Mobile Device Security: Corporate-Owned Personally-Enabled

Download the Practice Guide

The NCCoE has released the final version of NIST Cybersecurity Practice Guide Special Publication (SP) 1800-21, Mobile Device Security: Corporate-Owned Personally-Enabled (COPE). Use the button below to view this publication in its entirety, or scroll down for links to a specific section.

Download PDF » Open Web Version »

The NCCoE recently released the final version of NIST Cybersecurity Special Publication 1800-21, Mobile Device Security: Corporate-Owned Personally-Enabled (COPE).

SP 1800-21A: Executive Summary (PDF)
SP 1800-21B: Approach, Architecture, and Security Characteristics (PDF)
SP 1800-21C: How-To Guides (PDF)

You can also download the complete guide (PDF). The first draft of this publication is available free of charge in the library.

Additionally, you can read our fact sheet for a brief overview of the project. If you have questions or suggestions, please email us at mobile-nccoe@nist.gov.

While mobile devices can increase efficiency and productivity, there is a risk they can also leave sensitive data vulnerable. Mobile device security tools can address such vulnerabilities by helping secure access to networks and resources.

Corporate-Owned Personally-Enabled (COPE) architectures provide the flexibility of allowing both enterprises and employees to install applications onto organization-owned mobile devices. The goal of the Mobile Device Security: Corporate-Owned Personally-Enabled project is to provide an example solution demonstrating how the security and privacy of organization-owned mobile devices can be enhanced.

The example solution details tools for an on-premises located enterprise mobility management (EMM) capability, mobile threat defense (MTD), mobile threat intelligence (MTI), application vetting, secure boot/image authentication, and virtual private network (VPN) services.

The example solution also provides information on the specific products used, the security control(s) the product provides, and a mapping to the relevant NIST SP 800-181, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework Work Roles.

When combined into the practice guide’s example solution, the security tools help improve the security of enterprise-owned mobile devices.

This guide is part of a series of projects that focus on Mobile Device Security for Enterprises. Information on improving the security and privacy of Bring Your Own Device (BYOD) deployments and our other projects can be found at the Mobile Device Security home page.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

_{Certain commercial entities, equipment, products, or materials may be identified by name or company logo or other insignia in order to acknowledge their participation in this collaboration or to describe an experimental procedure or concept adequately. Such identification is not intended to imply special status or relationship with NIST or recommendation or endorsement by NIST or NCCoE; neither is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.}

Join Our Community of Interest

Interested in joining the Mobile Device Security: Corporate-Owned Personally-Enabled Community of Interest? Contact us!

A Community of Interest is a group of professionals and technical advisors convened to support the cybersecurity resiliency of the U.S. economy. Read More.