NIST SP 800-124 Rev 2 · Mobile Device Security · Evidence & Implementation Kit
Secure your enterprise mobile estate to the NIST standard, without turning a federal publication into a control set yourself.
Every element of NIST SP 800-124r2, from the mobile deployment life cycle and enterprise mobility management through device integrity, on-device data protection and remote wipe, handed to you as an adopt-ready control with the evidence an assessor examines.
Mobile-ready in a weekend, not a quarter.
Here is the honest situation. Phones and tablets now hold the same data as laptops, but the threats are different: lost devices, sideloaded apps, unmanaged BYOD and network attacks. NIST SP 800-124r2 is the definitive federal guidance for managing that risk with an enterprise mobility management capability, device integrity, containerization and a full deployment life cycle. It is a dense publication, and turning it into policy, controls and evidence, especially across the BYOD, COPE and fully-managed models, is weeks of work.
This Kit removes that translation. It is every element of 800-124r2 written as an adopt-ready control you personalize in a weekend, with the evidence an assessor examines.
What you get, the moment you buy
32
Guidance as adopt-ready controls. Every element of 800-124r2, from the deployment life cycle and EMM through device integrity, data protection, app vetting and network defense, written so you personalize and apply it. The deployment-model tradeoffs are built in.
32
Evidence-they-examine checklists. For each control, exactly what an assessor examines, plus the finding they most often raise, so you close it before the review.
1
Mobile Security Control Matrix, pre-built. Every control in a working spreadsheet, ready to record in-place status and evidence location across your mobile estate.
1
Gap & Readiness Assessment. Score each control and the workbook returns your readiness as a single percentage, and exactly what to fix next.
Grounded in NIST SP 800-124 Revision 2, with the enterprise mobile deployment life cycle, the BYOD, COPE and fully-managed models, and the EMM capability called out. Editable Word and Excel files.
The deployment model decides the risk
BYOD, COPE and fully-managed devices carry very different risk and evidence. 800-124r2 makes that explicit, and this Kit writes the controls so your model choice and its protections line up, instead of applying one policy to devices you do not control.
What one control looks like
This is the threat modeling and risk assessment that anchors your mobile program. All 32 are built to this depth.
MOB-1 Threat modeling and risk assessment for the mobile estate POLICY AND LIFECYCLE
Adopt this control
The [Organization] shall develop threat models and conduct risk assessments that cover mobile devices, mobile applications, wireless communication mechanisms, and the management infrastructure before any solution is deployed. Assessments shall identify resources of interest, feasible threats and vulnerabilities, likelihood, and impact, be refreshed with current threat intelligence, and be repeated periodically as the threat landscape and protected systems evolve.
Practitioner note.
NIST SP 800-124r2 Section 3 and 5.2 recommend threat modeling and periodic risk assessment, referencing the NIST Mobile Threat Catalogue and MITRE Mobile ATT&CK as inputs.
Evidence an assessor examines
- Documented mobile threat model covering device, OS, firmware, apps, networks, and EMM infrastructure
- Risk assessment report scoped to a specific mobile deployment, dated and version controlled
- Threat intelligence sources and the schedule used to refresh the assessment
- Register mapping identified mobile threats to selected mitigating controls
Common finding they raise: Mobile devices are deployed on general enterprise risk assumptions with no device or wireless specific threat model, so mobile attack paths go unaddressed.
Why this is not another template pack
- The evidence is the point. Guidance you cannot evidence is a slide. This tells you exactly what an assessor examines and the finding they raise, for every control.
- Deployment-model aware. BYOD, COPE and fully-managed devices get the right controls, with the privacy tradeoffs of BYOD written in, not a one-size policy.
- Built on a mapped compliance corpus, not one person's opinion, from a graph of thousands of controls across standards.
- It compounds. 800-124r2 maps onto the NIST Cybersecurity Framework and 800-53, so your mobile controls feed a broader security program.
Who buys this
Security and IT teams managing enterprise mobile devices, the leads who own the mobility policy, and consultants standing up an EMM program. Whether it is a first mobile policy or a BYOD rollout, you save weeks and walk in with the controls and evidence ready.
By the end of the weekend you will have
✓ An adopt-ready control for all 32 elements
✓ A completed mobile security control matrix
✓ The evidence an assessor examines
✓ Your deployment models and their controls aligned
✓ A readiness percentage and a fix list
✓ The common findings closed before review
Common questions
Is it really editable? Yes. Word and Excel files you own and adapt. No portal, no subscription.
Does it cover BYOD? Yes. The deployment-models group covers BYOD, COPE and fully-managed devices with the right controls and the BYOD privacy tradeoffs.
Does it require a specific MDM product? No. The controls are written around the EMM capability, so they apply whatever management platform you run.
How does it relate to NIST 800-53? 800-124r2 applies mobile-specific guidance that maps onto 800-53 and the CSF, so this feeds a broader program.
What if it is not for me? A 30-day money-back guarantee.
Do not translate a federal publication by hand.
Every element of 800-124r2 is fast to adopt with the Kit. It is instant, and it is guaranteed.
Add it to your cart and secure your mobile estate this weekend.
Instant digital download · 30-day money-back guarantee · The Art of Service Pty Ltd, GPO Box 2673, Brisbane QLD 4001 · support@theartofservice.com