Guidelines for Managing the Security of Mobile Devices in the Enterprise

Published: June 21, 2013


Murugiah P. Souppaya, Karen A. Scarfone


Mobile devices, such as smart phones and tablets, typically need to support multiple security objectives: confidentiality, integrity, and availability. To achieve these objectives, mobile devices should be secured against a variety of threats. The purpose of this publication is to help organizations centrally manage the security of mobile devices. Laptops are out of the scope of this publication, as are mobile devices with minimal computing capability, such as basic cell phones. This publication provides recommendations for selecting, implementing, and using centralized management technologies, and it explains the security concerns inherent in mobile device use and provides recommendations for securing mobile devices throughout their life cycles. The scope of this publication includes securing both organization-provided and personally-owned (bring your own device, BYOD) mobile devices. [Supersedes SP 800-124 (October 2008):]
Citation: Special Publication (NIST SP) - 800-124 Rev 1
Report Number:
800-124 Rev 1
Pub Type: NIST Pubs



cell phone security, information security, mobile device security, mobility, remote access, smartphone security, tablet security, telework
Created June 21, 2013, Updated November 10, 2018