Mobile Device Security
Organizations understand the value that mobile devices can add to their employees’ productivity by providing access to business resources at any time. Not only has this reshaped how traditional in-office tasks are accomplished, but organizations are devising entirely new ways to work. Yet, a compromised mobile device may allow access to sensitive organizational data, or any other data that the user has entrusted to the device. With this in mind, NCCoE's mobile device security efforts are dedicated to helping solve organizations’ most pressing mobile cybersecurity challenges.
Mobile Device Security: Bring Your Own DeviceProvides a clear and repeatable security and privacy-enhanced reference example solution architecture for organizations that allow personally owned mobile devices to access their organizational dataReviewing Comments
Mobile Device Security: Corporate-Owned Personally-EnabledClear and repeatable reference mobile architecture in which strong data confidentiality is implemented using certified technologies.Finalized Guidance
Mobile Device Security: Cloud and Hybrid BuildsProvides clear and repeatable security and privacy-enhanced reference example solution architectures for organizations using either cloud or a hybrid combination of both enterprise and cloud based services for their mobile device deployment architecturesFinalized Guidance
NCCoE Buzz: Mobile Security Edition
The NCCoE Buzz: Mobile Security Edition is a recurring newsletter on timely topics in mobile device cybersecurity and privacy from the NCCoE's Mobile Device Security project team.
Mobile Threat Catalogue
The Mobile Threat Catalogue identifies threats to mobile devices and associated mobile infrastructure to support development and implementation of mobile security capabilities, best practices, and security solutions to better protect enterprise IT. Threats are divided into broad categories, primarily focused upon mobile applications and software, the network stack and associated infrastructure, mobile device and software supply chain, and the greater mobile ecosystem. Each threat identified is catalogued alongside explanatory and vulnerability information where possible, and alongside applicable mitigation strategies.
This is living document and we continue to appreciate your feedback. Please consult NISTIR 8144: Assessing Threats to Mobile Devices & Infrastructure for context and background information.
Upon review, we recognize that these NIST/NCCoE publications contain potentially biased terminology. As new publications are developed, they will follow NIST’s inclusive language guidance.
Learn More About Our Efforts
Mobile devices offer convenience and flexibility for organizations. This video provides an overview of how the NCCoE’s efforts can help organizations improve their mobile device deployments, while taking into consideration their security and privacy needs.
Join the Community of Interest
A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI.
June 24, 2021 NCCoE MDS Learning Series Event Recording
May 27, 2021 NCCoE MDS Learning Series Event Recording
April 21, 2021 MDS Public Webinar Presentation
April 21, 2021 MDS Public Webinar Event Recording