Skip to main content

NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guidelines for Managing the Security of Mobile Devices in the Enterprise

Published

Author(s)

Murugiah P. Souppaya, Karen Scarfone

Abstract

Mobile devices, such as smart phones and tablets, typically need to support multiple security objectives: confidentiality, integrity, and availability. To achieve these objectives, mobile devices should be secured against a variety of threats. The purpose of this publication is to help organizations centrally manage the security of mobile devices. Laptops are out of the scope of this publication, as are mobile devices with minimal computing capability, such as basic cell phones. This publication provides recommendations for selecting, implementing, and using centralized management technologies, and it explains the security concerns inherent in mobile device use and provides recommendations for securing mobile devices throughout their life cycles. The scope of this publication includes securing both organization-provided and personally-owned (bring your own device, BYOD) mobile devices. [Supersedes SP 800-124 (October 2008): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=890048]
Citation
Special Publication (NIST SP) - 800-124 Rev 1
Report Number
800-124 Rev 1

Keywords

cell phone security, information security, mobile device security, mobility, remote access, smartphone security, tablet security, telework

Citation

Souppaya, M. and Scarfone, K. (2013), Guidelines for Managing the Security of Mobile Devices in the Enterprise, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-124r1 (Accessed October 9, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created June 21, 2013, Updated June 9, 2020
Was this page helpful?