NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Mobile Device Security: Corporate-Owned Personally-Enabled (COPE)

Published

Author(s)

Gema E. Howell, Kaitlin R. Boeckl, Naomi B. Lefkovitz, Ellen M. Nadeau, Joshua M. Franklin, Behnam Shariati, Jason Ajmo, Christopher J. Brown, Spike E. Dog, Frank Javar, Michael Peck, Kenneth F. Sandlin

Abstract

Mobile devices provide access to vital workplace resources while giving employees the flexibility to perform their daily activities. Securing these devices is essential to the continuity of business operations. While mobile devices can increase efficiency and productivity, they can also leave sensitive data vulnerable. Mobile device management tools can address such vulnerabilities by helping secure access to networks and resources. These tools are different from those required to secure the typical computer workstation. This practice guide focuses on security enhancements that can be made to corporate-owned personally-enabled (COPE) mobile devices. COPE devices are owned by an enterprise and issued to an employee. Both the enterprise and the employee can install applications onto the device. To address the challenge of securing COPE mobile devices while managing risks, the NCCoE at NIST built a reference architecture to show how various mobile security technologies can be integrated within an enterprise’s network. This NIST Cybersecurity Practice Guide demonstrates how organizations can use standards-based, commercially available products to help meet their mobile device security and privacy needs.
Citation
Special Publication (NIST SP) - 1800-21
Report Number
1800-21
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

DOI Link

Keywords

mobile, Corporate-owned personally-enabled, COPE, mobile device management, mobile device security, on-premise, bring your own device, BYOD
Risk management, Cybersecurity and privacy and Mobile

Citation

Howell, G. , Boeckl, K. , Lefkovitz, N. , Nadeau, E. , Franklin, J. , Shariati, B. , Ajmo, J. , Brown, C. , Dog, S. , Javar, F. , Peck, M. and Sandlin, K. (2020), Mobile Device Security: Corporate-Owned Personally-Enabled (COPE), Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.1800-21 (Accessed October 27, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created September 14, 2020, Updated August 29, 2025
Was this page helpful?