Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Draft Cybersecurity Practice Guide--Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)
July 22, 2019

The National Cybersecurity Center of Excellence (NCCoE) has released Draft NIST Special Publication (SP) 1800-21, Mobile Device Security: Corporate-Owned Personally-Enabled (COPE), for public comment. The comment period ends September 23, 2019.

What is this guide about?

A growing and now key component for enterprise information sharing is mobile devices, which are often furnished by employees themselves or issued by the organization. These devices provide access to data and resources vital for organizations to accomplish their mission while providing employees with the flexibility to perform their daily activities. As employees use these devices to perform everyday enterprise tasks, organizations are challenged with ensuring that devices securely process, transmit, and store sensitive data.

Mobile devices bring unique threats to the enterprise that need to be addressed in a manner distinct from traditional desktop platforms. This includes securing against different types of network-based attacks on devices that generally have an always-on connection to the internet, malicious or risky apps that compromise the data that devices can access, and phishing attempts that try to collect user credentials or entice a user to install software. Additionally, this guide addresses how to reduce risks to individuals through privacy protections.

NIST’s National Cybersecurity Center of Excellence (NCCoE) and its industry collaborators built an example solution demonstrating how organizations can use a standards-based approach and commercially available technologies to meet their security and privacy needs for using mobile devices to access enterprise resources.

The public comment period for this document closes on September 23, 2019.  Comments will be made public after review and can be submitted anonymously. See the publication details for document files, the project description, and instructions for submitting comments. We will use your feedback to help shape the final version of this guide. 



Related Topics

Security and Privacy: security programs & operations

Technologies: mobile

Applications: enterprise

Created July 23, 2019, Updated June 22, 2020