Mobile Device Security: Bring Your Own Device

Current Status

This project is currently in the build phase. We have selected several technology collaborators who have signed a Cooperative Research and Development Agreement (CRADA, see an example) with NIST.

If you are interested in helping shape this and future NCCOE mobile security projects, please consider joining the Mobile Device Security Community of Interest by emailing the project team at mobile-nccoe@nist.gov.

Summary

The rapid pace at which mobile technologies evolve requires regular reevaluation of a mobility program to ensure it is accomplishing its security, privacy, and workplace functionality. Built-in mobile protections may not be enough to fully mitigate the security challenges associated with mobile information systems. Usability, privacy, and regulatory requirements each influence which mobile security technologies and security controls are going to be well-suited to meet the needs of an organization’s mobility program.

The goal of the Mobile Device Security: Bring Your Own Device (BYOD) project is to provide an example solution demonstrating how organizations can use a standards-based approach and commercially available technologies to meet their security needs for using mobile devices to access enterprise resources.

The draft publication will feature a BYOD architecture and guidance intended for executives, security managers, engineers, administrators and others who are responsible for acquiring, implementing, and maintaining mobile enterprise technology, including centralized device management, secure device/app security contexts, application vetting, and endpoint protection systems.

This project is the second in a series of builds that will focus on Mobile Device Security for Enterprises. A draft for the first build, Mobile Device Security: Corporate-Owned Personally-Enabled (COPE), was recently published.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

IBM logo
Kryptowire logo
Palo Alto Networks logo
ZIMPERIUM
Certain commercial entities, equipment, products, or materials may be identified by name or company logo or other insignia in order to acknowledge their participation in this collaboration or to describe an experimental procedure or concept adequately. Such identification is not intended to imply special status or relationship with NIST or recommendation or endorsement by NIST or NCCoE; neither is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.

Join Our Community of Interest

Interested in joining the Mobile Device Security: Bring Your Own Device Community of Interest? Contact us!

A Community of Interest is a group of professionals and technical advisors convened to support the cybersecurity resiliency of the U.S. economy. Read More.