NIST SPECIAL PUBLICATION 1800-21
Mobile Device Security:
Mobile Device Security:¶
Corporate-Owned Personally-Enabled (COPE)
Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B); and How-To Guides (C)
Joshua M. Franklin*
Gema Howell
Kaitlin Boeckl
Naomi Lefkovitz
Ellen Nadeau*
Dr. Behnam Shariati
Jason G. Ajmo
Christopher J. Brown
Spike E. Dog
Frank Javar
Michael Peck
Kenneth F. Sandlin
*Former employee; all work for this publication done while at employer.
Final
This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.1800-21
The first draft of this publication is available free of charge from: https://www.nccoe.nist.gov/projects/building-blocks/mobile-device-security/enterprise
NIST SPECIAL PUBLICATION 1800-21
Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)
Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B); and How-To Guides (C)
Joshua M. Franklin*
Gema Howell
Kaitlin Boeckl
Naomi Lefkovitz
Ellen Nadeau*
Applied Cybersecurity Division
Information Technology Laboratory
Dr. Behnam Shariati
University of Maryland, Baltimore County
Department of Computer Science and Electrical Engineering
Baltimore, Maryland
Jason G. Ajmo
Christopher J. Brown
Spike E. Dog
Frank Javar
Michael Peck
Kenneth F. Sandlin
The MITRE Corporation
McLean, Virginia
*Former employee; all work for this publication done while at employer.
Final
September 2020
U.S. Department of Commerce
Wilbur Ross, Secretary
National Institute of Standards and Technology
Walter G. Copan, Undersecretary of Commerce for Standards and Technology and Director
- 1 Summary
- 2 How to Use This Guide
- 3 Approach
- 3.1 Audience
- 3.2 Scope
- 3.3 Assumptions
- 3.4 Risk Assessment
- 3.4.1 Risk Assessment of the Fictional Organization Orvilia Development
- 3.4.2 Development of Threat Event Descriptions
- 3.4.2.1 Threat Event 1—Unauthorized Access to Sensitive Information via a Malicious or Privacy-Intrusive Application
- 3.4.2.2 Threat Event 2—Theft of Credentials Through a Short Message Service (SMS) or Email Phishing Campaign
- 3.4.2.3 Threat Event 3—Malicious Applications Installed via Uniform Resource Locators (URLs) in SMS or Email Messages
- 3.4.2.4 Threat Event 4—Confidentiality and Integrity Loss Due to Exploitation of Known Vulnerability in the OS or Firmware
- 3.4.2.5 Threat Event 5—Violation of Privacy via Misuse of Device Sensors
- 3.4.2.6 Threat Event 6—Compromise of the Integrity of the Device or Its Network Communications via Installation of Malicious EMM/MDM, Network, VPN Profiles, or Certificates
- 3.4.2.7 Threat Event 7—Loss of Confidentiality of Sensitive Information via Eavesdropping on Unencrypted Device Communications
- 3.4.2.8 Threat Event 8—Compromise of Device Integrity via Observed, Inferred, or Brute-Forced Device Unlock Code
- 3.4.2.9 Threat Event 9—Unauthorized Access to Backend Services via Authentication or Credential Storage Vulnerabilities in Internally Developed Applications
- 3.4.2.10 Threat Event 10—Unauthorized Access of Enterprise Resources from an Unmanaged and Potentially Compromised Device
- 3.4.2.11 Threat Event 11—Loss of Organizational Data Due to a Lost or Stolen Device
- 3.4.2.12 Threat Event 12—Loss of Confidentiality of Organizational Data Due to Its Unauthorized Storage in Non-Organizationally Managed Services
- 3.4.3 Identification of Vulnerabilities and Predisposing Conditions
- 3.4.4 Summary of Risk Assessment Findings
- 3.4.5 Privacy Risk Assessment
- 3.5 Solution Goals
- 3.6 Technologies
- 4 Architecture
- 5 Security Characteristic Analysis
