Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-124 Rev. 2 (Initial Public Draft)

Guidelines for Managing the Security of Mobile Devices in the Enterprise

Date Published: March 2020
Comments Due: June 26, 2020 (public comment period is CLOSED)
Email Questions to:


Joshua Franklin (NIST), Gema Howell (NIST), Vincent Sritapan (DHS), Murugiah Souppaya (NIST), Karen Scarfone (Scarfone Cybersecurity)


Today mobile devices are ubiquitous, and they are often used to access enterprise networks and systems to process sensitive data. This draft guideline assists organizations in managing and securing mobile devices against the ever-evolving threats. To address these threats, this publication describes technologies and strategies that can be used as countermeasures and mitigations. Draft SP 800-124 Rev. 2 also provides recommendations for secure deployment, use, and disposal of mobile devices throughout the mobile device life-cycle. The scope of this publication includes mobile devices, centralized device management, and endpoint protection technologies, while including both organization-provided and personally-owned (bring your own device) deployment scenarios. 

NOTE: A call for patent claims is included on page iv of this draft.  For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.



enterprise mobility management (EMM); mobile; mobile device management (MDM); mobile security; smartphones; tablets
Control Families

System and Services Acquisition