U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 1800-22 (Draft)

Mobile Device Security: Bring Your Own Device (BYOD)

Date Published: March 2021
Comments Due: May 17, 2021 (public comment period is CLOSED)
Email Questions to: mobile-nccoe@nist.gov

Planning Note (4/19/2021): The due date for comments has been extended from May 3 to May 17.

Author(s)

Kaitlin Boeckl (NIST), Nakia Grayson (NIST), Gema Howell (NIST), Naomi Lefkovitz (NIST), Jason Ajmo (MITRE), Milissa McGinnis (MITRE), Kenneth Sandlin (MITRE), Oksana Slivina (MITRE), Julie Snyder (MITRE), Paul Ward (MITRE)

Announcement

Many organizations now support their employees' use of personal mobile devices to remotely perform work-related activities. This increasingly common practice, known as BYOD (Bring Your Own Device), provides employees with increased flexibility to telework and access organizational information resources. Helping ensure that an organization's data is protected when it is accessed from personal devices, while ensuring employee privacy poses unique challenges and threats.

The goal of the Mobile Device Security: Bring Your Own Device practice guide is to provide an example solution that helps organizations use both a standards-based approach and commercially available technologies to help meet their security and privacy needs when permitting personally-owned mobile devices to access enterprise resources. 

We look forward to receiving your comments and any feedback on the following questions will be very helpful:

  • Does the guide meet your needs?
  • Can you put this solution to practice? 
  • Are specific sections more/less helpful?

 

NOTE: A call for patent claims is included on page v of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

bring your own device; BYOD; mobile device management; mobile device security
Control Families

None selected

Documentation

Publication:
Draft SP 1800-22
Submit comments

Supplemental Material:
Submit comments (web)
Project homepage (web)

Document History:
03/18/21: SP 1800-22 (Draft)

Topics

Security and Privacy
privacy engineering; risk assessment; systems security engineering

Technologies
mobile

Applications
enterprise; telework