U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST SP 1800-21 (Initial Public Draft)

Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)

Date Published: July 2019
Comments Due: September 23, 2019 (public comment period is CLOSED)
Email Questions to: mobile-nccoe@nist.gov

Author(s)

Joshua Franklin (NIST), Gema Howell (NIST), Kaitlin Boeckl (NIST), Naomi Lefkovitz (NIST), Ellen Nadeau (NIST), Behnam Shariati (University of Maryland Baltimore County), Jason Ajmo (MITRE), Christopher Brown (MITRE), Spike Dog (MITRE), Frank Javar (MITRE), Michael Peck (MITRE), Kenneth Sandlin (MITRE)

Announcement

A growing and now key component for enterprise information sharing is mobile devices, which are often furnished by employees themselves or issued by the organization. These devices provide access to data and resources vital for organizations to accomplish their mission while providing employees with the flexibility to perform their daily activities. As employees use these devices to perform everyday enterprise tasks, organizations are challenged with ensuring that devices securely process, transmit, and store sensitive data.

Mobile devices bring unique threats to the enterprise that need to be addressed in a manner distinct from traditional desktop platforms. This includes securing against different types of network-based attacks on devices that generally have an always-on connection to the internet, malicious or risky apps that compromise the data that devices can access, and phishing attempts that try to collect user credentials or entice a user to install software. Additionally, this guide addresses how to reduce risks to individuals through privacy protections.

NIST’s National Cybersecurity Center of Excellence (NCCoE) and its industry collaborators built an example solution demonstrating how organizations can use a standards-based approach and commercially available technologies to meet their security and privacy needs for using mobile devices to access enterprise resources.

Abstract

Keywords

bring your own device; BYOD; corporate-owned personally-enabled; COPE; mobile device management; mobile device security; on-premise
Control Families

None selected

Documentation

Publication:
Draft 1800-21

Supplemental Material:
Project homepage

Document History:
07/22/19: SP 1800-21 (Draft)
09/15/20: SP 1800-21 (Final)

Topics

Security and Privacy

general security & privacy, security programs & operations

Technologies

mobile

Applications

enterprise