U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

NISTIR 8144 (Draft)

Assessing Threats to Mobile Devices & Infrastructure: the Mobile Threat Catalogue

Date Published: September 2016
Comments Due: October 12, 2016 (public comment period is CLOSED)
Email Questions to: nistir8144@nist.gov


Joshua Franklin (NIST), Christopher Brown (MITRE), Spike Dog (MITRE), Neil McNab (MITRE), Sharon Voss-Northrop (MITRE), Michael Peck (MITRE), Bart Stidham (STS Mobile)


The Mobile Threat Catalogue outlines a catalogue of threats to mobile devices and associated mobile infrastructure to support development and implementation of mobile security capabilities, best practices, and security solutions to better protect enterprise information technology (IT). Threats are divided into broad categories, primarily focused upon mobile applications and software, the network stack and associated infrastructure, mobile device and software supply chain, and the greater mobile ecosystem. Each threat identified is catalogued alongside explanatory and vulnerability information where possible, and alongside applicable mitigation strategies.

Draft NISTIR 8144 provides background information on mobile information systems and their attack surface is provided to assist readers in understanding threats contained within the Mobile Threat Catalogue (see link below). The NISTIR also outlines the structure of the Mobile Threat Catalogue.

Mobile security engineers and architects can leverage these documents to inform risk assessments, build threat models, enumerate the attack surface of their mobile infrastructure, and identify mitigations for their mobile deployments.



mobile; mobile device; mobile security; mobile device management; mobility management; telecommunications  ; ; enterprise mobility; cellular security
Control Families

System and Communications Protection


Draft NISTIR 8144

Supplemental Material:
Mobile Threat Catalogue (GitHub) (other)
Press Release (other)

Related NIST Publications:
SP 1800-12 (Draft)
SP 1800-12 (Draft)

Document History:
09/12/16: NISTIR 8144 (Draft)


Security and Privacy
risk assessment; threats; vulnerability management


communications & wireless