Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)



Gema E. Howell, Kaitlin R. Boeckl, Naomi B. Lefkovitz, Ellen M. Nadeau, Joshua M. Franklin, Behnam Shariati, Jason Ajmo, Christopher J. Brown, Spike E. Dog, Frank Javar, Michael Peck, Kenneth F. Sandlin


Mobile devices provide access to vital workplace resources while giving employees the flexibility to perform their daily activities. Securing these devices is essential to the continuity of business operations. While mobile devices can increase efficiency and productivity, they can also leave sensitive data vulnerable. Mobile device management tools can address such vulnerabilities by helping secure access to networks and resources. These tools are different from those required to secure the typical computer workstation. This practice guide focuses on security enhancements that can be made to corporate-owned personally-enabled (COPE) mobile devices. COPE devices are owned by an enterprise and issued to an employee. Both the enterprise and the employee can install applications onto the device. To address the challenge of securing COPE mobile devices while managing risks, the NCCoE at NIST built a reference architecture to show how various mobile security technologies can be integrated within an enterprise’s network. This NIST Cybersecurity Practice Guide demonstrates how organizations can use standards-based, commercially available products to help meet their mobile device security and privacy needs.
Special Publication (NIST SP) - 1800-21
Report Number


mobile, Corporate-owned personally-enabled, COPE, mobile device management, mobile device security, on-premise, bring your own device, BYOD


Howell, G. , Boeckl, K. , Lefkovitz, N. , Nadeau, E. , Franklin, J. , Shariati, B. , Ajmo, J. , Brown, C. , Dog, S. , Javar, F. , Peck, M. and Sandlin, K. (2020), Mobile Device Security: Corporate-Owned Personally-Enabled (COPE), Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed June 19, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created September 14, 2020, Updated May 4, 2021