NIST SPECIAL PUBLICATION 1800 -21 Mobile Device Security Corporate -Owned Personally -Enabled (COPE) Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B); and How -To Guide s (C) Joshua M . Franklin Gema Howell Kaitlin Boeckl Naomi Lefkovitz Ellen Nadeau Dr. Behnam Shariati Jason G. Ajmo Christopher J . Brown Spike E . Dog Frank Javar Michael Peck Kenneth F . Sandlin DRAFT This publication is available free of charge from https://www.nccoe.nist.gov/projects/building -blocks/mobile -device -security/enterprise NIST SPECIAL PUBLICATION 1800 -21 Mobile Device Security Corporate -Owned Personally -Enabled (COPE) Includes Executive Summary (A); Approach, Architecture, an d Security Characteristics (B ); and How -To Guides (C) Joshua M . Franklin* Gema Howell Kaitlin Boeckl Naomi Lefkovitz Ellen Nadeau Applied Cybersecurity Division Information Technology Laboratory Dr. Behnam Shariati University of Maryland, Baltimore County Department of Computer Science and Electrical Engineering Baltimore, Maryland Jason G. Ajmo Christopher J . Brown Spike E . Dog Frank Javar Michael Peck Kenneth F. Sandlin The MITRE Corporation McLean, V irginia *Former employee; all work for this publication was done while at employer. DRAFT July 2019 U.S. Department of Commerce Wilbur Ross , Secretary National Institute of Standards and Technology Walter Copan, NIST Director and Undersecretary of Commerce for Standards and Technology NIST SPECIAL PUBLICATION 1800 -21A Mobile Device Security Corporate -Owned Personally -Enabled (COPE) Volume A : Executive Summary Joshua M . Franklin * Gema Howell Kaitlin Boeckl Naomi Lefkovitz Ellen Nadeau Applied Cybersecurity Division Information Technology Laboratory Dr. Behnam Shariati University of Maryland, Baltimore County Department of Computer Science and Electrical Engineering Baltimore, Maryland Jason G. Ajmo Christopher J . Brown Spike E . Dog Frank Javar Michael Peck Kenneth F . Sandlin The MITRE Corporation McLean, Virginia *Former employee; all work for this publication was done while at employer. July 2019 DRAFT This publication is available free of charge from https://www.nccoe.nist.gov/projects/building -blocks/mobile -device -security/enterprise DRAFT NIST SP 1800 -21A: Mobile Devi ce Security : Corporate -Owned Personally -Enabled 1 Executive Summary 1 ▪ Mobile devices provide a ccess to workplace data and resources that are vital for organization s 2 to accomplish their mission while provid ing employees the flexibility to perform their daily 3 activities. Securing these devices is essential to the continuity of business operations. 4 ▪ While mobile devices can increase organizations’ efficiency and employee productivity , they can 5 also leave sensitive data vulnerable. Addressing such vulnerabilities requires mo bile device 6 management tools to help secure access to the network and resources . These tools are different 7 from those required to secure the typical computer workstation . 8 ▪ To address the challenge of securing mobile devices while managing risks, the Nationa l 9 Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and 10 Technology (NIST) built a laboratory environment to explore how various mobile security 11 technologies can be integrated within an enterprise’s network. 12 ▪ This NIST Cybersecurity Practice Guide demonstrates how organizations can use standards - 13 based, commercially available products to help meet their mobile device security and privacy 14 needs. 15 CHALLENGE 16 Mobile devices are a staple within modern workplaces . As employees use these devices to perform 17 everyday enterprise tasks , organizations are challenged wit