Mobile Device Security: Bring Your Own Device

Download the Practice Guide

The NCCoE has released a draft of NIST Cybersecurity Practice Guide Special Publication (SP) 1800-22, Mobile Device Security: Bring Your Own Device (BYOD). Use the button below to view this publication in its entirety, or scroll down for links to a specific section.

Download PDF »

Current Status

The NCCoE released the draft version of 1800-22, Mobile Device Security: Bring Your Own Device (BYOD) on March 18, 2021. The project team is currently reviewing feedback provided during the public comment period. 

For ease of use, the guide is available in volumes:

  • SP 1800-22A: Executive Summary (PDF
  • SP 1800-22B: Approach, Architecture, and Security Characteristics (PDF
  • SP 1800-22: Supplement: Example Scenario: Putting Guidance into Practice (PDF)
  • SP 1800-22C: How-To Guides (PDF

You can also download the complete guide (PDF)

Additionally, you can read our fact sheets for a brief overview of different aspects of the project:

If you have questions or suggestions, please email us at


Many organizations now support their employees’ use of personal mobile devices to perform work-related activities. This increasingly common practice, known as BYOD, provides employees with increased flexibility to access organizational information resources. Helping ensure that an organization’s data is protected when it is accessed from personal devices poses unique challenges and threats.

The goal of the Mobile Device Security: Bring Your Own Device project is to provide an example solution that helps organizations use both a standards-based approach and commercially available technologies to help meet their security and privacy needs when permitting personally-owned mobile devices to access enterprise resources.

This guide is part of a series of projects that focus on Mobile Device Security for Enterprises. Information on our other projects can be found on the Mobile Device Security web page.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

IBM logo
Kryptowire logo