Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guidelines for Managing the Security of Mobile Devices in the Enterprise



Murugiah P. Souppaya, Karen Scarfone


Mobile devices, such as smart phones and tablets, typically need to support multiple security objectives: confidentiality, integrity, and availability. To achieve these objectives, mobile devices should be secured against a variety of threats. The purpose of this publication is to help organizations centrally manage the security of mobile devices. Laptops are out of the scope of this publication, as are mobile devices with minimal computing capability, such as basic cell phones. This publication provides recommendations for selecting, implementing, and using centralized management technologies, and it explains the security concerns inherent in mobile device use and provides recommendations for securing mobile devices throughout their life cycles. The scope of this publication includes securing both organization-provided and personally-owned (bring your own device, BYOD) mobile devices. [Supersedes SP 800-124 (October 2008):]
Special Publication (NIST SP) - 800-124 Rev 1
Report Number
800-124 Rev 1


cell phone security, information security, mobile device security, mobility, remote access, smartphone security, tablet security, telework


Souppaya, M. and Scarfone, K. (2013), Guidelines for Managing the Security of Mobile Devices in the Enterprise, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed June 19, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created June 21, 2013, Updated June 9, 2020