Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)



Gema E. Howell, Kaitlin R. Boeckl, Naomi B. Lefkovitz, Ellen M. Nadeau, Joshua M. Franklin, Behnam Shariati, Jason Ajmo, Christopher J. Brown, Spike E. Dog, Frank Javar, Michael Peck, Kenneth F. Sandlin


Mobile devices provide access to vital workplace resources while giving employees the flexibility to perform their daily activities. Securing these devices is essential to the continuity of business operations. While mobile devices can increase efficiency and productivity, they can also leave sensitive data vulnerable. Mobile device management tools can address such vulnerabilities by helping secure access to networks and resources. These tools are different from those required to secure the typical computer workstation. This practice guide focuses on security enhancements that can be made to corporate-owned personally-enabled (COPE) mobile devices. COPE devices are owned by an enterprise and issued to an employee. Both the enterprise and the employee can install applications onto the device. To address the challenge of securing COPE mobile devices while managing risks, the NCCoE at NIST built a reference architecture to show how various mobile security technologies can be integrated within an enterprise’s network. This NIST Cybersecurity Practice Guide demonstrates how organizations can use standards-based, commercially available products to help meet their mobile device security and privacy needs.
Special Publication (NIST SP) - 1800-21
Report Number


mobile, Corporate-owned personally-enabled, COPE, mobile device management, mobile device security, on-premise, bring your own device, BYOD
Created September 14, 2020