NCCoE Issued a Mobile Device Security Guidance for Corporate-Owned Personally Enabled Devices

The National Cybersecurity Center of Excellence (NCCoE) created a new draft NIST mobile device security guidance to assist companies to minimize the risks presented by corporate-owned personally enabled (COPE) devices.

Mobile devices permit personnel to access data necessary to do their work, irrespective of where those people are situated. Consequently, the devices permit organizations to enhance efficiency and work productivity, however, the devices bring risks to a company.

The devices are usually always connected to the internet and the devices frequently lack the solid security controls that are applied to the devices, for instance, desktop computers. Malicious or unsafe apps could be downloaded to mobile devices by users without the IT department’s knowledge or authorization. Downloading apps can introduce malware and app permissions could lead to the unauthorized access of sensitive data.

Organizations consequently must have total visibility into all mobile devices that personnel use for work activities and they should ensure that security risks to mobile devices are efficiently mitigated. If not, threat actors may exploit vulnerabilities to gain access to sensitive data and network resources.

The purpose of the new guidance known as (NIST) Special Publication 1800-21 is to assist organizations in identifying and addressing risks and improving mobile device security to minimize the probability of unauthorized device access and loss and theft of data.

The guidance consists of how-to guides and a sample solution created in a lab environment utilizing commercially available mobile management tools which enterprises may use to secure their Apple iOS and Android devices and networks while reducing the impact on operational processes.

NIST and technology partners Appthority, Kryptowire, Palo Alto Networks, Lookout, MobileIron, and Qualcomm developed the guidance, which can be downloaded from NCCoE.  Send your comments until September 23, 2019.

Further guidance on mobile device security for Bring Your Own Device (BYOD) is presently in progress.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at