Mobile Device Security: Cloud and Hybrid Builds

Mobile devices allow an organization’s users to access information resources wherever they are and whenever they need. This presents both opportunities and challenges.

Cybersecurity guidance demonstrating how commercially available technologies can meet your organization’s needs to help secure sensitive enterprise data accessed by and/or stored on employees’ mobile devices.

This National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide addresses the challenge of securely deploying and managing mobile devices in an enterprise. In many organizations, mobile devices are adopted on an ad hoc basis, possibly without the appropriate policies and infrastructure to manage and secure the enterprise data they process and store. Introducing devices in this fashion increases the attack surface of an enterprise, requiring that additional controls be implemented to reduce the risk of intrusion.
Status: Finalized Guidance

Upon review, we recognize that this NIST/NCCoE publication contains potentially biased terminology. As new publications are developed, they will follow NIST’s inclusive language guidance.

NIST SP 1800-4: Complete Guide (HTML)Web Version NIST SP 1800-4: Complete Guide (HTML)
NIST SP 1800-4: Complete Guide (PDF)Web Version NIST SP 1800-4: Complete Guide (PDF)
NIST SP 1800-4A: Executive SummaryDocument Version NIST SP 1800-4A: Executive Summary
NIST SP 1800-4B: Approach, Architecture, and Security CharacteristicsDocument Version NIST SP 1800-4B: Approach, Architecture, and Security Characteristics

Project Abstract

This document proposes a reference design on how to architect enterprise-class protection for mobile devices accessing corporate resources. The example solutions presented here can be used by any organization implementing an enterprise mobility management solution. This project contains two distinct builds: cloud and hybrid. The cloud build makes use of cloud-based services and solutions, while the hybrid build achieves the same functionality but hosts the data and services within an enterpriseʼs own infrastructure. The example solutions and architectures presented here are based upon standards-based, commercially available products.

Read the project description

As mobile technologies mature, users increasingly want to use mobile devices to access enterprise services, data, and other resources to perform work-related activities.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself

First & Last Name