Mobile Device Security: Corporate-Owned Personally-Enabled

Download the Practice Guide

The NCCoE has released the final version of NIST Cybersecurity Practice Guide Special Publication (SP) 1800-21, Mobile Device Security: Corporate-Owned Personally-Enabled (COPE). Use the button below to view this publication in its entirety, or scroll down for links to a specific section.

Download PDF »

Current Status

The NCCoE recently released the final version of NIST Cybersecurity Special Publication 1800-21, Mobile Device Security: Corporate-Owned Personally-Enabled (COPE).

  • SP 1800-21A: Executive Summary (PDF
  • SP 1800-21B: Approach, Architecture, and Security Characteristics (PDF
  • SP 1800-21C: How-To Guides (PDF

You can also download the complete guide (PDF)

Additionally, you can read our fact sheet for a brief overview of the project.

If you have questions or suggestions, please email us at mobile-nccoe@nist.gov.

Summary

While mobile devices can increase efficiency and productivity, there is a risk they can also leave sensitive data vulnerable. Mobile device security tools can address such vulnerabilities by helping secure access to networks and resources.

Corporate-Owned Personally-Enabled (COPE) architectures provide the flexibility of allowing both enterprises and employees to install applications onto organization-owned mobile devices. The goal of the Mobile Device Security: Corporate-Owned Personally-Enabled project is to provide an example solution demonstrating how the security and privacy of organization-owned mobile devices can be enhanced.

The example solution details tools for an on-premises located enterprise mobility management (EMM) capability, mobile threat defense (MTD), mobile threat intelligence (MTI), application vetting, secure boot/image authentication, and virtual private network (VPN) services.

The example solution also provides information on the specific products used, the security control(s) the product provides, and a mapping to the relevant NIST SP 800-181, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework Work Roles.

When combined into the practice guide’s example solution, the security tools help improve the security of enterprise-owned mobile devices.

This guide is part of a series of projects that focus on Mobile Device Security for Enterprises. Information on improving the security and privacy of Bring Your Own Device (BYOD) deployments and our other projects can be found at the Mobile Device Security home page.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

Appthority logo
Kryptowire logo
Mobile Iron logo
Palo Alto Networks logo