Mobile Device Security: Bring Your Own Device

Download the Practice Guide

The NCCoE has released a draft of NIST Cybersecurity Practice Guide Special Publication (SP) 1800-22, Mobile Device Security: Bring Your Own Device (BYOD). Use the button below to view this publication in its entirety, or scroll down for links to a specific section.

Download PDF »

The NCCoE released the draft version of 1800-22, Mobile Device Security: Bring Your Own Device (BYOD) on March 18, 2021. The public is encouraged to review the draft and provide feedback for possible incorporation into the project description before the public comment period closes on May 3, 2021.

For ease of use, the guide is available in volumes:

SP 1800-22A: Executive Summary (PDF)
SP 1800-22B: Approach, Architecture, and Security Characteristics (PDF)
SP 1800-22: Supplement: Example Scenario: Putting Guidance into Practice (PDF)
SP 1800-22C: How-To Guides (PDF)

You can also download the complete guide (PDF)

Additionally, you can read our fact sheets for a brief overview of different aspects of the project:

If you have questions or suggestions, please email us at mobile-nccoe@nist.gov.

Many organizations now support their employees’ use of personal mobile devices to perform work-related activities. This increasingly common practice, known as BYOD, provides employees with increased flexibility to access organizational information resources. Helping ensure that an organization’s data is protected when it is accessed from personal devices poses unique challenges and threats.

The goal of the Mobile Device Security: Bring Your Own Device project is to provide an example solution that helps organizations use both a standards-based approach and commercially available technologies to help meet their security and privacy needs when permitting personally-owned mobile devices to access enterprise resources.

This guide is part of a series of projects that focus on Mobile Device Security for Enterprises. Information on our other projects can be found on the Mobile Device Security web page.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

_{Certain commercial entities, equipment, products, or materials may be identified by name or company logo or other insignia in order to acknowledge their participation in this collaboration or to describe an experimental procedure or concept adequately. Such identification is not intended to imply special status or relationship with NIST or recommendation or endorsement by NIST or NCCoE; neither is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.}

Join Our Community of Interest

Interested in joining the Mobile Device Security: Bring Your Own Device Community of Interest? Contact us!

A Community of Interest is a group of professionals and technical advisors convened to support the cybersecurity resiliency of the U.S. economy. Read More.