Final Publication of SP 1800-22 Bring Your Own Device (BYOD)


Our personal mobile devices have fundamentally impacted the way we live, work, stay entertained, and connect with each other…and it’s increasingly common to use our devices for work and during work travel. 

Using our personal mobile devices for work-related activities provides employees with the flexibility to use their phones and tablets to work anytime, anywhere—across the globe. Ensuring that an organization’s data is protected when it is accessed from personal devices, while also protecting the privacy needs of employees, poses unique security and privacy challenges and threats. 

The NIST National Cybersecurity Center of Excellence (NCCoE) has embraced this challenge. Over the past few years, our experts have worked closely with technology vendors and the broader community to address the risks and rewards that come along with ‘bring your own device’ or BYOD workplace policies.

The NCCoE’s practice guide provides an example solution to help organizations address unique cybersecurity and privacy risks, using existing standards and commercially available technologies. To assist with applying and explaining this guidance, this practice guide also includes the process a fictional organization used to apply cybersecurity and privacy guidance to meet their mission of using a BYOD implementation within their company. 

We look forward to further exploring the world of BYOD as our cybersecurity environment, work culture, and technology landscape shifts and evolves.

Read Publication