The NIST NCCoE Publishes Guidance to Address Mobile Device Security Concerns with BYOD

The NIST National Cybersecurity Center of Excellence (NCCoE) has published the final version of NIST SP 1800-22 Mobile Device Security: Bring Your Own Device (BYOD). This guidance aims to help organizations address security and privacy concerns with BYOD, the practice of performing work-related activities on personally owned devices. NIST’s NCCoE experts worked closely over the past several years with technology vendors and the broader community to address these concerns. 

Many employers allow employees the flexibility to use their personal mobile devices to support their job duties. BYOD is a policy choice that provides access to organizational resources and introduces security and privacy challenges to employers and device owners. 

This final publication provides an example solution to help organizations address unique cybersecurity and privacy risks using existing standards and commercially-available technologies. It outlines the architecture, as well as how-to guides for the approach. To assist with applying and explaining this guidance, this publication also includes the process a fictional organization used to apply cybersecurity and privacy guidance to meet their mission of using a BYOD implementation within their company. 

This guide builds on the NCCoE’s prior work on mobile security. NIST’s NCCoE looks forward to continuing to address cybersecurity challenges as our environment, work culture, and technology landscape shifts and evolves.