Mobile Device Security: Corporate-Owned Personally-Enabled

Download the Practice Guide

The NCCoE has released the draft version of NIST Cybersecurity Practice Guide SP 1800-21, Mobile Device Security: Corporate-Owned Personally-Enabled. Use the button below to view this publication in its entirety or scroll down for links to a specific section.

Download PDF »

Current Status

The NCCoE recently released a draft of NIST Cybersecurity Special Publication 1800-21, Mobile Device Security: Corporate-Owned Personally-Enabled (COPE). The public comment period closed on September 23, 2019 and received comments are now being reviewed.

  • SP 1800-21A: Executive Summary (PDF
  • SP 1800-21B: Approach, Architecture, and Security Characteristics (PDF
  • SP 1800-21C: How-To Guides (PDF

You can also download the complete guide (PDF) or read an overview of the project on our fact sheet.

If you have questions or suggestions, please email us at


The rapid pace at which mobile technologies evolve requires regular reevaluation of a mobility program to ensure it is accomplishing its security, privacy, and workplace functionality. Built-in mobile protections may not be enough to fully mitigate the security challenges associated with mobile information systems. Usability, privacy, and regulatory requirements each influence which mobile security technologies and security controls are going to be well-suited to meet the needs of an organization’s mobility program.

The goal of the Mobile Device Security: Corporate-Owned Personally-Enabled (COPE) project is to provide an example solution demonstrating how organizations can use a standards-based approach and commercially available technologies to meet their security needs for using mobile devices to access enterprise resources.

The sample solution details tools for an enterprise mobility management (EMM) capability located on-premises, mobile threat defense (MTD), mobile threat intelligence (MTI), application vetting, secure boot/image authentication, and virtual private network (VPN) services.

This project is the first in a series of builds that will focus on Mobile Device Security for Enterprises. The second build, Mobile Device Security: Bring Your Own Device (BYOD), is in development.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

Appthority logo
Kryptowire logo
Mobile Iron logo
Palo Alto Networks logo