- 5.1 Analysis Assumptions and Limitations
- 5.2 Build Testing
- 5.2.1 Threat Event 1 —Unauthorized Access to Sensitive Information via a Malicious or Privacy-Intrusive Application
- 5.2.2 Threat Event 2 —Theft of Credentials Through an SMS or Email Phishing Campaign
- 5.2.3 Threat Event 3—Malicious Applications Installed via URLs in SMS or Email Messages
- 5.2.4 Threat Event 4 —Confidentiality and Integrity Loss due to Exploitation of Known Vulnerability in the OS or Firmware
- 5.2.5 Threat Event 5 —Violation of Privacy via Misuse of Device Sensors
- 5.2.6 Threat Event 6—Compromise of the Integrity of the Device or Its Network Communications via Installation of Malicious EMM/MDM, Network, VPN Profiles, or Certificates
- 5.2.7 Threat Event 7—Loss of Confidentiality of Sensitive Information via Eavesdropping on Unencrypted Device Communications
- 5.2.8 Threat Event 8—Compromise of Device Integrity via Observed, Inferred, or Brute-Forced device Unlock Code
- 5.2.9 Threat Event 9—Unauthorized Access to Backend Services via Authentication or Credential Storage Vulnerabilities in Internally Developed Applications
- 5.2.10 Threat Event 10 —Unauthorized Access of Enterprise Resources from an Unmanaged and Potentially Compromised Device
- 5.2.11 Threat Event 11—Loss of Organizational Data Due to a Lost or Stolen Device
- 5.2.12 Threat Event 12—Loss of Confidentiality of Organizational Data Due to Its Unauthorized Storage in Non-Organizationally Managed Services
- 5.3 Scenarios and Findings
- 6 Conclusion
- 7 Future Build Considerations
- Appendix A List of Acronyms
- Appendix B Glossary
- Appendix C References
- Appendix D Standards and Guidance
- Appendix E Android, Apple, and Samsung Knox Mobile Enrollment
- Appendix F Risk Assessment
- F.1 Risk Assessment
- F.1.1 Task 1-1: Risk Assessment Purpose
- F.1.2 Task 1-2: Risk Assessment Scope
- F.1.3 Task 1-3: Risk Assessment Assumptions and Constraints
- F.1.4 Task 1-4: Risk Assessment Threat, Vulnerability, and Impact Sources
- F.1.5 Task 1-5: Risk Assessment Risk Model and Analytic Approach Identification
- F.1.6 Task 2-1: Identify and Characterize Threat Sources of Concern
- F.1.7 Task 2-2: Identify Potential Threat Events
- F.1.7.1 Threat Event 1—Unauthorized Access to Sensitive Information via a Malicious or Privacy-Intrusive Application
- F.1.7.2 Threat Event 2—Theft of Credentials Through an SMS or Email Phishing Campaign
- F.1.7.3 Threat Event 3—Malicious Applications Installed via URLs in SMS or Email Messages
- F.1.7.4 Threat Event 4—Confidentiality and Integrity Loss Due to Exploitation of Known Vulnerability in the OS or Firmware
- F.1.7.5 Threat Event 5—Violation of Privacy via Misuse of Device Sensors
- F.1.7.6 Threat Event 6—Compromise of the Integrity of the Device or Its Network Communications via Installation of Malicious EMM/MDM, Network, VPN Profiles, or Certificates
- F.1.7.7 Threat Event 7—Loss of Confidentiality of Sensitive Information via Eavesdropping on Unencrypted Device Communications
- F.1.7.8 Threat Event 8—Compromise of Device Integrity via Observed, Inferred, or Brute-Forced Device Unlock Code
- F.1.7.9 Threat Event 9—Unauthorized Access to Backend Services via Authentication or Credential Storage Vulnerabilities in Internally Developed Applications
- F.1.7.10 Threat Event 10—Unauthorized Access of Enterprise Resources from an Unmanaged and Potentially Compromised Device
- F.1.7.11 Threat Event 11—Loss of Organizational Data Due to a Lost or Stolen Device
