG published materials related to our work on preventing and mitigating malware. There is also a Mobile video playlist on our YouTube channel at www.youtube.com/maawg and there are a few selected videos on our website in the Training Videos and Keynotes Videos sections under the Meetings menu tab.

Best Practices

PDF
March 31, 2017

M3AAWG Password Managers Usage Recommendations

Most users struggle to manage a large number of usernames and passwords.  While password managers have both proponents and detractors, these recommendations reflect the general consensus of the industry.

PDF
February 28, 2017

M3AAWG Password Recommendations for Account Providers

Passwords are used virtually everywhere.  This document provides password requirement recommendations for ISPs and other providers and briefly describes the risk model of using passwords to provide authorized or secure access to resources. It aims to improve end-user security by encouraging strong passwords.

PDF
June 08, 2015

Operation Safety-Net: Best Practices to Address Online, Mobile, and Telephony Threats

Written in plain language by M3AAWG and the London Action Plan (LAP), Operation Safety-Net outlines the current and emerging threats faced by consumers, businesses and governments with recommended best practices to address these threats. For a brief overview of the document, see the brochure explaining the global depth and breadth of these best practices in the Supporting Documents section from the For the Industry menu tab.

PDF
August 23, 2012

M3AAWG Network Address Translation Best Practices: The Implications of Large Scale NAT for Security Logging

Provides guidance for system operators, network designers, security professionals and Internet Service Providers about potential issues associated with Large Scale Network Address Translation systems. 

HTML
July 01, 2009

M3AAWG Common Best Practices for Mitigating Large Scale Bot Infections in Residential Networks

Note:  This M3AAWG best practices paper has been replaced by RFC 6561 Remediation of Bots in ISP Networks, March 2012 from the IETF.

Public Policy Comments

November 12, 2011

MAAWG Comments on Models to Advance Voluntary Corporate Notification to Consumers Regarding the Illicit Use of Computer Equipment by Botnets and Related Malware

Submitted to NIST in November 2011- Responding to a Request for Information from the U.S. Department of Commerce (DoC) and U.S. Department of Homeland Security (DHS), the comments are also available on the NIST site.

September 12, 2011

MAAWG Comments on National Initiative for Cybersecurity Education (NICE) Draft Strategic Plan

MAAWG submitted comments in September 2011
The comments were submitted to the National Institute of Standards and Technologyon its draft NICE plan.

September 06, 2011

MAAWG Comments to UK House of Commons Inquiry into Malware and Cyber-crime

MAAWG submitted a response in September 2011 to the Science and Technology Committee, UK House of Commons
The committee's inquiry covered a variety of questions related to malware and cyber-crime.

November 13, 2010

MAAWG Response to U.S. Department of Commerce’s Internet Policy Task Force on the Global Free Flow of Information on the Internet

MAAWG comments were submitted November 2010 in response to the DoC request.
The U.S. Department of Commerce’s Internet Policy Task Force requested comments on government policies that restrict Internet information flow, seeking to understand why these restrictions have been instituted; what, if any, impact they have, and how to address negative impacts. The DoC will publish a report contributing to the Administration’s domestic policy and international engagement on these issues.

October 27, 2010

MAAWG Comments on ICANN Study on the Prevalence of Domain Names Registered Using a Privacy or Proxy Registration Service

MAAWG comments were submitted October 2010 based on the ICANN request.
ICANN conducted an exploratory study in 2009 to assess an approximate percentage of domain names (through a statistical sampling plan) contained in the top 5 gTLD registries that used privacy or proxy registration services. The study indicated that at least 18% (and probably not much more than 20%) of the domain names contained in the top 5 gTLD registries used privacy or proxy registration services.

Pages

DM3Z Blog

News

Subscribe to Subscribe to News Releases