- F.1.7.12 Threat Event 12—Loss of Confidentiality of Organizational Data Due to Its Unauthorized Storage to Non-Organizationally Managed Services
- F.1.8 Task 2-3: Identify Vulnerabilities and Predisposing Conditions
- F.1.9 Task 2-4: Determine Likelihood of a Threat and the Likelihood of the Threat Having Adverse Impacts
- F.1.10 Task 2-5: Determine the Extent of Adverse Impacts
- F.1.11 Task 2-6: Determine Risk to Organization
- F.1 Risk Assessment
- Appendix G Privacy Risk Assessment
- Appendix H Threat Event Test Information
- H.1 Threat Event 1—Unauthorized Access to Sensitive Information via a Malicious or Privacy-Intrusive Application
- H.2 Threat Event 2—Theft of Credentials Through a Short Message Service (SMS) or Email Phishing Campaign
- H.3 Threat Event 3—Malicious Applications Installed via URLs in SMS or Email Messages
- H.4 Threat Event 4—Confidentiality and Integrity Loss due to Exploitation of Known Vulnerability in the Operating System or Firmware
- H.5 Threat Event 5—Violation of Privacy via Misuse of Device Sensors
- H.6 Threat Event 6—Compromise of the Integrity of the Device or Its Network Communications via Installation of Malicious EMM/Mobile Device Management, Network, Virtual Private Network (VPN) Profiles, or Certificates
- H.7 Threat Event 7—Loss of Confidentiality of Sensitive Information via Eavesdropping on Unencrypted Device Communications
- H.8 Threat Event 8—Compromise of Device Integrity via Observed, Inferred, or Brute-Forced Device Unlock Code
- H.9 Threat Event 9—Unauthorized Access to Backend Services via Authentication or Credential Storage Vulnerabilities in Internally Developed Applications
- H.10 Threat Event 10—Unauthorized Access of Enterprise Resources from an Unmanaged and Potentially Compromised Device
- H.11 Threat Event 11—Loss of Organizational Data Due to a Lost or Stolen Device
- H.12 Threat Event 12—Loss of Confidentiality of Organizational Data Due to Its Unauthorized Storage in Non-Organizationally Managed Services
- Appendix I Example Security Control Map
- 1 Introduction
- 2 Product Installation Guides
- 2.1 Appthority Mobile Threat Detection
- 2.2 Kryptowire EMM+S
- 2.3 Lookout Mobile Endpoint Security
- 2.4 MobileIron Core
- 2.5 Integration of Palo Alto Networks GlobalProtect with MobileIron
- 2.5.1 MobileIron Configuration
- 2.5.2 Basic Palo Alto Networks Configuration
- 2.5.3 Palo Alto Networks Interfaces and Zones Configuration
- 2.5.4 Configure Router
- 2.5.5 Configure Tunnel Interface
- 2.5.6 Configure Applications and Security Policies
- 2.5.7 Network Address Translation
- 2.5.8 Configure SSL VPN
- 2.5.9 Import Certificates
- 2.5.10 Configure Certificate Profile
- 2.5.11 Configure SSL/TLS Service Profile
- 2.5.12 URL Filtering Configuration
- 2.5.13 GlobalProtect Gateway and Portal Configuration
- 2.5.14 Configure Automatic Threat and Application Updates
- 2.6 Integration of Kryptowire EMM+S with MobileIron
- 2.7 Integration of Lookout Mobile Endpoint Security with MobileIron
- 2.7.1 Add MobileIron API Account for Lookout
- 2.7.2 Add MobileIron Labels for Lookout
- 2.7.3 Add Lookout for Work for Android to MobileIron App Catalog
- 2.7.4 Apply Labels to Lookout for Work for Android
- 2.7.5 Add Lookout for Work app for iOS to MobileIron App Catalog
- 2.7.6 Add MDM Connector for MobileIron to Lookout MES
- 2.7.7 Configure MobileIron Risk Response
- 2.8 Integration of Appthority Mobile Threat Detection with MobileIron
- 2.9 Registering Devices with MobileIron Core
- Appendix A List of Acronyms
- Appendix B Glossary
- Appendix C References